# ๐ก๏ธ Cyber Sentinel MCP Server
A comprehensive threat intelligence aggregation MCP (Model Context Protocol) server that provides unified access to multiple threat intelligence sources for security analysis.
## ๐ฏ Overview
Cyber Sentinel eliminates the tedious manual process of querying multiple threat intelligence sources by providing a single, unified interface. Security analysts can now analyze indicators (IPs, domains, hashes, URLs) across multiple sources with a single command, getting aggregated results with confidence scoring.
## โจ Features
### ๐ Threat Intelligence
- **Multi-Source Intelligence**: Aggregates data from VirusTotal v3, AbuseIPDB, URLhaus, Shodan, ThreatFox, and MalwareBazaar
- **Smart Indicator Detection**: Automatically detects IP addresses, domains, file hashes, and URLs
- **Intelligent Aggregation**: Combines results from multiple sources with confidence scoring
- **Async Performance**: High-performance concurrent processing
- **Smart Caching**: Reduces API calls and improves response times (1-hour TTL)
- **Rate Limiting**: Respects API limits across all sources (60 req/min default)
- **Error Recovery**: Graceful handling of API failures and timeouts
### ๐ก๏ธ Code Security Analysis
- **Multi-Language Support**: Analyzes Python, JavaScript, Java, C#, PHP, Go, Rust, C++, and SQL code
- **Vulnerability Detection**: Identifies hardcoded secrets, SQL injection, XSS, path traversal, and more
- **Network Indicator Analysis**: Extracts and analyzes IPs, domains, and URLs found in code
- **Secure Alternatives**: Provides secure coding recommendations and alternatives
- **Risk Scoring**: Calculates comprehensive security risk scores
### ๐ฆ Dependency Security
- **Multi-Platform Support**: Scans NPM, Python, Maven, Cargo, Go, and Composer dependencies
- **Vulnerability Detection**: Identifies known malicious packages and outdated dependencies
- **Security Recommendations**: Provides actionable security improvement suggestions
- **Risk Assessment**: Comprehensive dependency risk scoring
### ๐ณ Infrastructure Security
- **Docker Security**: Analyzes Dockerfile configurations for security best practices
- **Kubernetes Security**: Scans K8s manifests for security misconfigurations
- **CI/CD Integration**: Provides security analysis for DevOps pipelines
### ๐ Reporting & Visualization
- **Rich Reports**: Generates comprehensive security analysis reports
- **Visual Dashboards**: Creates security metrics and trend visualizations
- **Export Options**: Supports multiple output formats (JSON, HTML, PDF)
- **MCP Protocol**: Full compatibility with MCP-enabled AI assistants
## ๐ Quick Start
### Prerequisites
- Python 3.8 or higher
- MCP-compatible client (Claude Desktop, Cursor, etc.)
### Installation
1. **Clone the repository**:
```bash
git clone https://github.com/jx888-max/cyber-sentinel-mcp.git
cd cyber-sentinel-mcp
```
2. **Install dependencies**:
```bash
pip install -e .
```
3. **้
็ฝฎAPIๅฏ้ฅ**:
```bash
# ่ฟ่ก่ฎพ็ฝฎๅๅฏผ
python -m cyber_sentinel.setup_wizard
# ๆ่
็ดๆฅ่ฎพ็ฝฎ็ฏๅขๅ้
export VIRUSTOTAL_API_KEY=your_virustotal_api_key_here
export ABUSEIPDB_API_KEY=your_abuseipdb_api_key_here
```
4. **Verify installation**:
```bash
python -c "from cyber_sentinel.server import app; print('โ
Installation successful!')"
