Argus PassiveDNS Search Translator MCP Tools

This document describes the MCP tools available for Argus PassiveDNS search translation.

These tools help users:

• build an Argus PassiveDNS search query payload

• discover valid values for PassiveDNS result sorting

• validate required query input, pagination, and sort fields before retrieving results

General Notes

• Use these tools when you want the LLM to turn your PassiveDNS search intent into a valid search query.

• PassiveDNS records describe DNS observations such as domains, hostnames, IP addresses, record types, TLP markings, and observation counts.

• Describe what you want to find in plain language, and the LLM can use the request fields in this document to build the search.

• If your request involves sorting, the LLM can look up the allowed values before building the query.

• Returned allowed values are case-sensitive, so the LLM should keep them exactly as returned.

• If you want actual search results after building the query, the LLM can then use the PassiveDNS search execution tool with the same search intent.

Tool: generateArgusPassiveDNSSearchQuery

Purpose

Generate an Argus PassiveDNS search query from your search intent. The result is the generated PassiveDNS search JSON.

Arguments

Argument: request

High-level purpose: the full PassiveDNS search definition the LLM builds from your request.

• Type: object

• Required: Yes

• Default: None

request fields

Field	Description	Type	Default	Required
customerID	Limit the search to any of these numeric customer IDs.	array<number>	None	No
query	PassiveDNS query to look up, such as a domain, hostname, or IP address.	string	None	Yes
queryMatchStrategy	How the query should match records. Allowed values: exact, includeSubdomains.	string	exact	No
aggregateResult	Whether matching PassiveDNS records should be aggregated.	boolean	true	No
includeAnonymousResults	Whether anonymous PassiveDNS records should be included.	boolean	true	No
rrClass	Resource record classes to include. Allowed values: in.	array<string>	None	No
rrType	Resource record types to include. Allowed values: a, aaaa, cname, dname, mx, naptr, ns, ptr, rp, soa, srv, txt.	array<string>	None	No
tlp	TLP markings to include. Allowed values: white, green, amber, red.	array<string>	None	No
page	Pagination settings.	object	{ "limit": 25, "offset": 0 }	No
sortBy	Sort order list. Use list order as priority. Prefix with - for descending. When sorting is involved, the LLM can look up the allowed sort values behind the scenes.	array<string>	None	No

request.page fields

Field	Description	Type	Default	Required
limit	Maximum number of items per page. Accepted range: 1 to 100.	number	25	No
offset	Number of items to skip before returning results. Must be 0 or greater.	number	0	No

Usage notes

• PassiveDNS search requires a query.

• queryMatchStrategy defaults to exact matching. Ask for subdomains explicitly if subdomain records should be included.

• Search pagination supports 1 to 100 items per page. Values outside that range will fail.

• For descending sorting, the LLM can use a - prefix such as -lastSeen.

• Sorting values are validated against listArgusPassiveDNSSearchSortBy; unknown values will fail.

Tool: listArgusPassiveDNSSearchSortBy

Purpose

Return the allowed sortBy values for Argus PassiveDNS search.

Arguments

This tool takes no arguments.

Current returned values

rrClass, rrType, customerID, tlp, count, lastSeen, firstSeen, created