Mcpintelligence
What is Mcpintelligence
MCPIntelligence is a framework designed to automate the collection of Cyber Threat Intelligence (CTI) and enhance it with the capabilities of the Malware Configuration Parser (MCP). It focuses on streamlining the process of gathering and analyzing threat data using automation and artificial intelligence.
Use cases
Use cases for MCPIntelligence include automating the collection of threat indicators, enriching data from multiple sources, identifying patterns in cyber threats, and generating insights that improve the maturity of threat intelligence operations.
How to use
To use MCPIntelligence, navigate to the desired directory (e.g., ‘security’) and execute the following commands:
python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt
Configure the MCP in your preferred environment, such as ‘Cursor’ or ‘Claude’, by setting up the necessary command and environment variables.
Key features
Key features of MCPIntelligence include automation of threat data collection, integration with sources like MISP and OSINT, the application of AI for data enrichment, pattern recognition, and the ability to create automated pipelines that transform raw data into actionable intelligence.
Where to use
MCPIntelligence can be used in various fields including cybersecurity, threat intelligence operations, data analysis, and incident response, where there is a need to automate and enhance the collection and analysis of threat data.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Overview
What is Mcpintelligence
MCPIntelligence is a framework designed to automate the collection of Cyber Threat Intelligence (CTI) and enhance it with the capabilities of the Malware Configuration Parser (MCP). It focuses on streamlining the process of gathering and analyzing threat data using automation and artificial intelligence.
Use cases
Use cases for MCPIntelligence include automating the collection of threat indicators, enriching data from multiple sources, identifying patterns in cyber threats, and generating insights that improve the maturity of threat intelligence operations.
How to use
To use MCPIntelligence, navigate to the desired directory (e.g., ‘security’) and execute the following commands:
python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt
Configure the MCP in your preferred environment, such as ‘Cursor’ or ‘Claude’, by setting up the necessary command and environment variables.
Key features
Key features of MCPIntelligence include automation of threat data collection, integration with sources like MISP and OSINT, the application of AI for data enrichment, pattern recognition, and the ability to create automated pipelines that transform raw data into actionable intelligence.
Where to use
MCPIntelligence can be used in various fields including cybersecurity, threat intelligence operations, data analysis, and incident response, where there is a need to automate and enhance the collection and analysis of threat data.
Clients Supporting MCP
The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.
Content
Descrição
Scripts utilizados na Talk Automatizando coletas de CTI e potêncializando com IA, que foi feita na Bsides São Paulo, em 2025.
Nesta palestra, apresento como potencializar operações de Threat Intelligence (CTI) através da automação e inteligência artificial, utilizando o MCP (Malware Configuration Parser) como uma peça-chave na coleta e análise de informações sobre ameaças cibernéticas.
Demonstro, na prática, como automatizar fluxos de coleta de indicadores e configurações maliciosas, integrando fontes como MISP, relatórios técnicos e OSINT, reduzindo o esforço manual e acelerando o ciclo de inteligência. Além disso, mostro como aplicar recursos de IA para enriquecer os dados coletados, identificar padrões, cruzar informações e gerar insights que elevam a maturidade da CTI.
Ao final, os participantes aprendem a montar pipelines automatizados e inteligentes, que ajudam a transformar grandes volumes de dados brutos em inteligência acionável, otimizando a resposta a ameaças emergentes.
Como utilizar
Dentro de cada pasta, como por exemplo security, execute as seguintes linhas de comando.
python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt
Configure o MCP no seu char prefeiro como Cursor ou Claude.
{ "mcpServers": { "threat_intelligence_mcp": { "command": "/Library/Frameworks/Python.framework/Versions/3.11/bin/uv", "args": [ "--directory", "/Users/root/Developer/MCP/security", "run", "main.py" ], "env": { "MISP_URL": "https://localhost", "MISP_KEY": "", "URLSCANIO_API": "", "VT_API_KEY": "", "ABUSEIPDB_API": "" } }, "osint_mcp": { "command": "/Library/Frameworks/Python.framework/Versions/3.11/bin/uv", "args": [ "--directory", "/Users/root/Developer/MCP/sherlockeye", "run", "main.py" ], "env": { "SHERLOCK_EYE_API_KEY": "" } }, "orkl": { "command": "/Library/Frameworks/Python.framework/Versions/3.11/bin/uv", "args": [ "--directory", "/Users/root/Developer/MCP/orkl", "run", "main.py" ] } } }
Dev Tools Supporting MCP
The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.
