Argus Asset MCP Tools¶
These MCP tools let you retrieve Argus assets and calculate Argus asset statistics from the asset API.
They support three common tasks:
- fetch one asset by ID or short name
- search assets for a specific asset definition
- calculate statistics for assets matching a filter
General Notes¶
- Use these tools when you want the LLM to retrieve asset data or asset statistics from Argus APIs.
- If you ask the LLM to search assets or calculate statistics, it may first use the asset translator tools to construct and validate the request and then use the execution tool to fetch results.
- Asset searches and statistics must be scoped to an asset definition. Supported values are
HostAssetandQualysHostAsset; the default isHostAsset. - Each asset search call returns only one page of results. It does not automatically fetch additional pages.
- When more search results may exist, the response includes pagination metadata under
page, such asnextOffset,stop, andreason, which the LLM can use if you ask it to continue. - Search pagination supports
1to100items per page. - Asset statistics responses are scoped trees when grouping is used. Counts and metrics on a child bucket apply only inside the parent bucket path.
Tool: getAssetByIDOrShortName¶
Purpose
Fetch full details for one Argus asset by ID or short name.
Arguments
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
idOrShortName |
The asset ID or short name to fetch. | string |
None | Yes |
Tool: executeSearchArgusAsset¶
Purpose
Retrieve Argus asset search results for the search criteria the LLM has prepared.
Arguments
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
request |
The full asset search definition the LLM builds from your request. | object |
None | Yes |
assetDefinition |
Asset definition to search. Allowed values: HostAsset, QualysHostAsset. |
string |
HostAsset |
Yes |
request fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
customer |
Match assets belonging to any of the specified customers, using customer ID or short name. | array<string> |
None | No |
idOrShortName |
Match assets by any of the specified asset IDs or short names. | array<string> |
None | No |
dataSource |
Match assets detected or reported by any of these data sources, using ID or short name. | array<string> |
None | No |
componentFilter |
Component-based asset filters. Each item targets one component definition. | array<object> |
None | No |
vulnerabilityFilter |
Vulnerability-based filters, including severity, CIA impact, CVSS, references, IDs, and resolution. | object |
None | No |
timeFilter |
Time-based narrowing for asset search. | object |
{ "timeField": ["lastUpdatedTimestamp"], "startTime": "startOfDay", "endTime": "now", "timeMatchStrategy": "any" } |
No |
keywordFilter |
Keyword-based matching across asset and vulnerability fields. | object |
None | No |
userFilter |
User or user-group related asset filters. | object |
None | No |
groupFilter |
Asset group membership filters. | object |
None | No |
includeFlags |
Asset flags that must all be present. Allowed values: hasHighVulnerability, hasCriticalVulnerability, exploitAvailable. |
array<string> |
None | No |
excludeFlags |
Asset flags that must not be present. Exclusion still applies even if included flags match. Allowed values: hasHighVulnerability, hasCriticalVulnerability, exploitAvailable. |
array<string> |
None | No |
page |
Pagination settings. | object |
{ "limit": 25, "offset": 0 } |
No |
sortBy |
Sort order list. Use list order as priority. Prefix with - for descending. |
array<string> |
None | No |
request.componentFilter[] fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
componentDefinition |
Component definition ID or name. | string |
None | No |
value |
Component values to match for the specified component definition. Any listed value may match. | array<string> |
None | No |
request.vulnerabilityFilter fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
vulnerabilityID |
Vulnerability identifiers affecting the asset. | array<string> |
None | No |
vulnerabilityReference |
Vulnerability references to match. | array<string> |
None | No |
vulnerabilityResolution |
Vulnerability resolution states. Allowed values: unresolved, accepted, temporarilyAccepted, falsePositive, serviceNotAvailable, noLongerVulnerable. |
array<string> |
None | No |
vulnerabilitySeverity |
Overall vulnerability risk severity. Allowed values: unknown, low, medium, high, critical. |
array<string> |
None | No |
confidentiality |
CIA confidentiality impact level. Allowed values: unknown, low, medium, high, critical. Do not use this as the overall risk severity. |
array<string> |
None | No |
availability |
CIA availability impact level. Allowed values: unknown, low, medium, high, critical. Do not use this as the overall risk severity. |
array<string> |
None | No |
integrity |
CIA integrity impact level. Allowed values: unknown, low, medium, high, critical. Do not use this as the overall risk severity. |
array<string> |
None | No |
minimumTotalCVSS |
Match assets whose total vulnerability CVSS score is greater than this value. | number |
None | No |
maximumTotalCVSS |
Match assets whose total vulnerability CVSS score is less than this value. | number |
None | No |
request.timeFilter, request.keywordFilter, request.userFilter, request.groupFilter, and request.page¶
These nested fields follow the same structure documented in Argus Asset Search Translator MCP Tools.
Usage notes
- If your request is a search, the LLM may first use
generateArgusAssetSearchQueryto shape and validate the query. - If you want more than one page of results, ask the LLM to continue fetching more pages. The tool itself returns one page at a time.
- For descending sorting, the LLM can use a
-prefix such as-lastUpdatedTimestamp. - If you want group information in search results, ask for that explicitly so the LLM can enable
groupFilter.includeGroupInfo.
Tool: executeCalculateStatisticsArgusAsset¶
Purpose
Calculate Argus asset statistics for the filters and aggregation instructions the LLM has prepared.
Arguments
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
request |
The asset statistics request the LLM builds from your request. | object |
None | Yes |
assetDefinition |
Asset definition to calculate statistics for. Allowed values: HostAsset, QualysHostAsset. |
string |
HostAsset |
Yes |
request fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
filter |
Filters used to choose the asset population before statistics are calculated. It supports the same filter fields as asset search, except pagination and sorting. | object |
Empty filter with default time range | No |
assetStatistics |
Statistics and aggregations to generate over the filtered assets. At least one output instruction is needed for a meaningful statistics query. | object |
Empty statistics request | Yes |
request.assetStatistics fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
timeRangeMetrics |
Time-based metrics over filtered assets. Use for requests such as assets created per day or last seen per week. | array<object> |
None | No |
numericMetrics |
Numeric summary metrics over supported asset fields. | array<object> |
None | No |
groupBy |
Fields to group statistics by. List order controls the hierarchy. | array<object> |
None | No |
At least one of timeRangeMetrics, numericMetrics, or groupBy should be present.
request.assetStatistics.timeRangeMetrics[] fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
name |
Unique name for this metric in the statistics request. | string |
Generated if omitted | No |
timestampField |
Timestamp field used for the metric. Allowed values: created, deleted, lastSeen, lastUpdated. |
string |
None | Yes |
resolution |
Time bucket resolution. Allowed values: hour, day, week, month, year. |
string |
None | No |
includeEmptyBuckets |
Whether empty time buckets should appear in the result. | boolean |
None | No |
request.assetStatistics.numericMetrics[] fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
numericField |
Numeric asset field to summarize. Allowed values: vulnerabilities, cvss. |
string |
None | Yes |
request.assetStatistics.groupBy[] fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
field |
Asset field to group by. Allowed values: customer, assetGroup. |
string |
None | Yes |
limit |
Maximum number of buckets for this group level. | number |
25 |
No |
Usage notes
- If your request asks for statistics, the LLM may first use
generateArgusAssetStatisticsQueryto shape and validate the query. - The statistics response may be a single root bucket or a hierarchical tree when
groupByis used. - When explaining grouped statistics, the LLM should use the full bucket path from root to leaf.
- Empty
buckets,rangeMetrics, orstatisticsMetricsarrays mean there are no child buckets or metrics at that level.