npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@falconfeeds/mcp

v1.0.4

Published

Official MCP server for FalconFeeds.io threat intelligence data

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

nandhu.snandhu.sanishajanardanananishajanardananext.abhishekext.abhishekvaishnav.svaishnav.s

Keywords

mcpmodel-context-protocolfalconfeeds.iothreat-intelligencecybersecuritycvethreat-actor

Readme

FalconFeeds MCP Server

npm version License: MIT TypeScript

MCP server providing cybersecurity threat intelligence tools and resources

DocumentationAPI ReferenceDashboardSupport

Connect real-time cybersecurity threat intelligence to MCP clients through standardized tools and resources. Access comprehensive IOCs, CVEs, TTPs, and threat actor data from FalconFeeds.io with seamless integration across Claude Desktop, VS Code, and other MCP-enabled applications.

Features

  • CVE Intelligence: Search and retrieve Common Vulnerabilities and Exposures data with detailed analysis
  • Threat Feeds: Access real-time threat intelligence feeds from global sources
  • Threat Actors: Get detailed profiles of threat actors and cybercriminal groups
  • Threat Images: Retrieve screenshots and visual evidence from threat feeds
  • IOC Management: Handle Indicators of Compromise with enrichment capabilities
  • MCP Prompts: Pre-built cybersecurity prompts optimized for threat analysis workflows

Installation Options

NPX Installation (Recommended)

Add the server to your MCP client configuration:

{
  "mcpServers": {
    "falconfeeds": {
      "command": "npx",
      "args": [
        "-y",
        "@falconfeeds/mcp@latest"
      ],
      "env": {
        "FALCONFEEDS_API_KEY": "your_api_key_here",
      }
    }
  }
}

Local Development

Clone and build the repository for development or customization:

git clone https://github.com/Technisanct/falconfeeds-mcp.git
cd falconfeeds-mcp

Install dependencies

npm install

Build the project

npm run build

Configure your MCP client:

{
  "mcpServers": {
    "falconfeeds": {
      "command": "node",
      "args": [
        "/path/to/falconfeeds-mcp/dist/index.js"
      ],
      "env": {
        "FALCONFEEDS_API_KEY": "your_api_key_here"
      }
    }
  }
}

Getting Your API Key

  1. Visit FalconFeeds Dashboard
  2. Sign up or log in to your account
  3. Navigate to Settings
  4. Navigate to API Access
  5. Generate your API key
  6. Copy the key to your environment configuration

[!NOTE] Make sure you have a valid plan and sufficient API credits

Client Integration

MCP Tools

CVE Operations

  • get_cve_by_id: Retrieve specific CVE details by identifier
  • search_cves_by_keyword: Find CVEs matching specific terms
  • get_cves_by_date_range: Get CVEs within specified time periods
  • get_next_cve_page: Paginate through large CVE result sets

Threat Feed Operations

  • get_threat_feeds: Retrieve threat feeds based on filters

Threat Actor Operations

  • get_threat_actor_profile: Get comprehensive threat actor profile with associated feeds
  • search_threat_actors: Search and filter threat actor profiles
  • get_threat_actor_by_id: Get detailed threat actor information
  • search_threat_actors_by_name: Find actors by name or alias
  • get_next_threat_actor_page: Paginate actor search results

IOC Operations

  • get_IOCs: Retrieve all detailed IOCs
  • get_IOCsThreatActors: Retrieve threat actors associated with specific IOCs
  • get_IOCsMalwares: Retrieve malware information linked to specific IOCs

Threat Image Operations

  • get_threat_image: Retrieve and display visual evidence from threat feed reports including screenshots, ransom notes, and leaked data samples

Prompt Templates

The server provides cybersecurity-focused prompts designed for threat intelligence workflows:

  1. Threat Intelligence Report: Generate comprehensive threat reports
  2. CVE Impact Assessment: Analyze vulnerability impact and prioritization
  3. Incident Threat Correlation: Correlate security incidents with known threats
  4. Vulnerability Trend Analysis: Identify patterns in vulnerability disclosure
  5. Threat Hunting Playbook: Create systematic threat hunting procedures
  6. Supply Chain Threat Analysis: Analyze third-party and supply chain risks
  7. IOC Enrichment Analysis: Enhance indicators with threat context
  8. Sector Threat Briefing: Generate industry-specific threat briefings
  9. Malware Family Analysis: Deep-dive into malware characteristics
  10. Geopolitical Threat Assessment: Analyze nation-state and political threats

Testing & Development

Testing with MCP Inspector

Test server tools and prompts using the MCP Inspector:

npx @modelcontextprotocol/inspector npx -y @falconfeeds/mcp@latest

Usage Examples

Threat Intelligence Query:

"Search for recent CVEs affecting Apache products with CVSS score above 7.0"

Threat Actor Investigation:

"Get information about APT29 and their recent campaigns targeting government sectors"

IOC Analysis:

"Analyze this IP address for malicious activity: 192.168.1.100"

Troubleshooting

Common Issues

API Key Not Working:

  • Verify your API key is correctly copied from the FalconFeeds dashboard
  • Ensure the key has not expired or been revoked
  • Check that the key is properly set in your environment configuration
  • Ensure you have enough credits

NPX Installation Issues:

  • Ensure you have Node.js 18.0.0 or higher installed
  • Try clearing npm cache: npm cache clean --force
  • Use the -y flag to auto-accept package installations

MCP Client Connection Issues:

  • Restart your MCP client after server configuration changes
  • Verify JSON configuration syntax is valid
  • Check client logs for connection errors
  • Ensure the server process starts correctly

Getting Help

Contributing

We welcome contributions from the cybersecurity and development communities!

Development Guidelines

  • Follow existing code patterns and architecture
  • Update documentation for any tools, prompt changes
  • Ensure TypeScript strict mode compliance

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Built with the Model Context Protocol
  • Powered by FalconFeeds.io threat intelligence platform
  • TypeScript and Node.js ecosystem contributors
  • Cybersecurity community for feedback and feature requests