Mandiant MCP Server

MCPOpen Source11.5

by refuse1993 • Identity & Access

A local MCP server that connects Claude Desktop to the Mandiant API for threat intelligence, IoC analysis, and vulnerability research.

Example Use Cases

1
Query Mandiant threat intelligence (actors, malware, reports) directly from Claude Desktop.
2
Analyze indicators of compromise (IPs, domains, file hashes) using Mandiant API results.
3
Assess vulnerabilities and related exploits (CVE lookups and exploit information) within conversational workflows.

Description

This repository provides instructions and example code to run an MCP (Model Context Protocol) server that proxies Mandiant API v4 calls into Claude Desktop. It requires a Python virtual environment, Mandiant API credentials, and simple configuration of Claude Desktop to launch the server. The MCP exposes functions for actor/malware lookups, vulnerability/CVE queries, IoC analysis (IP/domain/hash), and report searches, enabling conversational threat intelligence and investigation workflows within Claude. The integration simplifies hands-on incident response and threat research by allowing agents to call Mandiant intelligence directly from chat.

Quick Actions

View on GitHub

Security

Scanned 2 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D40/100

3/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelPremium

Capabilities0 Tools / 0 Prompts / 0 Resources

Ownerrefuse1993

CategoryIdentity & Access

DependenciesStandalone