{"openapi":"3.0.3","info":{"title":"Gnist Context — Cyber Intelligence","description":"Unified cyber intelligence — domain investigation (WHOIS + DNS), CVE vulnerability search (NVD), and internet outage monitoring (IODA). Parallel queries across all four sources.\n\n- **MCP endpoint:** `https://context.gnist.ai/mcp/cyber-intelligence/`\n- **Toolkit page:** `/toolkits/cyber-intelligence`\n- **Full API spec:** `/api/openapi.json`\n- **Get an API key:** `/signup`","version":"1.0.0","contact":{"name":"GnistAI","url":"https://gnist.ai"}},"servers":[{"url":"https://context.gnist.ai","description":"Production"}],"paths":{"/rest/cyber-intelligence/investigate_domain":{"post":{"tags":["Security"],"summary":"investigate_domain","description":"Investigate a domain by querying WHOIS and DNS records in parallel.\n\nReturns registrar, registration/expiration dates, nameservers, DNSSEC status,\nand DNS records (A, AAAA, MX, NS, TXT) for a unified domain intelligence view.\n\nExamples:\n    investigate_domain(domain=\"google.com\")\n    investigate_domain(domain=\"suspicious-site.xyz\")","operationId":"cyber_intelligence_investigate_domain","responses":{"200":{"description":"Successful tool call","content":{"application/json":{"schema":{"type":"object"}}}},"404":{"description":"Server or tool not found"},"500":{"description":"Tool execution error"}},"security":[{"ApiKeyHeader":[]},{"ApiKeyQuery":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"domain":{"description":"Domain name to investigate (e.g. example.com).","type":"string"}},"required":["domain"],"type":"object"}}}}}},"/rest/cyber-intelligence/search_vulnerabilities":{"post":{"tags":["Security"],"summary":"search_vulnerabilities","description":"Search the NVD for CVE vulnerabilities matching a keyword.\n\nReturns CVE records with CVSS scores, severity ratings, and affected products\nfrom the NIST National Vulnerability Database.\n\nExamples:\n    search_vulnerabilities(keyword=\"log4j\")\n    search_vulnerabilities(keyword=\"Apache HTTP Server\", limit=5)","operationId":"cyber_intelligence_search_vulnerabilities","responses":{"200":{"description":"Successful tool call","content":{"application/json":{"schema":{"type":"object"}}}},"404":{"description":"Server or tool not found"},"500":{"description":"Tool execution error"}},"security":[{"ApiKeyHeader":[]},{"ApiKeyQuery":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"keyword":{"description":"Search keyword for CVE vulnerabilities (e.g. 'Apache', 'log4j').","type":"string"},"limit":{"default":10,"description":"Max results.","type":"integer"}},"required":["keyword"],"type":"object"}}}}}},"/rest/cyber-intelligence/get_outage_overview":{"post":{"tags":["Security"],"summary":"get_outage_overview","description":"Get internet outage alerts from IODA (Internet Outage Detection and Analysis).\n\nMonitors BGP routing, active probing, and traffic data to detect outages\naffecting countries and autonomous systems.\n\nExamples:\n    get_outage_overview()\n    get_outage_overview(country_code=\"RU\", hours=48)","operationId":"cyber_intelligence_get_outage_overview","responses":{"200":{"description":"Successful tool call","content":{"application/json":{"schema":{"type":"object"}}}},"404":{"description":"Server or tool not found"},"500":{"description":"Tool execution error"}},"security":[{"ApiKeyHeader":[]},{"ApiKeyQuery":[]}],"requestBody":{"required":false,"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"country_code":{"anyOf":[{"type":"string"},{"type":"null"}],"default":null,"description":"ISO country code to filter (e.g. 'US', 'NO')."},"hours":{"default":24,"description":"Lookback window in hours.","type":"number"},"limit":{"default":20,"description":"Max alerts.","type":"integer"}},"type":"object"}}}}}},"/rest/cyber-intelligence/full_cyber_investigation":{"post":{"tags":["Security"],"summary":"full_cyber_investigation","description":"Run a full cyber intelligence investigation across all four sources in parallel.