Brand Narrative Intelligence MCP Server

Brand reputation and disinformation detection intelligence for AI agents via the Model Context Protocol. This MCP server orchestrates 8 data sources covering brand protection monitoring, social sentiment, cross-platform reviews, domain WHOIS, certificate transparency, and historical content analysis to deliver brand threat assessment on a DEFCON 1-5 scale, impersonation domain detection, review authenticity scoring, narrative drift tracking, and comprehensive brand threat reporting.

What data can you access?

Data Point	Source	Coverage
Brand mention and trademark monitoring	Brand Protection Monitor	Web-wide monitoring
Social media sentiment analysis	Bluesky Social	Bluesky network
Cross-platform review aggregation	Multi-Review Analyzer	Multiple platforms
Customer review data	Trustpilot Reviews	Trustpilot listings
Domain registration and velocity	WHOIS Lookup	All TLDs
Certificate transparency logs	SSL/crt.sh Certificate	All issued certificates
Historical content for drift detection	Wayback Machine	Web Archive
Content change tracking	Website Change Monitor	Any tracked URL

MCP Tools

Tool	Price	Description
assess_brand_threat_level	$1.50	Assess overall brand threat level on DEFCON 1-5 scale: brand protection alerts, social sentiment, review attacks, and impersonation domains across up to 6 sources.
detect_impersonation_domains	$1.50	Detect impersonation and domain squatting: WHOIS registration velocity spikes and SSL certificate transparency log analysis for lookalike domain discovery.
analyze_review_authenticity	$1.50	Detect fake review campaigns: rating distribution analysis, burst detection, duplicate content identification, and sock puppet account patterns. Returns Review Authenticity Score (0-100).
monitor_social_sentiment	$1.50	Monitor social media sentiment for brand mentions on Bluesky: positive/negative/neutral classification, negative keyword detection, and brand protection alerts.
track_narrative_drift	$1.50	Track narrative drift via Wayback Machine historical snapshots and Website Change Monitor: detect messaging shifts, removed content, and content manipulation over time.
investigate_domain_registration	$1.50	Deep WHOIS investigation: registrar details, registration dates, privacy protection status, and DNS history for domain intelligence.
detect_content_manipulation	$1.50	Detect content manipulation: compare historical and current website versions, identify removed content, and track revision frequency.
generate_brand_threat_report	$4.00	Comprehensive brand threat report using all 8 data sources and 4 scoring models. Returns DEFCON rating, immediate actions, and monitoring recommendations.

Data Sources

• Brand Protection Monitor -- Web-wide brand mention and trademark monitoring with alert classification
• Bluesky Social -- Social media posts, sentiment, and engagement data from the Bluesky network
• Multi-Review Analyzer -- Cross-platform review aggregation covering multiple review sites with rating distributions
• Trustpilot Reviews -- Customer review data including ratings, review text, and posting patterns
• WHOIS Lookup -- Domain registration data with registrar, creation dates, expiry, and privacy protection status
• SSL/crt.sh Certificate -- Certificate transparency logs for discovering all certificates issued for domain variations
• Wayback Machine -- Internet Archive historical website snapshots for content evolution analysis
• Website Change Monitor -- Real-time content change detection and tracking for specific URLs

How the scoring works

Four scoring models cover different dimensions of brand risk.

Brand Threat Level (DEFCON 1-5) is the composite threat assessment combining impersonation activity, review manipulation signals, negative social sentiment, and content manipulation indicators. DEFCON 5 is minimal threat; DEFCON 1 is critical active attack.

Impersonation Domain Detector monitors certificate transparency logs and WHOIS registrations for domains similar to the target brand. Sudden spikes in lookalike domain registrations or SSL certificate issuance trigger elevated alerts.

Review Authenticity Score (0-100) analyzes review timing patterns, rating distributions, language patterns, and cross-platform consistency to detect coordinated fake review campaigns. Low scores indicate high probability of manipulation.

Narrative Drift Tracker compares historical website content (Wayback Machine) with current content and recent changes to detect unauthorized messaging shifts, removed content, and manipulation of brand narrative.

