// MCP TOOL REFERENCE

MCP THREATINTEL TOOLS

17 tools from the Mcp Threatintel MCP Server, categorised by risk level.

View the Mcp Threatintel policy →
// ALL 17 MCP THREATINTEL TOOLS
READ 17 tools
Read abuseipdb_check Check IP reputation on AbuseIPDB - returns abuse confidence score and recent reports Read feodo_tracker Get active botnet C2 servers from Feodo Tracker (Emotet, Dridex, QakBot, etc.) Read greynoise_ip Check if an IP is internet background noise or a targeted threat (GreyNoise) Read malwarebazaar_hash Look up malware sample by hash on MalwareBazaar Read malwarebazaar_recent Get recent malware samples from MalwareBazaar Read malwarebazaar_tag Get malware samples by tag (e.g., Read otx_get_pulses Get recent threat intelligence pulses from AlienVault OTX Read otx_search_pulses Search OTX pulses by keyword (malware name, campaign, threat actor) Read threatfox_iocs Get recent IOCs from ThreatFox (C2 servers, malware infrastructure) Read threatfox_search Search ThreatFox for IOCs by malware family or tag Read threatintel_lookup_domain Look up a domain across threat intelligence sources (OTX, URLhaus) Read threatintel_lookup_hash Look up a file hash (MD5, SHA1, SHA256) across threat intelligence sources (OTX, MalwareBazaar) Read threatintel_lookup_ip Look up an IP address across all configured threat intelligence sources (OTX, AbuseIPDB, GreyNoise, Feodo T... Read threatintel_lookup_url Look up a URL for malware/phishing indicators (OTX, URLhaus) Read threatintel_status Check which threat intelligence sources are configured. Currently available: ${configuredServices.join( Read urlhaus_lookup Check if a URL or domain is distributing malware (URLhaus) Read urlhaus_recent Get recent malware URLs from URLhaus
// RUNNING THIS SERVER

The managed route: connect Mcp Threatintel through the PolicyLayer gateway — every tool call above is checked against your policy before it runs, with a full audit log.

DIRECT INSTALL (UNMANAGED) npx -y mcp-threatintel-server
// FAQ
How many tools does the Mcp Threatintel MCP server have? +

The Mcp Threatintel MCP server exposes 17 tools across 1 categories: Read.

How do I enforce policies on Mcp Threatintel tools? +

Route the Mcp Threatintel server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard — they are enforced on every call before it reaches the server.

What risk categories do Mcp Threatintel tools fall into? +

Mcp Threatintel tools are categorised as Read (17). Each category has a recommended default policy.

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

SECURE YOUR MCP →

Free to start. No card required.

4,600+ MCP servers and 31,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.