```
### API Key Setup
#### VirusTotal (Highly Recommended)
- **Free Tier**: 1,000 requests/day
- **Capabilities**: IP, domain, hash, and URL analysis
1. Visit [VirusTotal](https://www.virustotal.com/gui/join-us)
2. Create a free account
3. Get your API key from the API section
4. Add to `.env`: `VIRUSTOTAL_API_KEY=your_key_here`
#### AbuseIPDB (Highly Recommended)
- **Free Tier**: 1,000 requests/day
- **Capabilities**: IP address reputation and abuse reporting
1. Visit [AbuseIPDB](https://www.abuseipdb.com/register)
2. Create a free account
3. Get your API key from the account settings
4. Add to `.env`: `ABUSEIPDB_API_KEY=your_key_here`
#### Shodan (Optional)
- **Free Tier**: 100 results/month
- **Capabilities**: Internet-connected device intelligence
1. Visit [Shodan](https://account.shodan.io/)
2. Create an account and get your API key
3. Add to `.env`: `SHODAN_API_KEY=your_key_here`
#### URLhaus (No API Key Required)
- **Free**: Works without API key for basic usage
- **Capabilities**: Malware URL and payload tracking
## ๐ง MCP Client Configuration
### Claude Desktop
Add to your `claude_desktop_config.json`:
```json
{
"mcpServers": {
"cyber-sentinel": {
"command": "python",
"args": ["-m", "cyber_sentinel.server"],
"cwd": "/path/to/cyber-sentinel",
"env": {
"VIRUSTOTAL_API_KEY": "your_virustotal_key",
"ABUSEIPDB_API_KEY": "your_abuseipdb_key",
"SHODAN_API_KEY": "your_shodan_key"
}
}
}
}
```
### Cursor/VS Code
Add to your MCP configuration:
```json
{
"mcp.servers": {
"cyber-sentinel": {
"command": ["python", "-m", "cyber_sentinel.server"],
"cwd": "/path/to/cyber-sentinel",
"env": {
"VIRUSTOTAL_API_KEY": "your_virustotal_key",
"ABUSEIPDB_API_KEY": "your_abuseipdb_key"
}
}
}
}
```
## ๐ Usage Examples
Once configured in your MCP client, you can use natural language to analyze security indicators:
### ๐ Threat Intelligence Analysis
```
Analyze the IP address 8.8.8.8 for any malicious activity
Check if 1.1.1.1 is safe to use
Is google.com safe?
Check the security status of example.com
Analyze this MD5 hash: d41d8cd98f00b204e9800998ecf8427e
Is this URL safe: https://example.com/suspicious-path
Show me the status of all threat intelligence sources
```
### ๐ก๏ธ Code Security Analysis
```
Analyze this Python code for security vulnerabilities:
[paste your code here]
Check this JavaScript function for XSS vulnerabilities:
[paste your code here]
Scan this SQL query for injection risks:
[paste your code here]
```
### ๐ฆ Dependency Security Scanning
```
Scan these project dependencies for vulnerabilities:
package.json: [paste content]
requirements.txt: [paste content]
Check my Python project for outdated packages:
[provide requirements.txt content]
```
### ๐ณ Infrastructure Security
```
Analyze this Dockerfile for security issues:
[paste Dockerfile content]
Check this Kubernetes deployment for security misconfigurations:
[paste K8s YAML content]
```
### ๐ Security Reporting
```
Generate a comprehensive security report for my project
Create a security dashboard with current threat landscape
Export security findings to HTML report
```
## ๐ ๏ธ Available MCP Tools
### ๐ Threat Intelligence Tools
#### `analyze_indicator`
Analyzes security indicators across multiple threat intelligence sources.
**Supported Indicators:**
- **IP Addresses**: IPv4 addresses (e.g., `8.8.8.8`)
- **Domain Names**: Any domain (e.g., `google.com`)
- **File Hashes**: MD5, SHA1, SHA256 hashes
- **URLs**: Complete URLs (e.g., `https://example.com`)
**Returns:**
- Overall reputation (clean/malicious/unknown)
- Confidence score (0-100%)
- Results from individual threat intelligence sources
- Geographic and ISP information (for IPs)
- Detailed analysis data
#### `check_api_status`
Checks the configuration and status of all threat intelligence sources.
**Returns:**
- API key validation status
- Available capabilities per source
- Rate limiting configuration
- Overall system health
### ๐ก๏ธ Security Analysis Tools
#### `analyze_code_security`
Performs comprehensive security analysis of source code.
