search_ip
Check IP addresses for security threats using Kaspersky's threat intelligence database to identify malicious activity and assess risk.
Instructions
Get threat intelligence data about an IP address
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ip | Yes |
Implementation Reference
- opentip-mcp/opentip.py:142-153 (handler)The handler function for the 'search_ip' tool. Validates the input IP address using a regex pattern and makes an asynchronous GET request to the OpenTIP API endpoint for IP search, returning threat intelligence data or an error.async def search_ip(ip: str) -> dict[str, Any] | None: """Get threat intelligence data about an IP address Args: ip: IPv4 address that you want to investigate """ if not ip_pattern.match(ip): return {"result": "error", "error_message": "Invalid IP address format. Please provide a valid IPv4 address."} params = {"request": ip} return await opentip_request(Endpoints.search_ip, "get", params)
- opentip-mcp/opentip.py:134-141 (registration)Registers the 'search_ip' tool with the FastMCP server using the @mcp.tool decorator, providing a description and ToolAnnotations for metadata.@mcp.tool( description="Get threat intelligence data about an IP address", annotations=ToolAnnotations( title="Investigate an IP", readOnlyHint=True, openWorldHint=True, ), )
- opentip-mcp/opentip.py:31-31 (schema)Defines the regex pattern for validating IPv4 addresses, used in the search_ip handler for input validation.ip_pattern = re.compile(r'^(\d{1,3}\.){3}\d{1,3}$')
- opentip-mcp/opentip.py:44-51 (helper)StrEnum defining API endpoints, including 'search_ip' used by the handler to construct the API URL.class Endpoints(StrEnum): search_hash = "search/hash" search_ip = "search/ip" search_domain = "search/domain" search_url = "search/url" analyze_file = "scan/file" get_analysis_results = "getresult/file"