DEFCON Level	Meaning	Typical Response
DEFCON 5	Minimal threat	Standard monitoring
DEFCON 4	Low threat	Increased monitoring frequency
DEFCON 3	Moderate threat	Active investigation
DEFCON 2	High threat	Immediate response team activation
DEFCON 1	Critical threat	Full crisis response

How to connect this MCP server

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "brand-narrative": {
      "url": "https://brand-narrative-intelligence-mcp.apify.actor/mcp"
    }
  }
}

Programmatic (HTTP)

curl -X POST https://brand-narrative-intelligence-mcp.apify.actor/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"detect_impersonation_domains","arguments":{"domain":"example.com","brand":"Example Inc"}},"id":1}'

This MCP server also works with Cursor, Windsurf, Cline, and any other MCP-compatible client.

Use cases for brand protection intelligence

Brand Protection Team Operations

Automate impersonation domain detection and prioritize takedown requests with detect_impersonation_domains. Certificate transparency monitoring catches lookalike domains within hours of certificate issuance.

Marketing Competitive Intelligence

Monitor review authenticity across platforms with analyze_review_authenticity. Detect competitor astroturfing campaigns and fake negative review attacks targeting your brand.

PR and Communications Monitoring

Track narrative drift with track_narrative_drift to ensure brand messaging consistency across owned properties. Detect unauthorized content changes or third-party content manipulation.

Legal Evidence Gathering

Use investigate_domain_registration and detect_content_manipulation to gather evidence for trademark infringement cases. Historical content from Wayback Machine provides timestamped evidence.

Crisis Communication Early Warning

Monitor social sentiment in real-time with monitor_social_sentiment. Early detection of negative sentiment spikes enables proactive crisis communication before issues escalate.

Brand Audit for M&A

Run generate_brand_threat_report during M&A due diligence to assess target brand health, identify active threats, and evaluate reputation risk as part of deal valuation.

How much does it cost?

This MCP server uses pay-per-event pricing with no subscription fees.

Individual tools cost $1.50 per call. The comprehensive generate_brand_threat_report costs $4.00 because it runs all 8 data sources.

The Apify Free plan includes $5 of monthly platform credits, covering 3 standard tool calls or 1 comprehensive report at no cost.

Example costs:

• Impersonation domain check for your brand: $1.50
• Full brand threat report: $4.00
• Weekly monitoring (4 sentiment scans): $6.00/week

How it works

1. Your AI agent calls a tool via MCP (e.g., detect_impersonation_domains with your brand domain)
2. The server dispatches parallel queries to relevant Apify actors (WHOIS, crt.sh for domain impersonation)
3. Registration data, certificate logs, reviews, and social posts are collected
4. Scoring algorithms analyze registration velocity, review patterns, sentiment, and content changes
5. A structured JSON response is returned with threat levels, scores, and evidence

All data sources are queried in parallel. Typical response time is 30-90 seconds.

FAQ

Q: Which social platforms are monitored? A: Currently Bluesky for social sentiment. The brand protection monitor covers broader web mentions. Additional social platforms can be added via the Apify actor ecosystem.

Q: How does impersonation domain detection work? A: The system monitors certificate transparency logs (crt.sh) for all certificates issued to domain name variations. Combined with WHOIS registration velocity analysis, it detects coordinated domain squatting campaigns.

Q: Can this detect deepfake brand content? A: The system detects content manipulation and narrative drift in text-based web content. Deepfake detection of images/video requires specialized visual analysis tools.

Q: Is it legal to use this data? A: All data sources are publicly available. See Apify's guide on web scraping legality.

Q: How often should I run brand monitoring? A: For active brands, weekly assess_brand_threat_level checks are recommended. During known threat periods, daily monitoring with targeted tools provides faster detection.

Q: Can I set up automated brand alerts? A: Yes. Use Apify Schedules for periodic monitoring and Webhooks to trigger alerts when DEFCON level changes or impersonation domains are detected.

Related MCP servers

MCP Server	Focus
competitive-digital-intelligence-mcp	Digital competitive analysis and market position tracking
corporate-deep-research-mcp	Corporate intelligence including reputation risk
counterparty-due-diligence-mcp	Entity verification and digital presence checks

Integrations

This MCP server runs on the Apify platform and supports:

• Scheduling -- Set up daily or weekly brand monitoring via Apify Schedules
• Webhooks -- Trigger alerts when threat levels change or impersonation domains appear
• API access -- Call tools directly via the Apify API for integration into brand protection platforms
• Dataset export -- Export reports as JSON, CSV, or Excel for legal evidence and compliance files