Open-source MCP server for defensive security: intel ingestion → research → hunting → detection drafts
Quick Install
Copy the config for your editor. Some servers may need additional setup — check the README.
Add to claude_desktop_config.json:
{
"mcpServers": {
"threat-research-mcp": {
"command": "uvx",
"args": [
"threat-research-mcp"
]
}
}
}
Run in terminal:
claude mcp add threat-research-mcp uvx threat-research-mcp
Add to .cursor/mcp.json:
{
"mcpServers": {
"threat-research-mcp": {
"command": "uvx",
"args": [
"threat-research-mcp"
]
}
}
}
Or install with pip: pip install threat-research-mcp
README Excerpt
<div align="center"> IOC extraction · ATT&CK mapping · Hunt queries · Sigma rules · MITRE STIX enrichment<br> Works with Claude Desktop · Cline · Cursor · Copilot · any MCP-compatible client <br> <br> </div> --- Reading a vendor threat report today looks like this: ``` Step 1 Copy IPs, domains, hashes into a spreadsheet ~20 min
Tools (20)
analyze_intelatomic_tests_for_techniqueattack_attribute_to_groupattack_get_data_sourcesattack_get_mitigationsattack_get_techniqueattack_get_techniques_by_groupattack_get_threat_groupscampaign_correlate_ioccampaign_getcampaign_listcampaign_updatedetection_coverage_gapenrich_ioc_toolenrich_iocs_toolenrich_techniques_stixeql_for_techniqueextract_iocsgenerate_sigma_rulegenerate_threat_report