Data source: NIST NVD, RDAP, Cloudflare DoH, IODA (Georgia Tech)
https://context.gnist.ai/mcp/cyber-intelligence/
AuthenticationAll requests require a Gnist-API-Key header (or api_key query parameter).
Free tier: 100 calls/day. Get your API key.
Tools (6)
investigate_domainsearch_vulnerabilitiesget_outage_overviewfull_cyber_investigationlist_cyber_intelligence_sourcesreport_feedback
investigate_domainInvestigate a domain by querying WHOIS and DNS records in parallel.
Returns registrar, registration/expiration dates, nameservers, DNSSEC status,
and DNS records (A, AAAA, MX, NS, TXT) for a unified domain intelligence view.
Examples:
investigate_domain(domain="google.com")
investigate_domain(domain="suspicious-site.xyz")
| Parameter | Type | Required | Description |
|---|---|---|---|
domain | string | required | Domain name to investigate (e.g. example.com). |
{
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "investigate_domain",
"arguments": {
"domain": "example"
}
}
}search_vulnerabilitiesSearch the NVD for CVE vulnerabilities matching a keyword.
Returns CVE records with CVSS scores, severity ratings, and affected products
from the NIST National Vulnerability Database.
Examples:
search_vulnerabilities(keyword="log4j")
search_vulnerabilities(keyword="Apache HTTP Server", limit=5)
| Parameter | Type | Required | Description |
|---|---|---|---|
keyword | string | required | Search keyword for CVE vulnerabilities (e.g. 'Apache', 'log4j'). |
limit | integer | optional | Max results. (default: 10) |
{
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "search_vulnerabilities",
"arguments": {
"keyword": "example"
}
}
}get_outage_overviewGet internet outage alerts from IODA (Internet Outage Detection and Analysis).
Monitors BGP routing, active probing, and traffic data to detect outages
affecting countries and autonomous systems.
Examples:
get_outage_overview()
get_outage_overview(country_code="RU", hours=48)
| Parameter | Type | Required | Description |
|---|---|---|---|
country_code | any | optional | ISO country code to filter (e.g. 'US', 'NO'). |
hours | number | optional | Lookback window in hours. (default: 24) |
limit | integer | optional | Max alerts. (default: 20) |
{
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "get_outage_overview",
"arguments": {}
}
}full_cyber_investigationRun a full cyber intelligence investigation across all four sources in parallel.
Combines NVD vulnerability search, domain WHOIS/RDAP lookup, DNS record queries,
and IODA internet outage monitoring into a single unified response.
Each source runs concurrently for fast results. Sources that fail return
gracefully with error details while other results are still returned.
Examples:
full_cyber_investigation(query="Apache exposure", domain="apache.org", vulnerability_keyword="Apache")
full_cyber_investigation(query="Russia internet health", country_code="RU")
full_cyber_investigation(query="suspicious domain", domain="sketchy-site.xyz")
| Parameter | Type | Required | Description |
|---|---|---|---|
query | string | required | Investigation label or summary term. |
domain | any | optional | Domain to investigate (WHOIS + DNS). |
vulnerability_keyword | any | optional | CVE vulnerability search keyword. |
country_code | any | optional | ISO country code for outage alerts. |
outage_hours | number | optional | Outage lookback window in hours. (default: 24) |
limit | integer | optional | Max results per source. (default: 10) |
{
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "full_cyber_investigation",
"arguments": {
"query": "example"
}
}
}list_cyber_intelligence_sourcesList all cyber intelligence data sources, their coverage, and data types.
Shows which vulnerability databases, domain registries, DNS resolvers,
and outage monitoring systems are queried during investigation.
Examples:
list_cyber_intelligence_sources()
{
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "list_cyber_intelligence_sources",
"arguments": {}
}
}report_feedbackReport a bug, feature request, or general feedback for this data source.
Use this when something doesn't work as expected, when you'd like
a new feature, or when you have suggestions for improvement.
Args:
feedback: Describe the issue or suggestion.
feedback_type: One of 'bug', 'feature_request', or 'general'.
| Parameter | Type | Required | Description |
|---|---|---|---|
feedback | string | required | |
feedback_type | string | optional | (default: "general") |
{
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "report_feedback",
"arguments": {
"feedback": "example"
}
}
}Quick Start
curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-H "Gnist-API-Key: YOUR_API_KEY" \
-d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "investigate_domain", "arguments": {"domain": "example"}}}'
import httpx
resp = httpx.post(
"https://context.gnist.ai/mcp/cyber-intelligence/",
headers={"Gnist-API-Key": "YOUR_API_KEY", "Content-Type": "application/json"},
json={
"jsonrpc": "2.0",
"method": "tools/call",
"id": 1,
"params": {
"name": "investigate_domain",
"arguments": {
"domain": "example"
}
}
},
)
print(resp.json())