**Parameters:**
- `code_content`: Source code to analyze
- `language`: Programming language (auto-detected if not specified)
- `locale`: Output language (zh/en)
**Returns:**
- Security vulnerabilities and their severity
- Hardcoded secrets and credentials
- Network indicators found in code
- Secure coding recommendations
- Risk score and remediation guidance
#### `scan_project_dependencies`
Scans project dependencies for security vulnerabilities.
**Parameters:**
- `project_files`: Dictionary of dependency files (package.json, requirements.txt, etc.)
**Returns:**
- Known malicious packages
- Outdated dependencies with vulnerabilities
- Security recommendations
- Risk assessment and scoring
#### `analyze_docker_security`
Analyzes Docker configurations for security best practices.
**Parameters:**
- `dockerfile_content`: Dockerfile content to analyze
**Returns:**
- Security misconfigurations
- Best practice violations
- Hardening recommendations
- Risk assessment
#### `scan_kubernetes_config`
Scans Kubernetes manifests for security issues.
**Parameters:**
- `k8s_manifests`: Dictionary of Kubernetes YAML files
**Returns:**
- Security policy violations
- Privilege escalation risks
- Network security issues
- Compliance recommendations
#### `generate_security_report`
Generates comprehensive security reports with visualizations.
**Parameters:**
- `analysis_results`: Combined results from security analyses
- `report_format`: Output format (json/html/markdown)
**Returns:**
- Formatted security report
- Executive summary
- Detailed findings
- Remediation roadmap
## ๐ Example Response
```json
{
"indicator": "8.8.8.8",
"type": "ip",
"overall_reputation": "clean",
"confidence": 100.0,
"sources_checked": 4,
"sources_responded": 3,
"malicious_sources": 0,
"clean_sources": 3,
"countries": ["US"],
"isps": ["Google LLC"],
"detailed_results": [
{
"source": "VirusTotal",
"reputation": "clean",
"malicious_count": 0,
"total_engines": 89
}
],
"errors": [],
"timestamp": "2024-01-15T10:30:00Z"
}
```
## โก Performance & Reliability
### ๐ High Performance
- **Async Architecture**: High-performance concurrent processing across all analysis tools
- **Smart Caching**: 1-hour TTL reduces API calls and improves response times
- **Parallel Processing**: Simultaneous analysis across multiple threat intelligence sources
- **Optimized Algorithms**: Efficient pattern matching and vulnerability detection
### ๐ก๏ธ Reliability & Resilience
- **Rate Limiting**: Configurable limits (default: 60 requests/minute) with intelligent throttling
- **Timeout Handling**: 30-second request timeouts prevent hanging operations
- **Error Recovery**: Graceful handling of API failures and network issues
- **Fallback Mechanisms**: Continues analysis even when some sources are unavailable
- **Retry Logic**: Automatic retry with exponential backoff for transient failures
## ๐ Security & Privacy
### ๐ก๏ธ Data Protection
- **Zero Data Storage**: No indicators, code, or analysis results are permanently stored
- **Memory-Only Processing**: All analysis happens in memory with automatic cleanup
- **API Key Security**: Keys managed securely through environment variables and encrypted storage
- **Source Isolation**: Each threat intelligence source operates independently with isolated credentials
### ๐ Privacy Safeguards
- **Local Processing**: Code analysis happens locally without external transmission
- **Error Isolation**: Sensitive information is never exposed in error messages or logs
- **Audit Trail**: Optional security event logging for compliance requirements
- **Data Minimization**: Only necessary data is processed and immediately discarded
