Argus Asset MCP Tools#

These MCP tools let you retrieve Argus assets and calculate Argus asset statistics from the asset API.

They support three common tasks:

fetch one asset by ID or short name
search assets for a specific asset definition
calculate statistics for assets matching a filter

General Notes#

Use these tools when you want the LLM to retrieve asset data or asset statistics from Argus APIs.
If you ask the LLM to search assets or calculate statistics, it may first use the asset translator tools to construct and validate the request and then use the execution tool to fetch results.
Asset searches and statistics must be scoped to an asset definition. Supported values are HostAsset and QualysHostAsset; the default is HostAsset.
Each asset search call returns only one page of results. It does not automatically fetch additional pages.
When more search results may exist, the response includes pagination metadata under page, such as nextOffset, stop, and reason, which the LLM can use if you ask it to continue.
Search pagination supports 1 to 100 items per page.
Asset statistics responses are scoped trees when grouping is used. Counts and metrics on a child bucket apply only inside the parent bucket path.

Tool: `getAssetByIDOrShortName`#

Purpose

Fetch full details for one Argus asset by ID or short name.

Arguments

Field	Description	Type	Default	Required
`idOrShortName`	The asset ID or short name to fetch.	`string`	None	Yes

Tool: `executeSearchArgusAsset`#

Purpose

Retrieve Argus asset search results for the search criteria the LLM has prepared.

Arguments

Field	Description	Type	Default	Required
`request`	The full asset search definition the LLM builds from your request.	`object`	None	Yes
`assetDefinition`	Asset definition to search. Allowed values: `HostAsset`, `QualysHostAsset`.	`string`	`HostAsset`	Yes

`request` fields#

Field	Description	Type	Default	Required
`customer`	Match assets belonging to any of the specified customers, using customer ID or short name.	`array<string>`	None	No
`idOrShortName`	Match assets by any of the specified asset IDs or short names.	`array<string>`	None	No
`dataSource`	Match assets detected or reported by any of these data sources, using ID or short name.	`array<string>`	None	No
`componentFilter`	Component-based asset filters. Each item targets one component definition.	`array<object>`	None	No
`vulnerabilityFilter`	Vulnerability-based filters, including severity, CIA impact, CVSS, references, IDs, and resolution.	`object`	None	No
`timeFilter`	Time-based narrowing for asset search.	`object`	`{ "timeField": ["lastUpdatedTimestamp"], "startTime": "startOfDay", "endTime": "now", "timeMatchStrategy": "any" }`	No
`keywordFilter`	Keyword-based matching across asset and vulnerability fields.	`object`	None	No
`userFilter`	User or user-group related asset filters.	`object`	None	No
`groupFilter`	Asset group membership filters.	`object`	None	No
`includeFlags`	Asset flags that must all be present. Allowed values: `hasHighVulnerability`, `hasCriticalVulnerability`, `exploitAvailable`.	`array<string>`	None	No
`excludeFlags`	Asset flags that must not be present. Exclusion still applies even if included flags match. Allowed values: `hasHighVulnerability`, `hasCriticalVulnerability`, `exploitAvailable`.	`array<string>`	None	No
`page`	Pagination settings.	`object`	`{ "limit": 25, "offset": 0 }`	No
`sortBy`	Sort order list. Use list order as priority. Prefix with `-` for descending.	`array<string>`	None	No

`request.componentFilter[]` fields#

Field	Description	Type	Default	Required
`componentDefinition`	Component definition ID or name.	`string`	None	No
`value`	Component values to match for the specified component definition. Any listed value may match.	`array<string>`	None	No

`request.vulnerabilityFilter` fields#

Field	Description	Type	Default	Required
`vulnerabilityID`	Vulnerability identifiers affecting the asset.	`array<string>`	None	No
`vulnerabilityReference`	Vulnerability references to match.	`array<string>`	None	No
`vulnerabilityResolution`	Vulnerability resolution states. Allowed values: `unresolved`, `accepted`, `temporarilyAccepted`, `falsePositive`, `serviceNotAvailable`, `noLongerVulnerable`.	`array<string>`	None	No
`vulnerabilitySeverity`	Overall vulnerability risk severity. Allowed values: `unknown`, `low`, `medium`, `high`, `critical`.	`array<string>`	None	No
`confidentiality`	CIA confidentiality impact level. Allowed values: `unknown`, `low`, `medium`, `high`, `critical`. Do not use this as the overall risk severity.	`array<string>`	None	No
`availability`	CIA availability impact level. Allowed values: `unknown`, `low`, `medium`, `high`, `critical`. Do not use this as the overall risk severity.	`array<string>`	None	No
`integrity`	CIA integrity impact level. Allowed values: `unknown`, `low`, `medium`, `high`, `critical`. Do not use this as the overall risk severity.	`array<string>`	None	No
`minimumTotalCVSS`	Match assets whose total vulnerability CVSS score is greater than this value.	`number`	None	No
`maximumTotalCVSS`	Match assets whose total vulnerability CVSS score is less than this value.	`number`	None	No

`request.timeFilter`, `request.keywordFilter`, `request.userFilter`, `request.groupFilter`, and `request.page`#

These nested fields follow the same structure documented in Argus Asset Search Translator MCP Tools.

