Official MCP (Model Context Protocol) server for FalconFeeds.io
Documentation
---
Connect real-time cybersecurity threat intelligence to MCP clients through standardized tools and resources. Access comprehensive IOCs, CVEs, TTPs, and threat actor data from FalconFeeds.io with seamless integration across Claude Desktop, VS Code, and other MCP-enabled applications.
Features
- CVE Intelligence: Search and retrieve Common Vulnerabilities and Exposures data with detailed analysis
- Threat Feeds: Access real-time threat intelligence feeds from global sources
- Threat Actors: Get detailed profiles of threat actors and cybercriminal groups
- Threat Images: Retrieve screenshots and visual evidence from threat feeds
- IOC Management: Handle Indicators of Compromise with enrichment capabilities
- MCP Prompts: Pre-built cybersecurity prompts optimized for threat analysis workflows
Installation Options
NPX Installation (Recommended)
Add the server to your MCP client configuration:
{
"mcpServers": {
"falconfeeds": {
"command": "npx",
"args": [
"-y",
"@falconfeeds/mcp@latest"
],
"env": {
"FALCONFEEDS_API_KEY": "your_api_key_here",
}
}
}
}Local Development
Clone and build the repository for development or customization:
git clone https://github.com/Technisanct/falconfeeds-mcp.git
cd falconfeeds-mcpInstall dependencies
npm installBuild the project
npm run buildConfigure your MCP client:
{
"mcpServers": {
"falconfeeds": {
"command": "node",
"args": [
"/path/to/falconfeeds-mcp/dist/index.js"
],
"env": {
"FALCONFEEDS_API_KEY": "your_api_key_here"
}
}
}
}Getting Your API Key
1. Visit FalconFeeds Dashboard
2. Sign up or log in to your account
3. Navigate to Settings
4. Navigate to API Access
5. Generate your API key
6. Copy the key to your environment configuration
[!NOTE]
Make sure you have a valid plan and sufficient API credits
Client Integration
MCP Tools
CVE Operations
- **
get_cve_by_id**: Retrieve specific CVE details by identifier - **
search_cves_by_keyword**: Find CVEs matching specific terms - **
get_cves_by_date_range**: Get CVEs within specified time periods - **
get_next_cve_page**: Paginate through large CVE result sets
Threat Feed Operations
- **
get_threat_feeds**: Retrieve threat feeds based on filters
Threat Actor Operations
- **
get_threat_actor_profile**: Get comprehensive threat actor profile with associated feeds - **
search_threat_actors**: Search and filter threat actor profiles - **
get_threat_actor_by_id**: Get detailed threat actor information - **
search_threat_actors_by_name**: Find actors by name or alias - **
get_next_threat_actor_page**: Paginate actor search results
IOC Operations
- **
get_IOCs**: Retrieve all detailed IOCs - **
get_IOCsThreatActors**: Retrieve threat actors associated with specific IOCs - **
get_IOCsMalwares**: Retrieve malware information linked to specific IOCs
Threat Image Operations
- **
get_threat_image**: Retrieve and display visual evidence from threat feed reports including screenshots, ransom notes, and leaked data samples
Prompt Templates
The server provides cybersecurity-focused prompts designed for threat intelligence workflows:
1. Threat Intelligence Report: Generate comprehensive threat reports
2. CVE Impact Assessment: Analyze vulnerability impact and prioritization
3. Incident Threat Correlation: Correlate security incidents with known threats
4. Vulnerability Trend Analysis: Identify patterns in vulnerability disclosure
5. Threat Hunting Playbook: Create systematic threat hunting procedures
6. Supply Chain Threat Analysis: Analyze third-party and supply chain risks
7. IOC Enrichment Analysis: Enhance indicators with threat context
8. Sector Threat Briefing: Generate industry-specific threat briefings
9. Malware Family Analysis: Deep-dive into malware characteristics
10. Geopolitical Threat Assessment: Analyze nation-state and political threats
Testing & Development
Testing with MCP Inspector
Test server tools and prompts using the MCP Inspector:
npx @modelcontextprotocol/inspector npx -y @falconfeeds/mcp@latestUsage Examples
Threat Intelligence Query:
"Search for recent CVEs affecting Apache products with CVSS score above 7.0"Threat Actor Investigation:
"Get information about APT29 and their recent campaigns targeting government sectors"IOC Analysis:
"Analyze this IP address for malicious activity: 192.168.1.100"Troubleshooting
Common Issues
API Key Not Working:
- Verify your API key is correctly copied from the FalconFeeds dashboard
- Ensure the key has not expired or been revoked
- Check that the key is properly set in your environment configuration
- Ensure you have enough credits
NPX Installation Issues:
- Ensure you have Node.js 18.0.0 or higher installed
- Try clearing npm cache:
npm cache clean --force - Use the
-yflag to auto-accept package installations
MCP Client Connection Issues:
- Restart your MCP client after server configuration changes
- Verify JSON configuration syntax is valid
- Check client logs for connection errors
- Ensure the server process starts correctly
Getting Help
- Documentation: https://dash.falconfeeds.io/mcp/docs
- Falconfeeds API Documentation: https://dash.falconfeeds.io/api/docs
- Bug Reports: Create an issue on GitHub with detailed error information
- Community Support: Join our community discussions for help and tips
- Enterprise Support: Contact FalconFeeds support for enterprise assistance
Contributing
We welcome contributions from the cybersecurity and development communities!
Development Guidelines
- Follow existing code patterns and architecture
- Update documentation for any tools, prompt changes
- Ensure TypeScript strict mode compliance
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgments
- Built with the Model Context Protocol
- Powered by FalconFeeds.io threat intelligence platform
- TypeScript and Node.js ecosystem contributors
- Cybersecurity community for feedback and feature requests
---
Similar MCP
Based on tags & features
Trending MCP
Most active this week