Purple AI MCP Server

Official

Overview Schema Related Servers Score Discussions

search_inventory_items

Search managed assets in SentinelOne using flexible REST API filters. Find computers, servers, cloud resources, and network devices by name, type, status, tags, and more.

Instructions

Search for managed assets in SentinelOne using REST API filters.

Use this tool to find specific SentinelOne managed assets such as computers, servers, workstations, cloud resources, and network devices by various criteria (name, type, status, tags, etc.). Multiple filters are combined with AND logic.

Note: For surface-specific filtering (ENDPOINT, CLOUD, IDENTITY, NETWORK_DISCOVERY), use the list_inventory_items tool instead, which supports surface filtering via GET.

Args: filters: JSON string containing filter dictionary (optional, default: {}). Use REST API filter format with field names in camelCase.

         Standard Filters (exact match - matches ANY value in list):
         - {"resourceType": ["Windows Server", "Linux Server"]}
         - {"assetStatus": ["Active", "Inactive"]}
         - {"category": ["Server", "Workstation"]}
         - {"infectionStatus": ["Infected", "Clean"]}

         Contains Filters (partial match - case-insensitive):
         - {"name__contains": ["prod", "test"]}
         - {"cloudProviderAccountName__contains": ["production"]}
         - {"osName__contains": ["Windows", "Ubuntu"]}

         Range Filters (date ranges - use ISO date strings or millisecond timestamps):
         - {"lastActiveDt__between": {"from": "2024-01-01", "to": "2024-12-31"}}
         - {"lastActiveDt__between": {"from": 1704067200000, "to": 1735689599000}}

         IMPORTANT: All datetimes in the Inventory API are in UTC timezone.
         For timestamp-based date filters, you can use the iso_to_unix_timestamp tool
         to convert ISO 8601 datetime strings to UNIX timestamps in milliseconds (UTC).

         The iso_to_unix_timestamp tool handles timezone conversion automatically.
         Provide datetimes in the user's preferred timezone (e.g., "2024-01-01T00:00:00-05:00" for Eastern Time)
         and the tool will convert to UTC milliseconds for the API.

         Example workflow for timestamp filters:
         1. Call iso_to_unix_timestamp("2024-01-01T00:00:00-05:00") -> returns "1704085200000" (UTC)
         2. Use in filter: {"lastActiveDt__between": {"from": 1704085200000, "to": 1735693199000}}

         ID Filters (exact ID matches):
         - {"id__in": ["uuid1", "uuid2", "uuid3"]}

         Negation Filters (exclude values):
         - {"assetStatus__nin": ["Decommissioned"]}
         - {"resourceType__nin": ["Unknown"]}

         Combining Filters (AND logic - all must match):
         - {"resourceType": ["Windows Server"], "assetStatus": ["Active"], "name__contains": ["prod"]}

         Common Examples:
         - Find production servers: {"name__contains": ["prod"], "resourceType": ["Windows Server", "Linux Server"]}
         - Find active AWS instances: {"cloudProvider": ["AWS"], "assetStatus": ["Active"]}
         - Find recently active endpoints: {"lastActiveDt__between": {"from": "2024-12-01", "to": "2024-12-31"}}

limit: Number of items to retrieve (1-1000, default: 50).
skip: Number of items to skip for pagination (default: 0).

Returns: Filtered list of inventory items in JSON format with pagination info. Returns empty list if no matches found.

Raises: ValueError: If filters JSON is invalid or parameters are out of range. InventoryAuthenticationError: If authentication fails. InventoryNetworkError: If network operation fails. InventoryAPIError: If the API returns an error. InventoryClientError: For other client-level errors.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`filters`	No
`limit`	No
`skip`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Tool Definition Quality

A4.7/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Without annotations, description details filter logic (AND), raises specific exceptions, notes UTC timezone, and mentions output format. Could be more explicit about being read-only, but overall good disclosure.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with sections, sub-bullets for filter types, and front-loaded purpose. Some verbosity but every part adds value. Could be slightly more concise but effective.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Comprehensive given complexity: covers all parameters, exceptions, returns, and cross-references sibling tool and timezone conversion. Output schema exists so return details are sufficient.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, so description compensates fully. The filters parameter is extensively documented with multiple examples and syntax explanation. limit and skip are clearly defined with ranges and defaults.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Clearly states the tool searches for managed assets in SentinelOne using REST API filters. Distinguishes from sibling list_inventory_items by noting surface-specific filtering is done by that tool.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use this tool vs list_inventory_items for surface-specific filtering. Provides comprehensive filter examples and a workflow for timestamp conversion, guiding correct usage.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Sentinel-One/purple-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server