MCP HubMCP Hub
fr0gger

MCP_Security

by: fr0gger

This is a repository to experiment with MCP for security

22created 27/11/2024
Visit
security
experiment

📌Overview

Purpose: The ORKL MCP Server is designed to query the ORKL API, providing essential tools for fetching and analyzing threat intelligence data.

Overview: The ORKL MCP Server serves as a Model Context Protocol (MCP) server that facilitates seamless integration with MCP-compatible applications. It allows users to access and analyze threat reports, threat actors, and associated sources, thereby enhancing their ability to monitor and respond to potential threats.

Key Features:

  • Fetch Latest Threat Reports: Retrieves the most recent threat reports along with their titles and IDs, enabling users to stay updated on current threats.

  • Fetch Threat Report Details: Provides in-depth information about specific threat reports based on assigned IDs, helping users analyze particular threats efficiently.

  • Fetch Threat Actors: Delivers a list of known threat actors and their identifiers, allowing for identification and tracking of malicious entities.

  • Fetch Threat Actor Details: Offers detailed information regarding specific threat actors through their IDs, enhancing understanding of their motives and activities.

  • Fetch Sources: Compiles a list of various sources utilized in threat intelligence, aiding contextual awareness in threat analysis.

  • Fetch Source Details: Retrieves detailed metadata for specific sources via their IDs, providing insights into the reliability and relevance of the supplied intelligence.

ORKL MCP Server

A Model Context Protocol (MCP) server for querying the ORKL API. This server provides tools for fetching and analyzing threat reports, threat actors, and sources. It integrates smoothly with MCP-compatible applications.

A full write-up can be found here: https://blog.securitybreak.io/building-a-threat-intelligence-genai-reporter-with-orkl-and-claude-a0ae2e969693

Quick Install

Edit or create the file /Users/user/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "orkl": {
      "command": "uv",
      "args": [
        "--directory",
        "/MyMCP/mcptest/orkl",
        "run",
        "orkl"
      ]
    }
  }
}

Tools

Report Tools

Fetch Latest Threat Reports

  • Name: fetch_latest_threat_reports
  • Description: Fetch recent threat reports with their titles and IDs.
  • Parameters: None

Fetch Threat Report Details

  • Name: fetch_threat_report_details
  • Description: Retrieve detailed information for a specific threat report by ID.
  • Parameters:
    • report_id (required): The ID of the threat report.

Threat Actor Tools

Fetch Threat Actors

  • Name: fetch_threat_actors
  • Description: Fetch a list of known threat actors with their IDs and names.
  • Parameters: None

Fetch Threat Actor Details

  • Name: fetch_threat_actor_details
  • Description: Retrieve detailed information for a specific threat actor by ID.
  • Parameters:
    • actor_id (required): The ID of the threat actor.

Source Tools

Fetch Sources

  • Name: fetch_sources
  • Description: Fetch a list of sources used in threat intelligence.
  • Parameters: None

Fetch Source Details

  • Name: fetch_source_details
  • Description: Retrieve detailed metadata for a specific source by ID.
  • Parameters:
    • source_id (required): The ID of the source.