MEOK DORA Tlpt Planner MCP

Overview Schema Related Servers Score Discussions

threat_intel_brief

Generate a Targeted Threat Intelligence brief template compliant with TIBER-EU v2.0. Use this scaffold to brief a threat-intel provider on critical functions and geographic footprint.

Instructions

Generate a Targeted Threat Intelligence (TTI) brief template per ECB TIBER-EU v2.0.

This is a SCAFFOLD. Real TTI must be authored by an accredited threat-intel provider with current intelligence feeds. Use this template to brief them.

Args: entity_name: Legal name of the financial entity. entity_sector: One of retail-banking, wholesale-banking, insurance, asset-management, market-infrastructure, payments, e-money. geographic_footprint: List of country codes where entity operates (e.g., ["DE", "NL", "IE"]). critical_functions: List of critical functions for which threats must be modelled.

Returns: TTI template with sections aligned to TIBER-EU + ECB standards.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`entity_name`	Yes
`entity_sector`	Yes
`geographic_footprint`	Yes
`critical_functions`	Yes

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Implementation Reference

meok_dora_tlpt_planner/server.py:206-255 (handler)

The 'threat_intel_brief' tool handler function. Uses FastMCP @mcp.tool() decorator. Takes entity_name, entity_sector, geographic_footprint, critical_functions and returns a dict with entity profile, TTI required sections, threat actor selection rationale, delivery requirements, and downstream use instructions.

@mcp.tool()
def threat_intel_brief(
    entity_name: str,
    entity_sector: str,
    geographic_footprint: list[str],
    critical_functions: list[str],
) -> dict[str, Any]:
    """Generate a Targeted Threat Intelligence (TTI) brief template per ECB TIBER-EU v2.0.

    This is a SCAFFOLD. Real TTI must be authored by an accredited threat-intel
    provider with current intelligence feeds. Use this template to brief them.

    Args:
        entity_name: Legal name of the financial entity.
        entity_sector: One of retail-banking, wholesale-banking, insurance, asset-management,
            market-infrastructure, payments, e-money.
        geographic_footprint: List of country codes where entity operates (e.g., ["DE", "NL", "IE"]).
        critical_functions: List of critical functions for which threats must be modelled.

    Returns:
        TTI template with sections aligned to TIBER-EU + ECB standards.
    """
    return {
        "tti_brief_type": "DORA Art. 26 / TIBER-EU v2.0 compliant scaffold",
        "entity_profile": {
            "name": entity_name,
            "sector": entity_sector,
            "geographic_footprint": geographic_footprint,
            "critical_functions": critical_functions,
        },
        "required_sections": TTI_FIELDS,
        "minimum_threat_actor_count": 3,
        "threat_actor_selection_rationale": [
            "At least 1 nation-state actor relevant to entity geography (e.g., APT28, Lazarus)",
            "At least 1 financially-motivated group (e.g., FIN7, Cl0p, BlackBasta)",
            "Optionally 1 hacktivist or insider-threat scenario for completeness",
            "Justify each selection with current threat-landscape evidence (last 6 months)",
        ],
        "delivery_requirements": {
            "format": "PDF + machine-readable JSON (STIX 2.1 preferred)",
            "page_count_typical": "60-120 pages",
            "delivery_to": "white-team-lead only (NEVER to red-team direct, NEVER to blue-team)",
            "retention_post_test": "7 years per DORA Art. 14",
        },
        "downstream_use": [
            "Red-team uses TTPs from TTI to drive engagement plan",
            "White-team uses TTI to validate test realism",
            "Lead overseer reviews TTI as part of test scope approval (Art. 26(7))",
        ],
    }

meok_dora_tlpt_planner/server.py:206-212 (registration)
Tool registration via the @mcp.tool() decorator — the FastMCP framework auto-registers the function as an MCP tool named 'threat_intel_brief'.
```
@mcp.tool()
def threat_intel_brief(
    entity_name: str,
    entity_sector: str,
    geographic_footprint: list[str],
    critical_functions: list[str],
) -> dict[str, Any]:
```

meok_dora_tlpt_planner/server.py:104-113 (schema)

TTI_FIELDS constant used by the tool to define the required sections for the threat intelligence brief template (entity profile, threat actor selection, TTPs, access vectors, exfiltration scenarios, disruption scenarios, evidence sources, attribution confidence).

TTI_FIELDS = [
    "Entity profile (sector, size, geographic footprint, critical functions)",
    "Threat actor selection (1-2 nation-state + 1-2 financially-motivated, justified per current threat landscape)",
    "TTPs per threat actor (mapped to MITRE ATT&CK Enterprise + ICS)",
    "Initial access vectors (phishing, supply-chain, vendor compromise, etc.)",
    "Data exfiltration scenarios (customer data, transaction records, IP)",
    "Disruption scenarios (ransomware, wiper, market manipulation)",
    "Evidence sources cited (MISP feeds, vendor reports, government advisories)",
    "Attribution confidence (HIGH/MEDIUM/LOW per ICD-203)",
]

Tool Definition Quality

A4.1/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, and the description does not disclose any behavioral traits such as side effects, permissions, rate limits, or whether it is read-only. It only explains the scaffold nature but lacks essential behavioral context for a tool with no annotations.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is concise with four sentences plus a parameter list. It front-loads the purpose and scaffold note, and every sentence is valuable. No redundant information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given an output schema exists (but not shown), the description mentions the template aligns with standards. It explains all parameters adequately. However, it lacks details on error handling or behavior for invalid inputs, but overall is fairly complete for a template generator.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 0% description coverage, so the description fully compensates by explaining each parameter: entity_name is legal name, entity_sector lists allowed values, geographic_footprint expects country codes, and critical_functions are for threat modeling. This adds significant meaning beyond the schema titles.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool generates a TTI brief template per ECB TIBER-EU v2.0, specifies it's a scaffold, and distinguishes it from siblings which are unrelated (e.g., list_phases, pricing). The verb 'Generate' and resource 'TTI brief template' are specific and unambiguous.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states that the template is a scaffold and that real TTI must be authored by an accredited provider, guiding users to use it for briefing providers. It does not explicitly mention when not to use or alternative tools, but the context is clear enough for a template generator.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CSOAI-ORG/meok-dora-tlpt-planner-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server