Argus Analysis Filter MCP Tools#

These MCP tools let you retrieve Argus analysis filters from the event filter API.

They support two common tasks:

  • fetch one analysis filter by ID

  • search analysis filters using a structured request

General Notes#

  • Use these tools when you want the LLM to retrieve analysis filter data from Argus APIs.

  • If you ask the LLM to search analysis filters, it may first use the analysis filter search translator tools to construct and validate the search request and then use the search tool to fetch results.

  • Each search tool call returns only one page of results. It does not automatically fetch additional pages.

  • When more results may exist, the response includes pagination metadata under page, such as nextOffset, stop, and reason, which the LLM can use if you ask it to continue.

  • Search pagination supports 1 to 100 items per page.

  • If sorting is involved, the LLM can use the analysis filter search translator tools to look up valid sort values before retrieving results.

Tool: getAnalysisFilterByID#

Purpose

Fetch full details for one Argus analysis filter by ID. The response includes statement details and trigger code for the detection rule.

Arguments

Field

Description

Type

Default

Required

id

The analysis filter ID to fetch.

number

None

Yes

Tool: executeSearchArgusAnalysisFilter#

Purpose

Retrieve Argus analysis filter search results for the search criteria the LLM has prepared.

Arguments

Field

Description

Type

Default

Required

request

The full analysis filter search definition the LLM builds from your request.

object

None

Yes

request fields#

Field

Description

Type

Default

Required

filterID

Match analysis filters by any of these filter IDs.

array<number>

None

No

customer

Match analysis filters belonging to any of the specified customers, using customer ID or short name.

array<string>

None

No

includeAscendingCustomer

When customer filtering is used, also include parent customers.

boolean

false

No

includeDescendingCustomer

When customer filtering is used, also include child customers.

boolean

true

No

includeFilterFlag

Analysis filter flags that must all be present. Allowed values: enabled, controlled, defaultAggregate, skipNewEvent.

array<string>

None

No

excludeFilterFlag

Analysis filter flags that must not be present. Exclusion still applies even if included flags match. Allowed values: enabled, controlled, defaultAggregate, skipNewEvent.

array<string>

None

No

keywordFilter

Keyword-based matching across analysis filter fields.

object

None

No

timeFilter

Time-based narrowing for analysis filter search.

object

None

No

includeCode

Whether statement and trigger code should be included in the result objects.

boolean

false

No

page

Pagination settings.

object

{ "limit": 25, "offset": 0 }

No

sortBy

Sort order list. Use list order as priority. Prefix with - for descending.

array<string>

None

No

request.keywordFilter fields#

Field

Description

Type

Default

Required

keywords

Search terms to match.

array<string>

None

No

keywordField

Which analysis filter keyword fields to search. Allowed values: id, name, description, label, preStatement1, preStatement2, statementCode, triggerCode, all.

array<string>

["all"]

No

keywordMatch

How to evaluate multiple keywords. Allowed values: any, all. Required when keywords are present.

string

all

No

request.timeFilter fields#

Field

Description

Type

Default

Required

timeField

Which analysis filter time field(s) the range applies to. Allowed values: created, lastUpdated, all.

array<string>

["lastUpdated"]

No

startTime

Start of the time range. Accepts epoch millis as string, ISO-8601 UTC, or relative expressions such as startOfDay - 1 day.

string

None

No

endTime

End of the time range. Accepts epoch millis as string, ISO-8601 UTC, or relative expressions such as now.

string

now

No

timeMatchStrategy

How to evaluate multiple timeField values. Allowed values: any, all. Mainly relevant when more than one time field is provided.

string

any

No

request.page fields#

Field

Description

Type

Default

Required

limit

Maximum number of items per page. Accepted range: 1 to 100.

number

25

No

offset

Number of items to skip before returning results. Must be 0 or greater.

number

0

No

Usage notes

  • If your request is a search, the LLM may first use generateArgusAnalysisFilterSearchQuery to shape and validate the query.

  • If you want statement and trigger code included in the results, ask for that explicitly so the LLM can enable includeCode.

  • If you want more than one page of results, ask the LLM to continue fetching more pages. The tool itself returns one page at a time.

  • For descending sorting, the LLM can use a - prefix such as -lastUpdated.

  • To search any statement text, the LLM can use preStatement1, preStatement2, and statementCode together.