## ๐งช Testing
Run the test suite to verify functionality:
```bash
# Run unit tests
python -m pytest tests/ -v
# Test with your API keys
python -c "
from cyber_sentinel.server import check_api_status
import asyncio
print(asyncio.run(check_api_status()))
"
```
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ค Contributing
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Make your changes and add tests
4. Commit your changes (`git commit -m 'Add amazing feature'`)
5. Push to the branch (`git push origin feature/amazing-feature`)
6. Open a Pull Request
## ๐ Support
- **Issues**: [GitHub Issues](https://github.com/jx888-max/cyber-sentinel-mcp/issues)
- **Documentation**: See [llms-install.md](llms-install.md) for detailed setup
- **MCP Protocol**: [Model Context Protocol Documentation](https://modelcontextprotocol.io/)
## ๐ Acknowledgments
- [Anthropic](https://www.anthropic.com/) for the MCP protocol and Claude AI
- [VirusTotal](https://www.virustotal.com/) for comprehensive malware analysis
- [AbuseIPDB](https://www.abuseipdb.com/) for IP reputation intelligence
- [URLhaus](https://urlhaus.abuse.ch/) for malware URL tracking
- [Shodan](https://www.shodan.io/) for internet device intelligence
- [ThreatFox](https://threatfox.abuse.ch/) for IOC sharing platform
- [MalwareBazaar](https://bazaar.abuse.ch/) for malware sample intelligence
- [OWASP](https://owasp.org/) for security best practices and vulnerability patterns
- Open source security community for continuous threat intelligence sharing
---
**๐ก๏ธ Threat Intelligence, Simplified.**
Raw data
{
"_id": null,
"home_page": null,
"name": "cyber-sentinel-mcp",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "mcp, threat-intelligence, cybersecurity, osint",
"author": null,
"author_email": "Zeng Junxiang <jx888jx888@gmail.com>",
"download_url": null,
"platform": null,
"description": "# \ud83d\udee1\ufe0f Cyber Sentinel MCP Server\r\n\r\nA comprehensive threat intelligence aggregation MCP (Model Context Protocol) server that provides unified access to multiple threat intelligence sources for security analysis.\r\n\r\n## \ud83c\udfaf Overview\r\n\r\nCyber Sentinel eliminates the tedious manual process of querying multiple threat intelligence sources by providing a single, unified interface. Security analysts can now analyze indicators (IPs, domains, hashes, URLs) across multiple sources with a single command, getting aggregated results with confidence scoring.\r\n\r\n## \u2728 Features\r\n\r\n### \ud83d\udd0d Threat Intelligence\r\n- **Multi-Source Intelligence**: Aggregates data from VirusTotal v3, AbuseIPDB, URLhaus, Shodan, ThreatFox, and MalwareBazaar\r\n- **Smart Indicator Detection**: Automatically detects IP addresses, domains, file hashes, and URLs\r\n- **Intelligent Aggregation**: Combines results from multiple sources with confidence scoring\r\n- **Async Performance**: High-performance concurrent processing\r\n- **Smart Caching**: Reduces API calls and improves response times (1-hour TTL)\r\n- **Rate Limiting**: Respects API limits across all sources (60 req/min default)\r\n- **Error Recovery**: Graceful handling of API failures and timeouts\r\n\r\n### \ud83d\udee1\ufe0f Code Security Analysis\r\n- **Multi-Language Support**: Analyzes Python, JavaScript, Java, C#, PHP, Go, Rust, C++, and SQL code\r\n- **Vulnerability Detection**: Identifies hardcoded secrets, SQL injection, XSS, path traversal, and more\r\n- **Network Indicator Analysis**: Extracts and analyzes IPs, domains, and URLs found in code\r\n- **Secure Alternatives**: Provides secure coding recommendations