Argus PassiveDNS Search Translator MCP Tools¶
This document describes the MCP tools available for Argus PassiveDNS search translation.
These tools help users:
- build an Argus PassiveDNS search query payload
- discover valid values for PassiveDNS result sorting
- validate required query input, pagination, and sort fields before retrieving results
General Notes¶
- Use these tools when you want the LLM to turn your PassiveDNS search intent into a valid search query.
- PassiveDNS records describe DNS observations such as domains, hostnames, IP addresses, record types, TLP markings, and observation counts.
- Describe what you want to find in plain language, and the LLM can use the request fields in this document to build the search.
- If your request involves sorting, the LLM can look up the allowed values before building the query.
- Returned allowed values are case-sensitive, so the LLM should keep them exactly as returned.
- If you want actual search results after building the query, the LLM can then use the PassiveDNS search execution tool with the same search intent.
Tool: generateArgusPassiveDNSSearchQuery¶
Purpose
Generate an Argus PassiveDNS search query from your search intent. The result is the generated PassiveDNS search JSON.
Arguments
Argument: request¶
High-level purpose: the full PassiveDNS search definition the LLM builds from your request.
- Type:
object - Required: Yes
- Default: None
request fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
customerID |
Limit the search to any of these numeric customer IDs. | array<number> |
None | No |
query |
PassiveDNS query to look up, such as a domain, hostname, or IP address. | string |
None | Yes |
queryMatchStrategy |
How the query should match records. Allowed values: exact, includeSubdomains. |
string |
exact |
No |
aggregateResult |
Whether matching PassiveDNS records should be aggregated. | boolean |
true |
No |
includeAnonymousResults |
Whether anonymous PassiveDNS records should be included. | boolean |
true |
No |
rrClass |
Resource record classes to include. Allowed values: in. |
array<string> |
None | No |
rrType |
Resource record types to include. Allowed values: a, aaaa, cname, dname, mx, naptr, ns, ptr, rp, soa, srv, txt. |
array<string> |
None | No |
tlp |
TLP markings to include. Allowed values: white, green, amber, red. |
array<string> |
None | No |
page |
Pagination settings. | object |
{ "limit": 25, "offset": 0 } |
No |
sortBy |
Sort order list. Use list order as priority. Prefix with - for descending. When sorting is involved, the LLM can look up the allowed sort values behind the scenes. |
array<string> |
None | No |
request.page fields¶
| Field | Description | Type | Default | Required |
|---|---|---|---|---|
limit |
Maximum number of items per page. Accepted range: 1 to 100. |
number |
25 |
No |
offset |
Number of items to skip before returning results. Must be 0 or greater. |
number |
0 |
No |
Usage notes
- PassiveDNS search requires a
query. queryMatchStrategydefaults to exact matching. Ask for subdomains explicitly if subdomain records should be included.- Search pagination supports
1to100items per page. Values outside that range will fail. - For descending sorting, the LLM can use a
-prefix such as-lastSeen. - Sorting values are validated against
listArgusPassiveDNSSearchSortBy; unknown values will fail.
Tool: listArgusPassiveDNSSearchSortBy¶
Purpose
Return the allowed sortBy values for Argus PassiveDNS search.
Arguments
This tool takes no arguments.
Current returned values
rrClass, rrType, customerID, tlp, count, lastSeen, firstSeen, created