mcp-cti

mcp-cti

3.4

If you are the rightful owner of mcp-cti and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

An MCP server for accessing AlienVault Open Threat Exchange (OTX) threat intelligence directly in Claude.

The OTX-CTI MCP Server connects to AlienVault's OTX DirectConnect API, enabling the Claude for desktop client to search, retrieve, and analyze cyber threat intelligence data. By installing this MCP server, users gain access to the most recent threat data, including threat intelligence pulses, indicators of compromise (IOCs), malicious IP addresses, domains, URLs, malware file hashes, and threat actor information. This server facilitates interaction with the OTX API using natural language prompting via Claude, providing real-time threat intelligence from AlienVault OTX's global community. It also offers comprehensive IOC analysis, threat actor profiling, and optimized performance with local caching of API responses. Built with modern async Python, the server efficiently handles API requests, making it a powerful tool for cybersecurity professionals seeking to enhance their threat intelligence capabilities.

Features

  • Real-time Threat Intelligence: Access the latest threat data from AlienVault OTX's global community.
  • Comprehensive IOC Analysis: Check if IPs, domains, URLs, or file hashes are known to be malicious.
  • Threat Actor Profiling: Retrieve information about known threat actors and their activities.
  • Cached Results: Optimized performance with local caching of API responses.
  • Asynchronous API: Built with modern async Python for efficient handling of API requests.

Tools

  1. search_pulses

    Search for threat intelligence pulses in OTX.

  2. get_recent_pulses

    Get recent threat intelligence pulses.

  3. get_pulse_details

    Get detailed information about a specific pulse.

  4. get_pulse_indicators

    Get indicators of compromise (IOCs) from a specific pulse.

  5. get_indicator_details

    Get detailed information about a specific indicator.

  6. check_indicator_malicious

    Check if an indicator is known to be malicious.

  7. get_threat_actor

    Get information about a specific threat actor.