and alternatives\r\n- **Risk Scoring**: Calculates comprehensive security risk scores\r\n\r\n### \ud83d\udce6 Dependency Security\r\n- **Multi-Platform Support**: Scans NPM, Python, Maven, Cargo, Go, and Composer dependencies\r\n- **Vulnerability Detection**: Identifies known malicious packages and outdated dependencies\r\n- **Security Recommendations**: Provides actionable security improvement suggestions\r\n- **Risk Assessment**: Comprehensive dependency risk scoring\r\n\r\n### \ud83d\udc33 Infrastructure Security\r\n- **Docker Security**: Analyzes Dockerfile configurations for security best practices\r\n- **Kubernetes Security**: Scans K8s manifests for security misconfigurations\r\n- **CI/CD Integration**: Provides security analysis for DevOps pipelines\r\n\r\n### \ud83d\udcca Reporting & Visualization\r\n- **Rich Reports**: Generates comprehensive security analysis reports\r\n- **Visual Dashboards**: Creates security metrics and trend visualizations\r\n- **Export Options**: Supports multiple output formats (JSON, HTML, PDF)\r\n- **MCP Protocol**: Full compatibility with MCP-enabled AI assistants\r\n\r\n## \ud83d\ude80 Quick Start\r\n\r\n### Prerequisites\r\n\r\n- Python 3.8 or higher\r\n- MCP-compatible client (Claude Desktop, Cursor, etc.)\r\n\r\n### Installation\r\n\r\n1. **Clone the repository**:\r\n```bash\r\ngit clone https://github.com/jx888-max/cyber-sentinel-mcp.git\r\ncd cyber-sentinel-mcp\r\n```\r\n\r\n2. **Install dependencies**:\r\n```bash\r\npip install -e .\r\n```\r\n\r\n3. **\u914d\u7f6eAPI\u5bc6\u94a5**:\r\n```bash\r\n# \u8fd0\u884c\u8bbe\u7f6e\u5411\u5bfc\r\npython -m cyber_sentinel.setup_wizard\r\n\r\n# \u6216\u8005\u76f4\u63a5\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\r\nexport VIRUSTOTAL_API_KEY=your_virustotal_api_key_here\r\nexport ABUSEIPDB_API_KEY=your_abuseipdb_api_key_here\r\n```\r\n\r\n4. **Verify installation**:\r\n```bash\r\npython -c \"from cyber_sentinel.server import app; print('\u2705 Installation successful!')\"\r\n```\r\n\r\n### API Key Setup\r\n\r\n#### VirusTotal (Highly Recommended)\r\n- **Free Tier**: 1,000 requests/day\r\n- **Capabilities**: IP, domain, hash, and URL analysis\r\n1. Visit [VirusTotal](https://www.virustotal.com/gui/join-us)\r\n2. Create a free account\r\n3. Get your API key from the API section\r\n4. Add to `.env`: `VIRUSTOTAL_API_KEY=your_key_here`\r\n\r\n#### AbuseIPDB (Highly Recommended)\r\n- **Free Tier**: 1,000 requests/day\r\n- **Capabilities**: IP address reputation and abuse reporting\r\n1. Visit [AbuseIPDB](https://www.abuseipdb.com/register)\r\n2. Create a free account\r\n3. Get your API key from the account settings\r\n4. Add to `.env`: `ABUSEIPDB_API_KEY=your_key_here`\r\n\r\n#### Shodan (Optional)\r\n- **Free Tier**: 100 results/month\r\n- **Capabilities**: Internet-connected device intelligence\r\n1. Visit [Shodan](https://account.shodan.io/)\r\n2. Create an account and get your API key\r\n3. Add to `.env`: `SHODAN_API_KEY=your_key_here`\r\n\r\n#### URLhaus (No API Key Required)\r\n- **Free**: Works without API key for basic usage\r\n- **Capabilities**: Malware URL and payload tracking\r\n\r\n## \ud83d\udd27 MCP Client Configuration\r\n\r\n### Claude Desktop\r\nAdd to your `claude_desktop_config.json`:\r\n```json\r\n{\r\n \"mcpServers\": {\r\n \"cyber-sentinel\": {\r\n \"command\": \"python\",\r\n \"args\": [\"-m\", \"cyber_sentinel.server\"],\r\n \"cwd\": \"/path/to/cyber-sentinel\",\r\n \"env\": {\r\n \"VIRUSTOTAL_API_KEY\": \"your_virustotal_key\",\r\n \"ABUSEIPDB_API_KEY\": \"your_abuseipdb_key\",\r\n \"SHODAN_API_KEY\": \"your_shodan_key\"\r\n }\r\n }\r\n }\r\n}\r\n```\r\n\r\n### Cursor/VS Code\r\nAdd to your MCP configuration:\r\n```json\r\n{\r\n \"mcp.servers\": {\r\n \"cyber-sentinel\": {\r\n \"command\": [\"python\", \"-m\", \"cyber_sentinel.server\"],\r\n \"cwd\": \"/path/to/cyber-sentinel\",\r\n \"env\": {\r\n \"VIRUSTOTAL_API_KEY\": \"your_virustotal_key\",\r\n \"ABUSEIPDB_API_KEY\": \"your_abuseipdb_key\"\r\n }\r\n }\r\n }\r\n}\r\n```\r\n\r\n## \ud83d\udcd6 Usage Examples\r\n\r\nOnce configured in your MCP client, you can use natural language to analyze security indicators:\r\n\r\n### \ud83d\udd0d Threat Intelligence Analysis\r\n```\r\nAnalyze the IP address 8.8.8.8 for any malicious activity\r\nCheck if 1.1.1.1 is safe to use\r\nIs google.com safe?\r\nCheck the security status of example.com\r\nAnalyze this MD5 hash: d41d8cd98f00b204e9800998ecf8427e\r\nIs this URL safe: https://example.com/suspicious-path\r\nShow me the status of all threat intelligence sources\r\n```\r\n\r\n### \ud83d\udee1\ufe0f Code Security Analysis\r\n```\r\nAnalyze this Python code for security vulnerabilities:\r\n[paste your code here]\r\n\r\nCheck this JavaScript function for XSS vulnerabilities:\r\n[paste your code here]\r\n\r\nScan this SQL query for injection risks:\r\n[paste your code here]\r\n```\r\n\r\n### \ud83d\udce6 Dependency Security Scanning\r\n```\r\nScan these project dependencies for vulnerabilities:\r\npackage.json: [paste content]\r\nrequirements.txt: [paste content]\r\n\r\nCheck my Python project for outdated packages:\r\n[provide requirements.txt content]\r\n```\r\n\r\n### \ud83d\udc33 Infrastructure Security\r\n```\r\nAnalyze this Dockerfile for security issues:\r\n[paste Dockerfile content]\r\n\r\nCheck this Kubernetes deployment for security misconfigurations:\r\n[paste K8s YAML content]\r\n```\r\n\r\n### \ud83d\udcca Security Reporting\r\n```\r\nGenerate a comprehensive security report for my project\r\nCreate a security dashboard with current threat landscape\r\nExport security findings to HTML report\r\n```\r\n\r\n## \ud83d\udee0\ufe0f Available MCP Tools\r\n\r\n### \ud83d\udd0d Threat Intelligence Tools\r\n\r\n#### `analyze_indicator`\r\nAnalyzes security indicators across multiple threat intelligence sources.\r\n\r\n**Supported Indicators:**\r\n- **IP Addresses**: IPv4 addresses (e.g., `8.8.8.8`)\r\n- **Domain Names**: Any domain (e.g., `google.com`)\r\n- **File Hashes**: MD5, SHA1, SHA256 hashes\r\n- **URLs**: Complete URLs (e.g., `https://example.com`)\r\n\r\n**Returns:**\r\n- Overall reputation (clean/malicious/unknown)\r\n- Confidence score (0-100%)\r\n- Results from individual threat intelligence sources\r\n- Geographic and ISP information (for IPs)\r\n- Detailed analysis data\r\n\r\n#### `check_api_status`\r\nChecks the configuration and status of all threat intelligence sources.\r\n\r\n**Returns:**\r\n- API key validation status\r\n- Available capabilities per source\r\n- Rate limiting configuration\r\n- Overall system health\r\n\r\n### \ud83d\udee1\ufe0f Security Analysis Tools\r\n\r\n#### `analyze_code_security`\r\nPerforms comprehensive security analysis of source code.\r\n\r\n**Parameters:**\r\n- `code_content`: Source code to analyze\r\n- `language`: Programming language (auto-detected if not specified)\r\n- `locale`: Output language (zh/en)\r\n\r\n**Returns:**\r\n- Security vulnerabilities and their severity\r\n- Hardcoded secrets and credentials\r\n- Network indicators found in code\r\n- Secure coding recommendations\r\n- Risk score and remediation guidance\r\n\r\n#### `scan_project_dependencies`\r\nScans project dependencies for security vulnerabilities.