search

MCP Tools Reference

Complete reference for all MCP tools available in the Qpoint integration. Use these tools through your MCP client (Claude Desktop, Cursor, etc.) by asking natural language questions—the AI assistant translates your queries into the appropriate tool calls.

hashtag
Common Parameters

All tools share these common input formats:

hashtag
Timestamps

Use RFC 3339 format for time parameters:

2026-02-12T10:30:00Z

  • startTimestamp defaults to 24 hours ago

  • endTimestamp defaults to now

hashtag
Granularity

For time-series data, specify aggregation granularity:

  • minute — per-minute resolution

  • 5minutes — 5-minute buckets

  • 15minutes — 15-minute buckets

  • hour — hourly aggregation

  • day — daily aggregation

  • week — weekly aggregation

  • month — monthly aggregation

  • year — yearly aggregation

If omitted, granularity is auto-detected based on the time range.

hashtag
Tags

Key-value metadata in key:value format:

Use key: (with colon, no value) to match any resource with that tag key.

hashtag
Labels

Simple string identifiers for filtering:

hashtag
Connections

Network connections observed by Qtap. Each connection represents a TCP session between your application and an external endpoint.

hashtag
Available Tools

Tool
Description

count_connections

Total connection count

list_connections

List individual connections

get_connection

Get a specific connection by ID

histogram_connections

Connection counts over time

connection_frequency

Most frequent connection patterns

connection_endpoints

Endpoints by connection count

connection_attr_vals

Distinct values for a field

connection_tags

Available tag keys

connection_tag_vals

Values for a specific tag

hashtag
Fields

Field
Description

connectionId

Unique connection identifier

endpointId

Destination domain (e.g., api.example.com)

direction

egress-external, egress-internal, or ingress

timestamp

Connection start time

finalized

Whether the connection is complete

tags[]

Key-value metadata

labels[]

String labels

sourceAddress

Origin IP address

sourcePort

Origin port

sourceExe

Path to the executable

sourceHostname

Hostname of the source machine

sourceSystemUserId

UID of the process owner

destinationAddress

Peer endpoint IP

destinationPort

Peer endpoint port

bytesSent

Bytes sent

bytesReceived

Bytes received

tlsVersion

TLS version used

tlsProbeIntrospected

Whether TLS was successfully hooked

tlsProbeTypesDetected[]

TLS libraries detected (openssl, gotls, etc.)

qpointAgent

Agent identifier

instanceId

Instance identifier

qpointHostname

Agent hostname

hashtag
Filter Fields

Exact match: endpointId, connectionId, direction, qpointAgent, sourceAddress, sourcePort, sourceExe, sourceHostname, destinationAddress, destinationPort, tlsVersion

Fuzzy search: endpointIsh (substring match on endpoint)

hashtag
Example Queries

"List all connections to stripe.com in the last hour"

"How many connections used TLS 1.2 yesterday?"

"Show connections from executable /usr/bin/curl"

"What endpoints did hostname prod-server-01 connect to?"

hashtag
Requests

Individual HTTP requests observed within connections. Provides detailed request/response information including methods, paths, status codes, and timing.

hashtag
Available Tools

Tool
Description

count_requests

Total request count

list_requests

List individual requests

get_request

Get a specific request by ID

histogram_requests

Request counts over time

request_frequency

Most frequent request patterns

request_endpoints

Endpoints by request count

request_attr_vals

Distinct values for a field

request_tags

Available tag keys

request_tag_vals

Values for a specific tag

request_duration_aggregate

Avg/min/max duration statistics

request_duration_line

Duration metrics over time

request_tag_count

Count distinct tag value occurrences

request_tag_line

Tag value trends over time

hashtag
Fields

Field
Description

requestId

Unique request identifier

connectionId

Parent connection ID

endpointId

Destination domain

vendorId

Vendor identifier

direction

Traffic direction

timestamp

Request time

url

Full request URL

path

URL path

method

HTTP method (GET, POST, etc.)

status

HTTP status code

duration

Request duration in microseconds

contentType

Response content type

category

Request category

agent

User agent string

tags[]

Key-value metadata

authTokenMask

Masked auth token

authTokenHash

Auth token hash

authTokenSource

Where auth token was found

authTokenType

Type of auth token

bytesSent

Request body size

bytesReceived

Response body size

hashtag
Filter Fields

Exact match: endpointId, connectionId, vendorId, direction, method, path, contentType, agent, status, authTokenMask, authTokenHash, authTokenSource, authTokenType, dataType

Fuzzy search: endpointIsh, vendorIsh, pathIsh

hashtag
Example Queries

"Show me all POST requests to api.example.com/v1/payments"

"What requests returned 500 errors today?"