\n\nCombines NVD vulnerability search, domain WHOIS/RDAP lookup, DNS record queries,\nand IODA internet outage monitoring into a single unified response.\n\nEach source runs concurrently for fast results. Sources that fail return\ngracefully with error details while other results are still returned.\n\nExamples:\n    full_cyber_investigation(query=\"Apache exposure\", domain=\"apache.org\", vulnerability_keyword=\"Apache\")\n    full_cyber_investigation(query=\"Russia internet health\", country_code=\"RU\")\n    full_cyber_investigation(query=\"suspicious domain\", domain=\"sketchy-site.xyz\")","operationId":"cyber_intelligence_full_cyber_investigation","responses":{"200":{"description":"Successful tool call","content":{"application/json":{"schema":{"type":"object"}}}},"404":{"description":"Server or tool not found"},"500":{"description":"Tool execution error"}},"security":[{"ApiKeyHeader":[]},{"ApiKeyQuery":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"query":{"description":"Investigation label or summary term.","type":"string"},"domain":{"anyOf":[{"type":"string"},{"type":"null"}],"default":null,"description":"Domain to investigate (WHOIS + DNS)."},"vulnerability_keyword":{"anyOf":[{"type":"string"},{"type":"null"}],"default":null,"description":"CVE vulnerability search keyword."},"country_code":{"anyOf":[{"type":"string"},{"type":"null"}],"default":null,"description":"ISO country code for outage alerts."},"outage_hours":{"default":24,"description":"Outage lookback window in hours.","type":"number"},"limit":{"default":10,"description":"Max results per source.","type":"integer"}},"required":["query"],"type":"object"}}}}}},"/rest/cyber-intelligence/list_cyber_intelligence_sources":{"post":{"tags":["Security"],"summary":"list_cyber_intelligence_sources","description":"List all cyber intelligence data sources, their coverage, and data types.\n\nShows which vulnerability databases, domain registries, DNS resolvers,\nand outage monitoring systems are queried during investigation.\n\nExamples:\n    list_cyber_intelligence_sources()","operationId":"cyber_intelligence_list_cyber_intelligence_sources","responses":{"200":{"description":"Successful tool call","content":{"application/json":{"schema":{"type":"object"}}}},"404":{"description":"Server or tool not found"},"500":{"description":"Tool execution error"}},"security":[{"ApiKeyHeader":[]},{"ApiKeyQuery":[]}]}},"/rest/cyber-intelligence/report_feedback":{"post":{"tags":["Security"],"summary":"report_feedback","description":"Report a bug, feature request, or general feedback for this data source.\n\nUse this when something doesn't work as expected, when you'd like\na new feature, or when you have suggestions for improvement.\n\nArgs:\n    feedback: Describe the issue or suggestion.\n    feedback_type: One of 'bug', 'feature_request', or 'general'.","operationId":"cyber_intelligence_report_feedback","responses":{"200":{"description":"Successful tool call","content":{"application/json":{"schema":{"type":"object"}}}},"404":{"description":"Server or tool not found"},"500":{"description":"Tool execution error"}},"security":[{"ApiKeyHeader":[]},{"ApiKeyQuery":[]}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"additionalProperties":false,"properties":{"feedback":{"type":"string"},"feedback_type":{"default":"general","type":"string"}},"required":["feedback"],"type":"object"}}}}}}},"tags":[{"name":"Security","description":"Data sources: Security"}],"components":{"securitySchemes":{"ApiKeyHeader":{"type":"apiKey","in":"header","name":"gnist-api-key","description":"API key passed via request header."},"ApiKeyQuery":{"type":"apiKey","in":"query","name":"gnist_api_key","description":"API key passed via query parameter."}}}}