Purple AI MCP Server

Official

Overview Schema Related Servers Score Discussions

list_alerts

List alerts with pagination and filtering by assignment status to manage alert queues, dashboard feeds, or bulk processing workflows.

Instructions

List alerts with pagination and filtering capabilities.

Retrieves a paginated list of alerts with basic filtering by assignment status. For advanced filtering by severity, status, time ranges, etc., use search_alerts instead.

Args: first: Number of alerts to retrieve (1-100, default: 10). after: Pagination cursor from previous response (optional). Use pageInfo.endCursor from previous response to get next page. view_type: Assignment filter with options: - "ALL": Show all alerts (default) - "ASSIGNED_TO_ME": Only alerts assigned to current user - "UNASSIGNED": Only unassigned alerts - "MY_TEAM": Only alerts assigned to user's team fields: Optional JSON string containing an array of field names to return. If not specified, returns all default fields (including dataSources). Use minimal fields like '["id"]' when paging through intermediate results.

        Available fields:
        - Basic: "id", "externalId", "severity", "status", "name", "description"
        - Timing: "detectedAt", "firstSeenAt", "lastSeenAt"
        - Analysis: "analystVerdict", "classification", "confidenceLevel"
        - Context: "noteExists", "result", "storylineId", "ticketId", "dataSources"
        - Nested objects (returns all subfields):
          - "detectionSource" (product, vendor)
          - "asset" (id, name, type)
          - "assignee" (userId, email, fullName)

        IMPORTANT - dataSources field behavior:
        - When fields=None (default): dataSources is INCLUDED automatically
        - When fields is provided: dataSources is ONLY included if explicitly requested
          Example with dataSources: '["id", "severity", "dataSources"]'
          Example without: '["id", "severity"]' (dataSources will be omitted)

        Examples:
        - Minimal for paging: '["id"]'
        - Summary view: '["id", "severity", "status", "name", "detectedAt"]'
        - With dataSources: '["id", "severity", "dataSources"]'
        - Full details: omit fields parameter or pass None

Returns: Paginated alert list in JSON format containing: - edges: Array of alert objects (with requested fields only) - pageInfo: Pagination metadata - hasNextPage: Boolean indicating more results available - hasPreviousPage: Boolean indicating previous page exists - startCursor: Cursor for first item in current page - endCursor: Cursor for last item (use for next page) - totalCount: Total number of matching alerts (if available)

Common Use Cases: - Dashboard alert feeds and overviews - Assignment-based alert distribution - Bulk alert processing workflows - Alert queue management

Pagination Example: 1. Call with first=20 to get first 20 alerts 2. Use pageInfo.endCursor as 'after' parameter for next 20 3. Continue until pageInfo.hasNextPage is false

IMPORTANT Performance Notes: - Cursor pagination is SEQUENTIAL ONLY - you cannot skip to arbitrary positions (e.g., cannot jump directly to "the 1532nd alert") - When paging through many results to reach a specific position, use fields=["id"] for intermediate pages to conserve context window - Use the totalCount field to understand the full result set size

Raises: RuntimeError: If there's an error listing alerts. ValueError: If parameters are invalid.

Input Schema

TableJSON Schema

Name	Required	Default
`first`	No
`after`	No
`view_type`	No	ALL
`fields`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Tool Definition Quality

A4.9/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description fully discloses behavioral traits: pagination mechanism (cursor-based, sequential only), performance notes (use minimal fields for intermediate pages), the conditional inclusion of 'dataSources' based on the 'fields' parameter, and error handling (raises RuntimeError/ValueError). No contradictions exist.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is lengthy but well-organized with sections, bullet points, and examples. Every part adds value, though some redundancy (e.g., repeating 'dataSources' behavior) could be trimmed slightly without losing clarity.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given 4 parameters, no annotations, and an output schema (present but not detailed), the description is exceptionally complete. It covers pagination flow, performance optimization, parameter behavior, return structure, and error cases, leaving no ambiguity for the agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Despite 0% schema description coverage, the description thoroughly explains each parameter: 'first' (range, default), 'after' (pagination cursor usage), 'view_type' (all options detailed), and 'fields' (JSON string, behavior, available fields with examples). This far exceeds the bare schema information.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'List alerts with pagination and filtering capabilities', using a specific verb ('list') and resource ('alerts'). It distinguishes from sibling tools like 'search_alerts' by noting that this tool provides basic filtering, while the sibling handles advanced filtering.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly advises when to use this tool versus 'search_alerts' (e.g., 'For advanced filtering by severity, status, time ranges, etc., use search_alerts instead'). It also lists common use cases (dashboard feeds, assignment-based distribution, bulk processing, queue management), providing clear context for selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sentinel-One/purple-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server