GnistAI GnistAI
Log in

Getting Started with Cyber Intelligence

Unified cyber intelligence — domain investigation (WHOIS + DNS), CVE vulnerability search (NVD), and internet outage monitoring (IODA). Parallel queries across all four sources.

All Tutorials   |   Overview   |   Playground   |   MCP   |   REST API   |   Home
Security

Data source: NIST NVD, RDAP, Cloudflare DoH, IODA (Georgia Tech)

Overview

Cyber Intelligence searches across 4 data sources (NIST NVD, RDAP, Cloudflare DoH, IODA (Georgia Tech)) in a single query. It deduplicates and normalizes results, saving you from building 4 separate integrations. This tutorial walks through all 6 tools with working code examples.

Prerequisites

  1. Sign up at https://context.gnist.ai/signup for a free API key (100 calls/day).
  2. Choose your integration method: MCP protocol or REST API.

Connect via MCP

Add to your MCP client config (Claude Desktop, Cursor, etc.):

MCP Config 
{
  "mcpServers": {
    "gnist-cyber-intelligence": {
      "url": "https://context.gnist.ai/mcp/cyber-intelligence/",
      "headers": {
        "Gnist-API-Key": "YOUR_API_KEY"
      }
    }
  }
}

Tools (6)

investigate_domain

Investigate a domain by querying WHOIS and DNS records in parallel. Returns registrar, registration/expiration dates, nameservers, DNSSEC status, and DNS records (A, AAAA, MX, NS, TXT) for a unified domain intelligence view. Examples: investigate_domain(domain="google.com") investigate_domain(domain="suspicious-site.xyz")

ParameterTypeRequiredDescription
domainstringrequiredDomain name to investigate (e.g. example.com).
curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "investigate_domain", "arguments": {"domain": "example.com"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/cyber-intelligence/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'domain': 'example.com'},
            'name': 'investigate_domain'}},
)
print(resp.json())

search_vulnerabilities

Search the NVD for CVE vulnerabilities matching a keyword. Returns CVE records with CVSS scores, severity ratings, and affected products from the NIST National Vulnerability Database. Examples: search_vulnerabilities(keyword="log4j") search_vulnerabilities(keyword="Apache HTTP Server", limit=5)

ParameterTypeRequiredDescription
keywordstringrequiredSearch keyword for CVE vulnerabilities (e.g. 'Apache', 'log4j').
limitintegeroptionalMax results. (default: 10)
curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "search_vulnerabilities", "arguments": {"keyword": "'Apache'"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/cyber-intelligence/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'keyword': "'Apache'"},
            'name': 'search_vulnerabilities'}},
)
print(resp.json())

get_outage_overview

Get internet outage alerts from IODA (Internet Outage Detection and Analysis). Monitors BGP routing, active probing, and traffic data to detect outages affecting countries and autonomous systems. Examples: get_outage_overview() get_outage_overview(country_code="RU", hours=48)

ParameterTypeRequiredDescription
country_codeanyoptionalISO country code to filter (e.g. 'US', 'NO').
hoursnumberoptionalLookback window in hours. (default: 24)
limitintegeroptionalMax alerts. (default: 20)
curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "get_outage_overview", "arguments": {"country_code": "'US'"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/cyber-intelligence/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'country_code': "'US'"},
            'name': 'get_outage_overview'}},
)
print(resp.json())

full_cyber_investigation

Run a full cyber intelligence investigation across all four sources in parallel. Combines NVD vulnerability search, domain WHOIS/RDAP lookup, DNS record queries, and IODA internet outage monitoring into a single unified response. Each source runs concurrently for fast results. Sources that fail return gracefully with error details while other results are still returned. Examples: full_cyber_investigation(query="Apache exposure", domain="apache.org", vulnerability_keyword="Apache") full_cyber_investigation(query="Russia internet health", country_code="RU") full_cyber_investigation(query="suspicious domain", domain="sketchy-site.xyz")

ParameterTypeRequiredDescription
querystringrequiredInvestigation label or summary term.
domainanyoptionalDomain to investigate (WHOIS + DNS).
vulnerability_keywordanyoptionalCVE vulnerability search keyword.
country_codeanyoptionalISO country code for outage alerts.
outage_hoursnumberoptionalOutage lookback window in hours. (default: 24)
limitintegeroptionalMax results per source. (default: 10)
curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "full_cyber_investigation", "arguments": {"query": "renewable energy"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/cyber-intelligence/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'query': 'renewable energy'},
            'name': 'full_cyber_investigation'}},
)
print(resp.json())

list_cyber_intelligence_sources

List all cyber intelligence data sources, their coverage, and data types. Shows which vulnerability databases, domain registries, DNS resolvers, and outage monitoring systems are queried during investigation. Examples: list_cyber_intelligence_sources()

curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "list_cyber_intelligence_sources", "arguments": {}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/cyber-intelligence/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {}, 'name': 'list_cyber_intelligence_sources'}},
)
print(resp.json())

report_feedback

Report a bug, feature request, or general feedback for this data source. Use this when something doesn't work as expected, when you'd like a new feature, or when you have suggestions for improvement. Args: feedback: Describe the issue or suggestion. feedback_type: One of 'bug', 'feature_request', or 'general'.

ParameterTypeRequiredDescription
feedbackstringrequired
feedback_typestringoptional (default: general)
curl -X POST "https://context.gnist.ai/mcp/cyber-intelligence/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "report_feedback", "arguments": {"feedback": "example"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/cyber-intelligence/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'feedback': 'example'}, 'name': 'report_feedback'}},
)
print(resp.json())

Common Patterns

Search then retrieve
Use search_vulnerabilities to find items, then get_outage_overview to get full details. This two-step pattern is common for exploring data before drilling down.
Pagination
Several tools support limit, offset, or page parameters. Start with small limits during development, then increase for production queries.

FAQ

What data does Cyber Intelligence provide?

Unified cyber intelligence — domain investigation (WHOIS + DNS), CVE vulnerability search (NVD), and internet outage monitoring (IODA). Parallel queries across all four sources. It exposes 6 tools: investigate_domain, search_vulnerabilities, get_outage_overview, full_cyber_investigation, list_cyber_intelligence_sources, report_feedback.

What do I need to get started?

A Gnist API key (free tier: 100 calls/day). Sign up at https://context.gnist.ai/signup.

What format does the Cyber Intelligence API return?

JSON, via either MCP protocol (JSON-RPC 2.0) or REST API.

Which data sources does Cyber Intelligence aggregate?

NIST NVD, RDAP, Cloudflare DoH, IODA (Georgia Tech). Results are deduplicated and normalized into a consistent format.

Next Steps

Interactive Playground
Try tools in your browser — no setup required.
Full Reference
Complete docs for all 6 tools.

Related Tutorials

IODA (Internet Outage Detection)
Tutorial
NVD (National Vulnerability Database)
Tutorial