\r\n\r\n**Parameters:**\r\n- `project_files`: Dictionary of dependency files (package.json, requirements.txt, etc.)\r\n\r\n**Returns:**\r\n- Known malicious packages\r\n- Outdated dependencies with vulnerabilities\r\n- Security recommendations\r\n- Risk assessment and scoring\r\n\r\n#### `analyze_docker_security`\r\nAnalyzes Docker configurations for security best practices.\r\n\r\n**Parameters:**\r\n- `dockerfile_content`: Dockerfile content to analyze\r\n\r\n**Returns:**\r\n- Security misconfigurations\r\n- Best practice violations\r\n- Hardening recommendations\r\n- Risk assessment\r\n\r\n#### `scan_kubernetes_config`\r\nScans Kubernetes manifests for security issues.\r\n\r\n**Parameters:**\r\n- `k8s_manifests`: Dictionary of Kubernetes YAML files\r\n\r\n**Returns:**\r\n- Security policy violations\r\n- Privilege escalation risks\r\n- Network security issues\r\n- Compliance recommendations\r\n\r\n#### `generate_security_report`\r\nGenerates comprehensive security reports with visualizations.\r\n\r\n**Parameters:**\r\n- `analysis_results`: Combined results from security analyses\r\n- `report_format`: Output format (json/html/markdown)\r\n\r\n**Returns:**\r\n- Formatted security report\r\n- Executive summary\r\n- Detailed findings\r\n- Remediation roadmap\r\n\r\n## \ud83d\udcca Example Response\r\n\r\n```json\r\n{\r\n \"indicator\": \"8.8.8.8\",\r\n \"type\": \"ip\",\r\n \"overall_reputation\": \"clean\",\r\n \"confidence\": 100.0,\r\n \"sources_checked\": 4,\r\n \"sources_responded\": 3,\r\n \"malicious_sources\": 0,\r\n \"clean_sources\": 3,\r\n \"countries\": [\"US\"],\r\n \"isps\": [\"Google LLC\"],\r\n \"detailed_results\": [\r\n {\r\n \"source\": \"VirusTotal\",\r\n \"reputation\": \"clean\",\r\n \"malicious_count\": 0,\r\n \"total_engines\": 89\r\n }\r\n ],\r\n \"errors\": [],\r\n \"timestamp\": \"2024-01-15T10:30:00Z\"\r\n}\r\n```\r\n\r\n## \u26a1 Performance & Reliability\r\n\r\n### \ud83d\ude80 High Performance\r\n- **Async Architecture**: High-performance concurrent processing across all analysis tools\r\n- **Smart Caching**: 1-hour TTL reduces API calls and improves response times\r\n- **Parallel Processing**: Simultaneous analysis across multiple threat intelligence sources\r\n- **Optimized Algorithms**: Efficient pattern matching and vulnerability detection\r\n\r\n### \ud83d\udee1\ufe0f Reliability & Resilience\r\n- **Rate Limiting**: Configurable limits (default: 60 requests/minute) with intelligent throttling\r\n- **Timeout Handling**: 30-second request timeouts prevent hanging operations\r\n- **Error Recovery**: Graceful handling of API failures and network issues\r\n- **Fallback Mechanisms**: Continues analysis even when some sources are unavailable\r\n- **Retry Logic**: Automatic retry with exponential backoff for transient failures\r\n\r\n## \ud83d\udd12 Security & Privacy\r\n\r\n### \ud83d\udee1\ufe0f Data Protection\r\n- **Zero Data Storage**: No indicators, code, or analysis results are permanently stored\r\n- **Memory-Only Processing**: All analysis happens in memory with automatic cleanup\r\n- **API Key Security**: Keys managed securely through environment variables and encrypted storage\r\n- **Source Isolation**: Each threat intelligence source operates independently with isolated credentials\r\n\r\n### \ud83d\udd10 Privacy Safeguards\r\n- **Local Processing**: Code analysis happens locally without external transmission\r\n- **Error Isolation**: Sensitive information is never exposed in error messages or logs\r\n- **Audit Trail**: Optional security event logging for compliance requirements\r\n- **Data Minimization**: Only necessary data is processed and immediately