list_occurrences
Retrieve and filter occurrences for a specific issue by target addresses, tags, or snoozed status to analyze security findings.
Instructions
List all occurrences for a specific issue with optional filters.
Args:
issue_id: The ID of the issue to list occurrences for
target_addresses: Filter by a list of target addresses
tag_names: Filter by a list of tag names
snoozed: Filter by snoozed status (true or false)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| issue_id | Yes | ||
| target_addresses | No | ||
| tag_names | No | ||
| snoozed | No |
Implementation Reference
- intruder_mcp/server.py:100-121 (handler)The main tool handler function for 'list_occurrences', decorated with @mcp.tool() for registration. It retrieves all occurrences for a given issue using the API client and formats them as a string.@mcp.tool() async def list_occurrences(issue_id: int, target_addresses: Optional[List[str]] = None, tag_names: Optional[List[str]] = None, snoozed: Optional[bool] = None) -> str: """ List all occurrences for a specific issue with optional filters. Args: issue_id: The ID of the issue to list occurrences for target_addresses: Filter by a list of target addresses tag_names: Filter by a list of tag names snoozed: Filter by snoozed status (true or false) """ occurrences = api.get_issue_occurrences_all( issue_id=issue_id, target_addresses=target_addresses, tag_names=tag_names, snoozed=snoozed ) formatted = [f"{occ.id} - {occ.target}:{occ.port}/{occ.protocol}" for occ in occurrences] return "\n".join(formatted)
- intruder_mcp/api_client.py:78-90 (helper)The API client method that implements pagination to fetch all occurrences for an issue, called by the tool handler.def get_issue_occurrences_all(self, issue_id: int, snoozed: Optional[bool] = None, tag_names: Optional[List[str]] = None, target_addresses: Optional[List[str]] = None) -> Generator[Occurrence, None, None]: offset = 0 while True: response = self.get_issue_occurrences(issue_id, snoozed=snoozed, tag_names=tag_names, target_addresses=target_addresses, limit=100, offset=offset) for occurrence in response.results: yield occurrence if not response.next: break offset += len(response.results)
- intruder_mcp/enums.py:164-176 (schema)Pydantic model defining the structure of an Occurrence object, which is used in the data fetched and formatted by the tool.class Occurrence(BaseModel): id: int target: str port: Optional[Union[str, int]] = None protocol: str extra_info: Optional[Dict[str, str]] = None age: str snoozed: bool snooze_reason: Optional[str] = None snooze_until: Optional[date] = None exploit_likelihood: Union[ExploitLikelihoodEnum, None] cvss_score: Optional[float] = None