Cyber Threat Intelligence MCP Server

All-in-one cybersecurity threat intelligence for AI agents. 7 tools covering vulnerability management, exploit prediction, phishing detection, and brand protection — powered by free US government data sources.

Tools

Tool	Description	Data Source	Price
search_cve	Search CVE vulnerabilities by keyword	NIST NVD	$0.03
cisa_kev_alerts	Known exploited vulnerabilities with deadlines	CISA KEV	$0.03
epss_score	Exploit prediction probability (30-day window)	FIRST EPSS	$0.03
prioritize_cves	Multi-factor CVE risk ranking	NVD + CISA + EPSS	$0.05
phishing_detect	URL/domain phishing analysis	DNS/SSL analysis	$0.05
domain_trust	Domain trustworthiness score (0-100)	DNS/SPF/DKIM/DMARC	$0.05
brand_monitor	Find lookalike domains targeting a brand	DNS + typosquat gen	$0.10

Use Cases

• Vulnerability Management: Search NVD, check CISA KEV status, get EPSS exploit probability, prioritize patches
• Threat Intelligence: Monitor actively exploited CVEs, track ransomware-linked vulnerabilities
• Anti-Phishing: Detect phishing URLs, verify domain trust, monitor brand impersonation
• Compliance: CISA BOD 22-01 compliance (KEV remediation deadlines), vendor risk assessment

Claude Desktop MCP Setup

{
  "mcpServers": {
    "cyber-threat-intel": {
      "type": "sse",
      "url": "https://ntriqpro--cyber-threat-intelligence-mcp.apify.actor?token=YOUR_APIFY_TOKEN"
    }
  }
}

Example Queries

Search for Log4j vulnerabilities:

Tool: search_cve
Input: { "keyword": "apache log4j", "severity": "CRITICAL" }

Check CISA actively exploited CVEs (last 7 days):

Tool: cisa_kev_alerts
Input: { "days": 7 }

Get exploit prediction for a CVE:

Tool: epss_score
Input: { "cveId": "CVE-2021-44228" }

Prioritize a list of CVEs:

Tool: prioritize_cves
Input: { "cveIds": "CVE-2021-44228,CVE-2023-44487,CVE-2024-3094" }

Check if a URL is phishing:

Tool: phishing_detect
Input: { "url": "https://paypa1-secure.com/login" }

Check domain trustworthiness:

Tool: domain_trust
Input: { "domain": "example.com" }

Monitor brand impersonation:

Tool: brand_monitor
Input: { "brand_domain": "stripe.com", "limit": 10 }

Data Sources

All data comes from free, publicly available government and non-profit sources:

• NIST NVD (National Vulnerability Database) — CVE details, CVSS scores
• CISA KEV (Known Exploited Vulnerabilities) — Confirmed in-the-wild exploits
• FIRST EPSS (Exploit Prediction Scoring System) — ML-based exploit probability
• DNS/SSL — Domain infrastructure analysis (built-in, no external API)

No API keys required. No rate-limited commercial APIs.

Prioritization Scoring

The prioritize_cves tool uses a multi-factor scoring model:

Priority Score = (CVSS × 0.3) + (EPSS × 10 × 0.3) + KEV bonus (+3) + Ransomware bonus (+1)

CRITICAL: score ≥ 6  |  HIGH: score ≥ 4  |  MEDIUM: score ≥ 2  |  LOW: < 2

Legal Disclaimer

This tool provides cybersecurity intelligence for informational and defensive purposes only. Results should be used as part of a comprehensive security program, not as the sole basis for security decisions. The data is sourced from public government databases and may not reflect the most recent updates. No warranty is provided regarding the completeness or accuracy of the information. Users are responsible for verifying results and complying with applicable laws and regulations.

Not a substitute for professional security assessment. Always consult qualified cybersecurity professionals for critical decisions.