discarded\r\n\r\n## \ud83e\uddea Testing\r\n\r\nRun the test suite to verify functionality:\r\n\r\n```bash\r\n# Run unit tests\r\npython -m pytest tests/ -v\r\n\r\n# Test with your API keys\r\npython -c \"\r\nfrom cyber_sentinel.server import check_api_status\r\nimport asyncio\r\nprint(asyncio.run(check_api_status()))\r\n\"\r\n```\r\n\r\n## \ud83d\udcc4 License\r\n\r\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\r\n\r\n## \ud83e\udd1d Contributing\r\n\r\n1. Fork the repository\r\n2. Create a feature branch (`git checkout -b feature/amazing-feature`)\r\n3. Make your changes and add tests\r\n4. Commit your changes (`git commit -m 'Add amazing feature'`)\r\n5. Push to the branch (`git push origin feature/amazing-feature`)\r\n6. Open a Pull Request\r\n\r\n## \ud83c\udd98 Support\r\n\r\n- **Issues**: [GitHub Issues](https://github.com/jx888-max/cyber-sentinel-mcp/issues)\r\n- **Documentation**: See [llms-install.md](llms-install.md) for detailed setup\r\n- **MCP Protocol**: [Model Context Protocol Documentation](https://modelcontextprotocol.io/)\r\n\r\n## \ud83d\ude4f Acknowledgments\r\n\r\n- [Anthropic](https://www.anthropic.com/) for the MCP protocol and Claude AI\r\n- [VirusTotal](https://www.virustotal.com/) for comprehensive malware analysis\r\n- [AbuseIPDB](https://www.abuseipdb.com/) for IP reputation intelligence\r\n- [URLhaus](https://urlhaus.abuse.ch/) for malware URL tracking\r\n- [Shodan](https://www.shodan.io/) for internet device intelligence\r\n- [ThreatFox](https://threatfox.abuse.ch/) for IOC sharing platform\r\n- [MalwareBazaar](https://bazaar.abuse.ch/) for malware sample intelligence\r\n- [OWASP](https://owasp.org/) for security best practices and vulnerability patterns\r\n- Open source security community for continuous threat intelligence sharing\r\n\r\n---\r\n\r\n**\ud83d\udee1\ufe0f Threat Intelligence, Simplified.**\r\n",
"bugtrack_url": null,
"license": null,
"summary": "A comprehensive threat intelligence aggregation MCP server",
"version": "0.1.0",
"project_urls": {
"Homepage": "https://github.com/jx888-max/cyber-sentinel-mcp",
"Issues": "https://github.com/jx888-max/cyber-sentinel-mcp/issues",
"Repository": "https://github.com/jx888-max/cyber-sentinel-mcp"
},
"split_keywords": [
"mcp",
" threat-intelligence",
" cybersecurity",
" osint"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "f96953835c999f3e6520061275955c428930e3ea8dbfcf7a99473f5662fe3d34",
"md5": "035ed4340481e034e6231e355c9c3ef9",
"sha256": "62b46df271af4bb9734083000df915b81b6daafeb63b1293d801ba54946d490f"
},
"downloads": -1,
"filename": "cyber_sentinel_mcp-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "035ed4340481e034e6231e355c9c3ef9",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 36165,
"upload_time": "2025-07-19T13:36:52",
"upload_time_iso_8601": "2025-07-19T13:36:52.920947Z",
"url": "https://files.pythonhosted.org/packages/f9/69/53835c999f3e6520061275955c428930e3ea8dbfcf7a99473f5662fe3d34/cyber_sentinel_mcp-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-19 13:36:52",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "jx888-max",
"github_project": "cyber-sentinel-mcp",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "mcp",
"specs": [
[
">=",
"1.0.0"
]
]
},
{
"name": "httpx",
"specs": [
[
">=",
"0.25.0"
]
]
},
{
"name": "pydantic",
"specs": [
[
">=",
"2.0.0"
]
]
},
{
"name": "pydantic-settings",
"specs": [
[
">=",
"2.0.0"
]
]
},
{
"name": "asyncio-throttle",
"specs": [
[
">=",
"1.0.0"
]
]
},
{
"name": "pyyaml",
"specs": [
[
">=",
"6.0.0"
]
]
},
{
"name": "rich",
"specs": [
[
">=",
"13.0.0"
]
]
}
],
"lcname": "cyber-sentinel-mcp"
}
JSON
