ORKL MCP Security Server

Overview

The ORKL MCP Security Server is a Model Context Protocol implementation that allows AI assistants to interact with ORKL's threat intelligence API. This server provides specialized tools for security professionals to access and analyze threat intelligence data through MCP-compatible applications.

Installation

To install and configure the ORKL MCP Security Server:

1. Clone the repository:

   git clone https://github.com/fr0gger/MCP_Security.git
   

2. Navigate to the project directory:

   cd MCP_Security
   

3. Install the required dependencies using a Python package manager like uv.

4. Configure your MCP-compatible application to use the server. For Claude desktop, edit or create the configuration file at:

   /Users/user/Library/Application Support/Claude/claude_desktop_config.json
   

5. Add the following configuration to the file:

   {
     "mcpServers": {
       "orkl": {
         "command": "uv",
         "args": [
           "--directory",
           "/path/to/MCP_Security/orkl",
           "run",
           "orkl"
         ]
       }
     }
   }
   

   Make sure to replace /path/to/MCP_Security/orkl with the actual path to the orkl directory in your cloned repository.

Available Tools

The ORKL MCP Security Server provides several tools for interacting with threat intelligence data:

Report Tools

Fetch Latest Threat Reports

Retrieves a list of recent threat reports with their titles and IDs. This tool requires no parameters and returns a collection of the most recent threat intelligence reports available in the ORKL platform.

Example usage:

Fetch the latest threat reports from ORKL

Fetch Threat Report Details

Retrieves comprehensive information about a specific threat report using its ID. This tool provides detailed content, including analysis, indicators, and related intelligence.

Parameters:

• report_id (required): The unique identifier of the threat report

Example usage:

Get detailed information about threat report with ID 12345

Threat Actor Tools

Fetch Threat Actors

Retrieves a list of known threat actors with their IDs and names. This tool provides an overview of threat actors tracked in the ORKL platform.

Example usage:

List all threat actors in the ORKL database

Fetch Threat Actor Details

Retrieves detailed information about a specific threat actor using its ID. This tool provides comprehensive intelligence about the actor's tactics, techniques, procedures, and historical activities.

Parameters:

• actor_id (required): The unique identifier of the threat actor

Example usage:

Get detailed information about threat actor with ID 67890

Source Tools

Fetch Sources

Retrieves a list of sources used in threat intelligence reporting. This tool provides information about the various intelligence sources tracked in the ORKL platform.

Example usage:

List all intelligence sources in the ORKL database

Fetch Source Details

Retrieves detailed metadata about a specific intelligence source using its ID. This tool provides information about the source's reliability, focus areas, and other relevant metadata.

Parameters:

• source_id (required): The unique identifier of the intelligence source

Example usage:

Get detailed information about intelligence source with ID 54321

Use Cases

The ORKL MCP Security Server is particularly useful for:

1. Security analysts who need quick access to threat intelligence during investigations
2. Threat intelligence teams who want to leverage AI assistants to analyze and summarize threat data
3. Security operations centers (SOCs) that need to rapidly assess new threats and their potential impact
4. Researchers who want to explore connections between different threat actors and their techniques

Additional Resources

For more information about this MCP server and its capabilities, check out the detailed write-up at: Building a Threat Intelligence GenAI Reporter with ORKL and Claude