MCP Threat Intel Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| OTX_API_KEY | No | AlienVault OTX API key for threat pulses and community intelligence. | |
| ABUSECH_AUTH_KEY | No | abuse.ch auth key for URLhaus, MalwareBazaar, and ThreatFox. | |
| ABUSEIPDB_API_KEY | No | AbuseIPDB API key for IP reputation and abuse reports. | |
| GREYNOISE_API_KEY | No | GreyNoise API key to identify internet noise vs targeted attacks. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| threatintel_statusA | Check which threat intelligence sources are configured. Currently available: greynoise, feodo |
| threatintel_lookup_ipA | Look up an IP address across all configured threat intelligence sources (OTX, AbuseIPDB, GreyNoise, Feodo Tracker) |
| threatintel_lookup_domainA | Look up a domain across threat intelligence sources (OTX, URLhaus) |
| threatintel_lookup_hashA | Look up a file hash (MD5, SHA1, SHA256) across threat intelligence sources (OTX, MalwareBazaar) |
| threatintel_lookup_urlB | Look up a URL for malware/phishing indicators (OTX, URLhaus) |
| greynoise_ipA | Check if an IP is internet background noise or a targeted threat (GreyNoise) |
| feodo_trackerA | Get active botnet C2 servers from Feodo Tracker (Emotet, Dridex, QakBot, etc.) |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/aplaceforallmystuff/mcp-threatintel'
If you have feedback or need assistance with the MCP directory API, please join our Discord server