get_ip_address_report
Analyze IP addresses for security threats using Google Threat Intelligence. Get comprehensive reports on indicators of compromise and reputation data to investigate potential cyber threats.
Instructions
Get a comprehensive IP Address analysis report from Google Threat Intelligence.
Args: ip_address (required): IP Address to analyze. It can be IPv4 or IPv6. Returns: Report with insights about the IP address.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ip_address | Yes | ||
| api_key | No |
Implementation Reference
- gti_mcp/tools/netloc.py:177-193 (handler)Main handler function for get_ip_address_report. Decorated with @server.tool() to register as MCP tool. Fetches IP address analysis report from Google Threat Intelligence API using the vt_client, utils.fetch_object helper, and returns sanitized response.
@server.tool() async def get_ip_address_report(ip_address: str, ctx: Context, api_key: str = None) -> typing.Dict[str, typing.Any]: """Get a comprehensive IP Address analysis report from Google Threat Intelligence. Args: ip_address (required): IP Address to analyze. It can be IPv4 or IPv6. Returns: Report with insights about the IP address. """ async with vt_client(ctx, api_key=api_key) as client: res = await utils.fetch_object( client, "ip_addresses", "ip", ip_address, relationships=IP_KEY_RELATIONSHIPS, params={"exclude_attributes": "last_analysis_results"}) return utils.sanitize_response(res) - gti_mcp/tools/netloc.py:86-88 (schema)Schema definition for IP_KEY_RELATIONSHIPS - specifies which relationships to include in IP address reports (associations). Used as the relationships parameter in fetch_object call.
IP_KEY_RELATIONSHIPS = [ "associations", ] - gti_mcp/utils.py:29-84 (helper)Helper function fetch_object that makes the actual API call to VirusTotal/GTI. Handles API errors, builds response object, and removes aggregations from attributes. Used by get_ip_address_report to fetch IP data.
async def fetch_object( vt_client: vt.Client, resource_collection_type: str, resource_type: str, resource_id: str, attributes: list[str] | None = None, relationships: list[str] | None = None, params: dict[str, typing.Any] | None = None): """Fetches objects from Google Threat Intelligence API.""" logging.info( f"Fetching comprehensive {resource_collection_type} " f"report for id: {resource_id}") params = {k: v for k, v in params.items()} if params else {} # Retrieve a selection of object attributes and/or relationships. if attributes: params["attributes"] = ",".join(attributes) if relationships: params["relationships"] = ",".join(relationships) try: obj = await vt_client.get_object_async( f"/{resource_collection_type}/{resource_id}", params=params) if obj.error: logging.error( f"Error fetching main {resource_type} report for {resource_id}: {obj.error}" ) return { "error": f"Failed to get main {resource_type} report: {obj.error}", # "details": report.get("details"), } except vt.error.APIError as e: logging.warning( f"VirusTotal API Error fetching {resource_type} {resource_id}: {e.code} - {e.message}" ) return { "error": f"VirusTotal API Error: {e.code} - {e.message}", "details": f"The requested {resource_type} '{resource_id}' could not be found or there was an issue with the API request." } except Exception as e: logging.exception( f"Unexpected error fetching {resource_type} {resource_id}: {e}" ) return {"error": "An unexpected internal error occurred."} # Build response. obj_dict = obj.to_dict() obj_dict['id'] = obj.id if 'aggregations' in obj_dict['attributes']: del obj_dict['attributes']['aggregations'] logging.info( f"Successfully generated concise threat summary for id: {resource_id}") return obj_dict - gti_mcp/utils.py:119-138 (helper)Helper function sanitize_response that recursively removes empty dictionaries and lists from the API response. Used to clean up the response before returning from get_ip_address_report.
def sanitize_response(data: typing.Any) -> typing.Any: """Removes empty dictionaries and lists recursively from a response.""" if isinstance(data, dict): sanitized_dict = {} for key, value in data.items(): sanitized_value = sanitize_response(value) if sanitized_value is not None: sanitized_dict[key] = sanitized_value return sanitized_dict elif isinstance(data, list): sanitized_list = [] for item in data: sanitized_item = sanitize_response(item) if sanitized_item is not None: sanitized_list.append(sanitized_item) return sanitized_list elif isinstance(data, str): return data if data else None else: return data - gti_mcp/server.py:56-64 (helper)Context manager vt_client that provides a VirusTotal client instance. Handles API key retrieval (from argument or environment variable), client creation, and cleanup. Used by get_ip_address_report via 'async with vt_client(ctx, api_key=api_key) as client:'.
@asynccontextmanager async def vt_client(ctx: Context, api_key: str = None) -> AsyncIterator[vt.Client]: """Provides a vt.Client instance for the current request.""" client = vt_client_factory(ctx, api_key) try: yield client finally: await client.close_async()