Skip to main content
Glama

Threat.Zone MCP Server

by threat-zone
GPL 3.0
14
  • Apple
  • Linux

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
THREATZONE_API_KEYYesYour Threat.Zone API key
THREATZONE_API_URLNoCustom API URL for private tenants or on-premise deploymentshttps://app.threat.zone

Schema

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Tools

Functions exposed to the LLM to take actions

NameDescription
get_metafields

Get available metafields for scan configuration.

get_levels

Get threat levels used in analysis results.

get_statuses

Get submission statuses.

get_sample_metafield

Get sample metafield configuration for sandbox analysis.

interpret_status

Interpret a numeric status value from submission results.

Args: status_value: Numeric status value (1-5)

Returns: Human-readable status description

interpret_threat_level

Interpret a numeric threat level value from analysis results.

Args: level_value: Numeric threat level (0-3)

Returns: Human-readable threat level description

get_submission_status_summary

Get submission details with interpreted status and threat level.

Args: uuid: Submission UUID

Returns: Submission details with human-readable status and threat level

get_user_info

Get current user information, workspace details, and usage limits.

get_server_config

Get current server configuration including API URL and connection status.

Returns: Configuration details including API URL, version, and status

scan_url

Analyze a URL for threats and malicious content.

Args: url: The URL to analyze is_public: Whether the scan results should be public

scan_file_sandbox

Submit a file for advanced sandbox analysis with detailed configuration.

Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) environment: Analysis environment - w7_x64, w10_x64, w11_x64, macos, android, linux (default: w10_x64) timeout: Analysis timeout in seconds - 60, 120, 180, 240, 300 (default: 180) work_path: Working directory - desktop, root, %AppData%, windows, temp (default: desktop) mouse_simulation: Enable mouse simulation (default: True) https_inspection: Enable HTTPS inspection (default: False) internet_connection: Enable internet connection (default: False) raw_logs: Include raw logs (default: False) snapshot: Take VM snapshots (default: False) sleep_evasion: Enable sleep evasion techniques (default: False) smart_tracing: Enable smart tracing (default: False) dump_collector: Enable dump collection (default: False) open_in_browser: Open files in browser (default: False) extension_check: Perform extension check (default: True) modules: Analysis modules to use, e.g., ["csi", "cdr"] (default: None) auto_config: Use automatic configuration (default: False)

scan_file_sandbox_simple

Submit a file for simple sandbox analysis using default settings.

This is a simplified version of scan_file_sandbox with default configurations. Use scan_file_sandbox for advanced configuration options.

Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)

scan_file_static

Submit a file for static analysis.

Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)

scan_file_cdr

Submit a file for CDR (Content Disarm and Reconstruction) processing.

Args: file_path: Path to the file to process is_public: Whether the scan results should be public entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)

get_submission

Get submission details by UUID.

Args: uuid: Submission UUID

get_submission_indicators

Get all indicators for a specific submission.

Args: uuid: Submission UUID

get_submission_iocs

Get all Indicators of Compromise for a specific submission.

Args: uuid: Submission UUID

get_submission_yara_rules

Get all matched YARA rules for a specific submission.

Args: uuid: Submission UUID

get_submission_varist_results

Get Varist Hybrid Analyzer results for a specific submission.

Args: uuid: Submission UUID

get_submission_artifacts

Get all artifacts for a specific submission.

Args: uuid: Submission UUID

get_submission_config_extractor

Get all extracted configurations for a specific submission.

Args: uuid: Submission UUID

get_submission_dns

Get all DNS queries for a specific submission.

Args: uuid: Submission UUID

get_submission_http

Get all HTTP requests and packets for a specific submission.

Args: uuid: Submission UUID

get_submission_tcp

Get all TCP requests and packets for a specific submission.

Args: uuid: Submission UUID

get_submission_udp

Get all UDP requests and packets for a specific submission.

Args: uuid: Submission UUID

get_submission_network_threats

Get all network threats for a specific submission.

Args: uuid: Submission UUID

get_my_submissions

Get user's submissions with pagination.

Args: page: Page number (default: 1) jump: Number of items per page (default: 10)

get_public_submissions

Get public submissions with pagination.

Args: page: Page number (default: 1) jump: Number of items per page (default: 10)

search_by_hash

Search submissions by file hash (MD5, SHA1, or SHA256).

Args: hash: File hash to search for page: Page number (default: 1) jump: Number of items per page (default: 10)

download_sanitized_file

Download the CDR-sanitized file for a given submission UUID.

Args: uuid: Submission UUID

Returns: Base64-encoded file content

download_html_report

Download HTML analysis report for a submission.

Args: uuid: Submission UUID

Returns: HTML report content

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/threat-zone/threatzonemcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server