Query threat intelligence and trace incidents for faster security triage automation.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "cti-mcp-server" yet — see the docs or source repo.
Use cti-mcp-server to look up threat intelligence for IP 8.8.8.8. Return reputation, geolocation, related tags, and handling recommendations.
A concise intelligence summary for the IP, including risk assessment, context, and recommended actions.
Use cti-mcp-server to backtrack this IoC: malicious-example.com. Find related events, linked indicators, and timeline details, then summarize the likely attack path.
An incident timeline, related IoC list, and a brief analysis of the likely attack chain.
Use cti-mcp-server to batch query the following alert evidence: IPs, domains, and file hashes. Classify each as high, medium, or low risk and explain the reasoning.
A structured triage report with risk levels, matched intelligence, and response priorities.
Investigate threat indicators via urlscan and VirusTotal with compact structured results.
Analyze PCAPs offline to extract streams, detect threats, and find leaked credentials.
Analyze MCP tool security risks, detect malicious behavior, and provide risk scores.
Query vulnerability intelligence, risk scores, and attack-surface data for security decisions.
Search MISP threat intelligence events, attributes, tags, and galaxies in natural language.
Search vulnerability intelligence, assess exploit risk, and check malicious IP reputation.