
Mlab - IOC & Threat Intelligence
@mlab-sh
About Mlab - IOC & Threat Intelligence
Threat intelligence MCP server for SOC analysts, DFIR and security researchers. Scan and enrich IOCs directly from Claude, Cursor or any MCP client: IP addresses (IPv4/IPv6), domains, file hashes and blockchain addresses. Search CVEs by keyword, vendor or product, retrieve full C
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"mlab": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://mlab.sh/mcp",
"--header",
"Authorization: Bearer mcp_xxx"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Mlab - IOC & Threat Intelligence?
Mlab - IOC & Threat Intelligence is a remote MCP server that connects MCP-compatible clients like Claude and Cursor to the mlab.sh platform, providing real-time IOC scanning, vulnerability intelligence, and threat actor research for SOC analysts, DFIR teams, and security researchers. No local installation is required — it operates as a remote server accessible via a URL.
How to use Mlab - IOC & Threat Intelligence?
Configure your MCP client to point to the remote server URL https://mlab.sh/mcp and authenticate with a Mlab account (free tier available). For Claude Desktop, add the URL to claude_desktop_config.json under mcpServers. For Claude.ai (web), add it as a custom connector under Settings → Connectors. For other MCP clients, add a remote MCP server and authenticate.
Key features of Mlab - IOC & Threat Intelligence
- 17 tools covering IOC scanning, CVE search, and threat actors
- Auto-detect indicator type with
detect_ioc - Full domain scans and IP enrichment
- Reverse CVE lookup for threat actors
- Workspace bookmarks, scan history, and account info
- Remote server — no npm or Docker needed
Use cases of Mlab - IOC & Threat Intelligence
- Incident triage: extract IOCs from logs and check each against Mlab
- Vulnerability watch: search critical CVEs and discover which actors exploit them
- Threat actor research: build briefs on APT groups with TTPs and aliases
- Real-time intelligence queries via AI assistant
FAQ from Mlab - IOC & Threat Intelligence
Do I need to install anything locally?
No. Mlab is a remote MCP server — zero npm, zero Docker, just a URL.
How do I authenticate and is there a free tier?
Authentication is done with a Mlab account. A free tier is available with no credit card required; quotas apply per organization.
What tools are available?
The server provides 17 tools including detect_ioc, scan_ip, start_domain_scan, get_domain_scan_results, scan_crypto, cve_search, cve_detail, actors_by_cve, search_actors, get_actor, add_bookmark, remove_bookmark, get_bookmarks, get_scan_history, get_scan_limits, get_account_info, and hello_world.
How can I check my remaining scan quotas?
Use the get_scan_limits tool to view your remaining scan quotas.
What are the system requirements?
A MCP-compatible client (e.g., Claude Desktop, Claude.ai, Cursor) and internet access. No local dependencies.
More Developer Tools MCP servers
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Golf
golf-mcpProduction-Ready MCP Server Framework • Build, deploy & scale secure AI agent infrastructure • Includes Auth, Observability, Debugger, Telemetry & Runtime • Run real-world MCPs powering AI Agents
MCP-Bridge
SecretiveShellA middleware to provide an openAI compatible endpoint that can call MCP tools
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
Comments