list_occurrences
Retrieve and filter all instances of a specific security issue by target addresses, tag names, or snoozed status using Intruder MCP server.
Instructions
List all occurrences for a specific issue with optional filters.
Args:
issue_id: The ID of the issue to list occurrences for
target_addresses: Filter by a list of target addresses
tag_names: Filter by a list of tag names
snoozed: Filter by snoozed status (true or false)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| issue_id | Yes | ||
| snoozed | No | ||
| tag_names | No | ||
| target_addresses | No |
Input Schema (JSON Schema)
{
"properties": {
"issue_id": {
"title": "Issue Id",
"type": "integer"
},
"snoozed": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "null"
}
],
"default": null,
"title": "Snoozed"
},
"tag_names": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null,
"title": "Tag Names"
},
"target_addresses": {
"anyOf": [
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "null"
}
],
"default": null,
"title": "Target Addresses"
}
},
"required": [
"issue_id"
],
"title": "list_occurrencesArguments",
"type": "object"
}
Implementation Reference
- intruder_mcp/server.py:100-121 (handler)The primary handler function for the 'list_occurrences' MCP tool. It is registered using the @mcp.tool() decorator and implements the tool logic by fetching occurrences via the IntruderAPI client and formatting the output.@mcp.tool() async def list_occurrences(issue_id: int, target_addresses: Optional[List[str]] = None, tag_names: Optional[List[str]] = None, snoozed: Optional[bool] = None) -> str: """ List all occurrences for a specific issue with optional filters. Args: issue_id: The ID of the issue to list occurrences for target_addresses: Filter by a list of target addresses tag_names: Filter by a list of tag names snoozed: Filter by snoozed status (true or false) """ occurrences = api.get_issue_occurrences_all( issue_id=issue_id, target_addresses=target_addresses, tag_names=tag_names, snoozed=snoozed ) formatted = [f"{occ.id} - {occ.target}:{occ.port}/{occ.protocol}" for occ in occurrences] return "\n".join(formatted)
- intruder_mcp/api_client.py:78-90 (helper)Supporting helper method in IntruderAPI class that retrieves all occurrences for an issue by paginating through the API endpoints. Called directly by the tool handler.def get_issue_occurrences_all(self, issue_id: int, snoozed: Optional[bool] = None, tag_names: Optional[List[str]] = None, target_addresses: Optional[List[str]] = None) -> Generator[Occurrence, None, None]: offset = 0 while True: response = self.get_issue_occurrences(issue_id, snoozed=snoozed, tag_names=tag_names, target_addresses=target_addresses, limit=100, offset=offset) for occurrence in response.results: yield occurrence if not response.next: break offset += len(response.results)
- intruder_mcp/enums.py:164-176 (schema)Pydantic model defining the schema/structure of an Occurrence object, used in the API responses processed by the tool.class Occurrence(BaseModel): id: int target: str port: Optional[Union[str, int]] = None protocol: str extra_info: Optional[Dict[str, str]] = None age: str snoozed: bool snooze_reason: Optional[str] = None snooze_until: Optional[date] = None exploit_likelihood: Union[ExploitLikelihoodEnum, None] cvss_score: Optional[float] = None