"List requests with content-type application/json"

"Which API paths have the highest request volume?"

hashtag
Traffic

Aggregated traffic metrics across connections, requests, and issues. Provides high-level counts, performance, availability, and bandwidth metrics with breakdowns by location and geography.

hashtag
Available Tools

Counts & Summaries:

Tool
Description

traffic_count

Total traffic count

traffic_duration

Traffic duration statistics

traffic_availability

Availability metrics

traffic_summary

Overall traffic summary

traffic_summary_performance

Performance summary

traffic_summary_availability

Availability summary

traffic_summary_bandwidth

Bandwidth summary

Time Series:

Tool
Description

traffic_line

Traffic metrics over time

traffic_line_performance

Performance metrics over time

traffic_line_availability

Availability metrics over time

traffic_line_bandwidth

Bandwidth metrics over time

Location & Geographic:

Tool
Description

traffic_locations

Traffic breakdown by location

traffic_locations_performance

Performance by location

traffic_locations_availability

Availability by location

traffic_locations_bandwidth

Bandwidth by location

traffic_geo_countries

Traffic by country

traffic_geo_regions

Traffic by region

traffic_geo_cities

Traffic by city

hashtag
Time-Series Group Values

Performance metrics: connections_per_second, connections_per_minute, requests_per_second, requests_per_minute, avg_duration, max_duration, p_99_duration, p_95_duration, p_50_duration

Availability metrics: connections, requests, issues, issues_per_second, issues_per_minute, avg_availability, p_99_availability, p_95_availability

Bandwidth metrics: total_bandwidth, total_bytes_received, total_bytes_sent, bytes_received_per_second, bytes_sent_per_second, bytes_received_per_minute, bytes_sent_per_minute, p_99_bytes_received, p_99_bytes_sent, max_bytes_received, max_bytes_sent

hashtag
Filter Fields

Combines connection, request, and issue filters:

Exact match: endpointId, vendorId, connectionId, direction, qpointAgent, sourceAddress, sourcePort, sourceExe, sourceHostname, destinationAddress, destinationPort, tlsVersion, method, path, contentType, agent, status, authTokenMask, authTokenHash, authTokenSource, authTokenType, dataType, error, mitigated

Fuzzy search: endpointIsh, vendorIsh, pathIsh, errorIsh

hashtag
Example Queries

"Give me a traffic summary for the past week"

"Show requests per minute for api.stripe.com over the last 24 hours"

"What's the p95 latency for the /api/checkout endpoint?"

"Which countries is my API traffic going to?"

"Compare bandwidth usage between staging and production"

hashtag
Issues

API issues detected by policy rules—schema violations, auth failures, rate limits, errors, and more.

hashtag
Available Tools

Tool
Description

count_issues

Total issue count

list_issues

List individual issues

histogram_issues

Issue counts over time

issue_frequency

Most frequent issue patterns

issue_endpoints

Endpoints by issue count

issue_errors

Error types and counts

issue_attr_vals

Distinct values for a field

hashtag
Fields

Field
Description

timestamp

When the issue was detected

connectionId

Parent connection ID

endpointId

Destination domain

vendorId

Vendor identifier

requestId

Associated request ID

direction

Traffic direction

error

Error message

url

Full request URL

path

URL path

method

HTTP method

status

HTTP status code

mitigated

Whether the issue was mitigated

tags[]

Key-value metadata

triggerConditions[]

Conditions that triggered the issue

triggerReasons[]

Reasons for the trigger

hashtag
Filter Fields

Exact match: endpointId, vendorId, connectionId, direction, method, status, path, error, mitigated

Fuzzy search: endpointIsh, vendorIsh, pathIsh, errorIsh

hashtag
Example Queries

"How many 500 errors occurred today?"

"Show me all rate limit issues (429 status) from the past week"

"Which endpoints have the most authentication failures?"

"List unmitigated issues for api.example.com"

"What error types are we seeing on the payments endpoint?"

hashtag
PII

Personally Identifiable Information detected in API traffic. Identifies sensitive data exposure including emails, phone numbers, credit cards, and more.

hashtag
Available Tools

Tool
Description

count_pii

Total PII detection count

pii_summary

Summary of PII types detected

histogram_pii

PII detections over time

pii_frequency

Most frequent PII patterns

pii_attr_vals

Distinct values for a field

hashtag
Fields

Field
Description

entityType

Type of PII (email, phone_number, credit_card, etc.)

score

Confidence score of the detection

endpointId

Destination domain

vendorId

Vendor identifier

connectionId

Parent connection ID

direction

Traffic direction

hashtag
Filter Fields

Exact match: endpointId, vendorId, connectionId, direction, entityType, score

Fuzzy search: endpointIsh, vendorIsh

hashtag
Example Queries

"Is there any PII detected in outbound traffic?"

"Show me all credit card detections from the past week"

"Which endpoints have the most PII exposure?"

"List high-confidence (score > 0.9) email detections"

"How many phone numbers were detected in traffic to third-party APIs?"

hashtag
Tips for Effective Querying

hashtag
Use limit for Large Results

List operations return full objects and can be large. Use limit to control result size:

"List the last 10 requests to stripe.com"

hashtag
Start with Counts

Before listing detailed records, get a count to understand the volume:

"How many connections to api.example.com occurred today?"

Then refine:

"List the 20 most recent connections to api.example.com"

hashtag
Use attr_vals for Discovery

Find what values exist for a field before filtering:

"What unique endpoints have connections?"

"What HTTP methods are being used?"

hashtag
Combine Filters

Narrow results by combining multiple criteria:

"Show POST requests to /api/payments that returned 500 errors in the last hour"

hashtag
Leverage Fuzzy Search

Use *Ish filters when you don't know the exact value:

"Find traffic to endpoints containing 'stripe'"

Uses endpointIsh for substring matching.

hashtag
Time Range Best Practices

  • Be specific: "in the last hour" vs "recently"

  • Use relative ranges for recent data: "today", "yesterday", "past week"

  • Use absolute timestamps for precise investigation: "between 2pm and 3pm on February 15th"

PreviousMCP Getting StartedNextGitOps Configuration Management

Last updated