Usage notes

If your request is a search, the LLM may first use generateArgusAssetSearchQuery to shape and validate the query.
If you want more than one page of results, ask the LLM to continue fetching more pages. The tool itself returns one page at a time.
For descending sorting, the LLM can use a - prefix such as -lastUpdatedTimestamp.
If you want group information in search results, ask for that explicitly so the LLM can enable groupFilter.includeGroupInfo.

Tool: `executeCalculateStatisticsArgusAsset`#

Purpose

Calculate Argus asset statistics for the filters and aggregation instructions the LLM has prepared.

Arguments

Field	Description	Type	Default	Required
`request`	The asset statistics request the LLM builds from your request.	`object`	None	Yes
`assetDefinition`	Asset definition to calculate statistics for. Allowed values: `HostAsset`, `QualysHostAsset`.	`string`	`HostAsset`	Yes

`request` fields#

Field	Description	Type	Default	Required
`filter`	Filters used to choose the asset population before statistics are calculated. It supports the same filter fields as asset search, except pagination and sorting.	`object`	Empty filter with default time range	No
`assetStatistics`	Statistics and aggregations to generate over the filtered assets. At least one output instruction is needed for a meaningful statistics query.	`object`	Empty statistics request	Yes

`request.assetStatistics` fields#

Field	Description	Type	Default	Required
`timeRangeMetrics`	Time-based metrics over filtered assets. Use for requests such as assets created per day or last seen per week.	`array<object>`	None	No
`numericMetrics`	Numeric summary metrics over supported asset fields.	`array<object>`	None	No
`groupBy`	Fields to group statistics by. List order controls the hierarchy.	`array<object>`	None	No

At least one of timeRangeMetrics, numericMetrics, or groupBy should be present.

`request.assetStatistics.timeRangeMetrics[]` fields#

Field	Description	Type	Default	Required
`name`	Unique name for this metric in the statistics request.	`string`	Generated if omitted	No
`timestampField`	Timestamp field used for the metric. Allowed values: `created`, `deleted`, `lastSeen`, `lastUpdated`.	`string`	None	Yes
`resolution`	Time bucket resolution. Allowed values: `hour`, `day`, `week`, `month`, `year`.	`string`	None	No
`includeEmptyBuckets`	Whether empty time buckets should appear in the result.	`boolean`	None	No

`request.assetStatistics.numericMetrics[]` fields#

Field	Description	Type	Default	Required
`numericField`	Numeric asset field to summarize. Allowed values: `vulnerabilities`, `cvss`.	`string`	None	Yes

`request.assetStatistics.groupBy[]` fields#

Field	Description	Type	Default	Required
`field`	Asset field to group by. Allowed values: `customer`, `assetGroup`.	`string`	None	Yes
`limit`	Maximum number of buckets for this group level.	`number`	`25`	No

Usage notes

If your request asks for statistics, the LLM may first use generateArgusAssetStatisticsQuery to shape and validate the query.
The statistics response may be a single root bucket or a hierarchical tree when groupBy is used.
When explaining grouped statistics, the LLM should use the full bucket path from root to leaf.
Empty buckets, rangeMetrics, or statisticsMetrics arrays mean there are no child buckets or metrics at that level.

Argus Asset MCP Tools#

General Notes#

Tool: getAssetByIDOrShortName#

Tool: executeSearchArgusAsset#

request fields#

request.componentFilter[] fields#

request.vulnerabilityFilter fields#

request.timeFilter, request.keywordFilter, request.userFilter, request.groupFilter, and request.page#

Tool: executeCalculateStatisticsArgusAsset#

request fields#

request.assetStatistics fields#

request.assetStatistics.timeRangeMetrics[] fields#

request.assetStatistics.numericMetrics[] fields#

request.assetStatistics.groupBy[] fields#

Tool: `getAssetByIDOrShortName`#

Tool: `executeSearchArgusAsset`#

`request` fields#

`request.componentFilter[]` fields#

`request.vulnerabilityFilter` fields#

`request.timeFilter`, `request.keywordFilter`, `request.userFilter`, `request.groupFilter`, and `request.page`#

Tool: `executeCalculateStatisticsArgusAsset`#

`request` fields#

`request.assetStatistics` fields#

`request.assetStatistics.timeRangeMetrics[]` fields#

`request.assetStatistics.numericMetrics[]` fields#

`request.assetStatistics.groupBy[]` fields#