GnistAI GnistAI
Log in

Cyber Intelligence

Investigate domains, search CVE vulnerabilities, and monitor internet outages from one toolkit. WHOIS lookups, DNS resolution, NVD vulnerability data, and real-time outage detection.

Overview   |   MCP   |   REST API   |   OpenAPI   |   CLI   |   Tutorial   |   Toolkits   |   Home
status: healthy status status healthy healthy tools: 6 tools tools 6 6 type: dataset aggregator type type dataset aggregator dataset aggregator lifecycle: maintained lifecycle lifecycle maintained maintained Security

Data source: NIST NVD, RDAP, Cloudflare DoH, IODA (Georgia Tech)

REST Bridge Endpoint https://context.gnist.ai/rest/cyber-intelligence/
Authentication

All requests require a Gnist-API-Key header (or api_key query parameter).

Free tier: 100 calls/day. Get your API key.

Tools (6)

investigate_domain

Investigate a domain by querying WHOIS and DNS records in parallel.

Returns registrar, registration/expiration dates, nameservers, DNSSEC status,
and DNS records (A, AAAA, MX, NS, TXT) for a unified domain intelligence view.

Examples:
investigate_domain(domain="google.com")
investigate_domain(domain="suspicious-site.xyz")

ParameterTypeRequiredDescription
domainstringrequiredDomain name to investigate (e.g. example.com).
Request Body
{
  "domain": "example"
}
search_vulnerabilities

Search the NVD for CVE vulnerabilities matching a keyword.

Returns CVE records with CVSS scores, severity ratings, and affected products
from the NIST National Vulnerability Database.

Examples:
search_vulnerabilities(keyword="log4j")
search_vulnerabilities(keyword="Apache HTTP Server", limit=5)

ParameterTypeRequiredDescription
keywordstringrequiredSearch keyword for CVE vulnerabilities (e.g. 'Apache', 'log4j').
limitintegeroptionalMax results. (default: 10)
Request Body
{
  "keyword": "example"
}
get_outage_overview

Get internet outage alerts from IODA (Internet Outage Detection and Analysis).

Monitors BGP routing, active probing, and traffic data to detect outages
affecting countries and autonomous systems.

Examples:
get_outage_overview()
get_outage_overview(country_code="RU", hours=48)

ParameterTypeRequiredDescription
country_codeanyoptionalISO country code to filter (e.g. 'US', 'NO').
hoursnumberoptionalLookback window in hours. (default: 24)
limitintegeroptionalMax alerts. (default: 20)
Request Body
{
  "query": "example"
}
full_cyber_investigation

Run a full cyber intelligence investigation across all four sources in parallel.

Combines NVD vulnerability search, domain WHOIS/RDAP lookup, DNS record queries,
and IODA internet outage monitoring into a single unified response.

Each source runs concurrently for fast results. Sources that fail return
gracefully with error details while other results are still returned.

Examples:
full_cyber_investigation(query="Apache exposure", domain="apache.org", vulnerability_keyword="Apache")
full_cyber_investigation(query="Russia internet health", country_code="RU")
full_cyber_investigation(query="suspicious domain", domain="sketchy-site.xyz")

ParameterTypeRequiredDescription
querystringrequiredInvestigation label or summary term.
domainanyoptionalDomain to investigate (WHOIS + DNS).
vulnerability_keywordanyoptionalCVE vulnerability search keyword.
country_codeanyoptionalISO country code for outage alerts.
outage_hoursnumberoptionalOutage lookback window in hours. (default: 24)
limitintegeroptionalMax results per source. (default: 10)
Request Body
{
  "query": "example"
}
list_cyber_intelligence_sources

List all cyber intelligence data sources, their coverage, and data types.

Shows which vulnerability databases, domain registries, DNS resolvers,
and outage monitoring systems are queried during investigation.

Examples:
list_cyber_intelligence_sources()

Request Body
{
  "query": "example"
}
report_feedback

Report a bug, feature request, or general feedback for this data source.

Use this when something doesn't work as expected, when you'd like
a new feature, or when you have suggestions for improvement.

Args:
feedback: Describe the issue or suggestion.
feedback_type: One of 'bug', 'feature_request', or 'general'.

ParameterTypeRequiredDescription
feedbackstringrequired
feedback_typestringoptional (default: "general")
Request Body
{
  "feedback": "example"
}

Quick Start

Shell 
curl -X POST "https://context.gnist.ai/rest/cyber-intelligence/investigate_domain" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"domain": "example"}'
Python 
import httpx

resp = httpx.post(
    "https://context.gnist.ai/rest/cyber-intelligence/investigate_domain",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={
  "domain": "example"
},
)
print(resp.json())

Related Toolkits (Security)

IODA (Internet Outage Detection)
Internet outage detection and analysis — real-time alerts, processed events, aggregated summaries, and time-series signa
NVD (National Vulnerability Database)
Search the NIST National Vulnerability Database — CVE records with CVSS scores, CWE weaknesses, advisory references, aff

Resources

Toolkit Overview
Landing page with health status and quick start.
Tool Schemas (JSON)
Full input/output JSON schemas for all tools.
Developer Quickstart
Get from zero to your first API call in under two minutes.
Get an API Key
Free tier: 100 calls/day. No credit card required.