npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

intelthreadlinqs-mcp

v1.0.0

Published

MCP server for Threadlinqs Intelligence Platform - Access threat intelligence, detections, and IOCs

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

threadlinqsthreadlinqs

Keywords

mcpmodel-context-protocolthreat-intelligencesecuritydetectionssplunksigmakqliocmitre-attackc2

Readme

IntelThreadlinqs MCP Server

Model Context Protocol server for Threadlinqs Intelligence Platform

Access threat intelligence, detections (SPL/KQL/Sigma), IOCs, and MITRE ATT&CK mappings directly from your AI assistant.

Features

Resources

  • threadlinqs://threats - All threats in the platform
  • threadlinqs://detections - All detection rules
  • threadlinqs://iocs - All indicators of compromise
  • threadlinqs://stats - Platform statistics

Tools

| Tool | Description | |------|-------------| | search_threats | Search by keyword, CVE, or MITRE technique | | get_threat | Get detailed threat information by ID | | get_detections | Get detections filtered by type/threat/technique | | search_iocs | Search indicators of compromise | | get_mitre_coverage | View MITRE ATT&CK coverage | | get_recent_threats | Get recently added threats | | export_detection | Export detection in SPL/KQL/Sigma/JSON format |

Installation

npm install intelthreadlinqs-mcp

Or clone and build:

git clone https://github.com/threadlinqs-cmd/threadlinqs-Intelligence.git
cd threadlinqs-Intelligence/mcp-server
npm install
npm run build

Configuration

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "intelthreadlinqs": {
      "command": "npx",
      "args": ["intelthreadlinqs-mcp"],
      "env": {
        "THREADLINQS_DATA_DIR": "/path/to/threadlinqs-Intelligence"
      }
    }
  }
}

OpenClaw / mcporter

# Add to mcporter config
mcporter config add intelthreadlinqs --command "npx intelthreadlinqs-mcp" --env THREADLINQS_DATA_DIR=/path/to/data

# Or run ad-hoc
mcporter call --stdio "npx intelthreadlinqs-mcp" search_threats query="ransomware"

Cursor / VS Code

Add to .cursor/mcp.json or .vscode/mcp.json:

{
  "servers": {
    "intelthreadlinqs": {
      "command": "npx",
      "args": ["intelthreadlinqs-mcp"],
      "env": {
        "THREADLINQS_DATA_DIR": "${workspaceFolder}"
      }
    }
  }
}

Usage Examples

Search for Threats

Use the search_threats tool to find threats related to "ransomware"

Get Detection Rules

Get all Sigma rules for threat TL-2026-0073

Export Detection

Export detection TL-2026-0073-DET-001 in Sigma format

Check MITRE Coverage

Show me the MITRE ATT&CK coverage for execution techniques

Recent Threats

What threats were added in the last 3 days?

Environment Variables

| Variable | Description | Default | |----------|-------------|---------| | THREADLINQS_DATA_DIR | Path to threats.json directory | Current directory parent |

Development

# Install dependencies
npm install

# Run in development mode
npm run dev

# Build for production
npm run build

# Run production build
npm start

API Reference

search_threats

Search threats by keyword, CVE ID, or MITRE technique.

Parameters:

  • query (required): Search string
  • severity: Filter by level (critical/high/medium/low)
  • limit: Max results (default: 10)

get_threat

Get full details for a specific threat.

Parameters:

  • threat_id (required): Threat ID (e.g., TL-2026-0001)

get_detections

Retrieve detections with optional filters.

Parameters:

  • threat_id: Filter by threat
  • type: Detection type (spl/kql/sigma/all)
  • mitre_technique: Filter by technique ID (e.g., T1059)

search_iocs

Search for indicators of compromise.

Parameters:

  • query (required): IOC value to search
  • type: IOC type filter (ip/domain/hash/url/all)

get_mitre_coverage

View MITRE ATT&CK technique coverage.

Parameters:

  • tactic: Filter by tactic name

get_recent_threats

Get recently added threats.

Parameters:

  • days: Lookback period (default: 7)
  • limit: Max results (default: 10)

export_detection

Export a detection in a specific format.

Parameters:

  • detection_id (required): Detection ID
  • format (required): Output format (spl/kql/sigma/json)

License

MIT

Built with 🦞 by ThreatClawer