FalconFeeds MCP server
@Technisanct
FalconFeeds MCP server について
Connect real-time cybersecurity threat intelligence to your AI workflows through standardized tools and resources. Access comprehensive IOCs, CVEs, TTPs, and threat actor data from FalconFeeds.io with seamless integration across Claude Desktop, VS Code, and other MCP-enabled appl
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"falconfeeds": {
"command": "npx",
"args": [
"-y",
"@falconfeeds/mcp@latest"
],
"env": {
"FALCONFEEDS_API_KEY": "your_api_key_here",
"FALCONFEEDS_TIMEOUT": "30000"
}
}
}
}ツール
23Search for CVEs with various filters including ID, keyword, and date range
Get a specific CVE by its ID
Search CVEs by keyword in descriptions and titles
Get CVEs published within a specific date range
Get the next page of CVE results using pagination token
**PREFERRED for threat actor searches by name**: Get comprehensive threat actor profile including attributed threat feeds. Use this tool when you have a threat actor NAME (like 'LockBit', 'LEAKBASE', 'APT29') and want to find their profile and associated threat feeds. This automatically searches for the actor by name first, then retrieves their feeds.
Get a specific threat feed by UUID
Get threat feeds for a threat actor when you already have their UUID. If you only have the actor's name, use 'get_threat_actor_profile' instead.
Get threat feeds filtered by category
Perform full-text search on threat feed content and titles using keywords. Use this for general content searches, NOT for country names, industry names, or threat actor names (use their dedicated tools instead).
Get threat feeds filtered by organization name or website/domain. Use this ONLY for specific organization names or websites. For countries, use 'get_threat_feeds_by_country'. For industries, use 'get_threat_feeds_by_industry'.
**PREFERRED for country-based threat landscape**: Get threat feeds where victims are from a specific country. Use this tool when searching for threats by country (e.g., 'UAE', 'USA', 'Germany'). The country name must match exactly from the supported list.
**PREFERRED for industry-based threat analysis**: Get threat feeds where victims are from a specific industry sector. Use this tool when analyzing threats by industry (e.g., 'Healthcare & Pharmaceuticals', 'Financial Services', 'Government & Public Sector'). The industry name must match exactly from the supported list.
Get the next page of threat feed results
**PREFERRED for comprehensive threat feed searches that need direct image urls**: Search threat feeds with direct image URLs included. This tool automatically includes image URLs in the response, providing direct access to screenshots and visual evidence from threat feeds. Use this for general threat intelligence gathering when you need complete information including visual assets.
Search threat actors with optional filters
Get a specific threat actor by UUID
Search threat actors by name prefix
Get the next page of threat actor results
**PREFERRED for general IOC searches**: Search Indicators of Compromise (IOCs) with optional filters. This API may have higher response times (~4 seconds) as it aggregates data from multiple sources.
**PREFERRED for country-specific IOC analysis**: Get IOCs filtered by a specific country. This tool is optimized for analyzing threats targeting or originating from particular countries. Use FULL country names, not abbreviations.
Get IOCs filtered by a specific threat type. Use this tool to focus on particular types of threats from the available categories.
Get a specific page of IOC results. Use this for pagination when dealing with large result sets. Each request returns up to 100 IOCs.
概要
What is FalconFeeds MCP Server?
FalconFeeds MCP Server is a Model Context Protocol server that delivers real-time cybersecurity threat intelligence to MCP clients. It provides access to comprehensive IOCs, CVEs, TTPs, and threat actor data from FalconFeeds.io, designed for integration with Claude Desktop, VS Code, and other MCP-enabled applications.
How to use FalconFeeds MCP Server?
Install the npm package, configure your FalconFeeds API key, and add the server to your MCP client configuration. The server exposes tools and resources for querying threat intelligence data through standardized MCP interactions.
Key features of FalconFeeds MCP Server
- Real-time cybersecurity threat intelligence access
- Comprehensive IOC, CVE, and TTP data
- Threat actor information and tracking
- Seamless MCP client integration
- TypeScript-based implementation
- MIT-licensed open source
Use cases of FalconFeeds MCP Server
- Enrich security alerts with current IOC data in AI assistants
- Automate CVE lookup during incident response workflows
- Research threat actor TTPs from within development environments
FAQ from FalconFeeds MCP Server
What data sources does FalconFeeds MCP Server use?
It accesses threat intelligence data from FalconFeeds.io, including IOCs, CVEs, TTPs, and threat actor information.
What are the runtime requirements?
The server is an npm package written in TypeScript and requires Node.js to run.
Which MCP clients are supported?
It works with Claude Desktop, VS Code, and any other MCP-enabled application.
How is authentication handled?
Access requires a FalconFeeds API key, configured through the MCP client setup.
「生産性」の他のコンテンツ
Swift MCP GUI Server
NakaokaReiMCP server that can execute commands such as keyboard input and mouse movement on macOS
C++ Excel Automation MCP Server
smileFAaceA MCP server for automatically create, view and modify Excel related file using LLM
MCP SAP GUI Server
mario-andreschakMCP server that allows simple SAP GUI interaction for LLM models using simulated mouse clicks and keyboard input.
Npx Y convex@latest mcp start
get-convexThe open-source reactive database for app developers
Task Manager MCP Server
tradesdontlieA task management MCP server that provides comprehensive project and task tracking capabilities
コメント