MCP Server Integration¶

TI Mindmap HUB exposes a Model Context Protocol (MCP) server that allows AI assistants to access threat intelligence data programmatically.

Overview¶

The MCP server provides AI clients with access to:

Threat Intelligence Reports — Curated articles from multiple sources with AI-generated analysis
Weekly Briefings — Automated weekly threat landscape summaries
CVE Intelligence — Vulnerability data with real-time enrichment (EPSS, exploit status)
IOC Search — Search for Indicators of Compromise across all reports
STIX 2.1 Bundles — Structured threat intelligence in standard format
MITRE ATT&CK Mapping — TTPs extracted from threat reports

Quick Start¶

Client	Setup Guide
VS Code + GitHub Copilot	VS Code + Copilot Setup
Claude	Claude Setup

Server Endpoint¶

https://mcp.ti-mindmap-hub.com/mcp

Authentication¶

TI Mindmap HUB supports two authentication models, depending on the MCP client:

OAuth 2.1 for connector-native clients such as Claude custom connectors
API key authentication via the X-API-Key header for direct HTTP clients and local integrations

For Claude, the OAuth flow is started by Claude when the custom connector is added, so no manual API key entry is required in Claude.

Getting an API Key¶

Sign up at ti-mindmap-hub.com
Navigate to My Profile → MCP Server API Keys
Click Generate Key
Copy and securely store your key (format: tim_xxxxxxxxxxxx)

Use an API key when configuring direct clients such as the VS Code example in this repository. If you are using Claude's custom connector flow, use OAuth instead.

Available Tools (19)¶

Reports (5 tools)¶

Tool	Description	Parameters
`list_reports`	List threat intelligence reports	`search`, `tags`, `source`, `time_range`, `limit`
`get_report_details`	Get full report details	`report_id`
`get_report_content`	Get specific content type	`report_id`, `content_type`
`get_available_sources`	List all sources	—
`get_available_tags`	List all tags	—

Content types for get_report_content: - summary — AI-generated summary - raw — Original article text - mindmap — Threat mindmap in Markdown - ttps_table — MITRE ATT&CK TTPs table - ttps_execution — TTP execution order - five_whats — Root cause analysis - stix — STIX 2.1 bundle (JSON) - iocs — Extracted IOCs (JSON)

Weekly Briefings (3 tools)¶

Tool	Description	Parameters
`get_latest_briefing`	Get most recent briefing	—
`list_briefings`	List all briefings	—
`get_briefing_by_date`	Get briefing by date	`date` (YYYY-MM-DD)

IOC Search (1 tool)¶

Tool	Description	Parameters
`search_ioc`	Search for IOC	`ioc_value` (IP, domain, hash, URL)

CVE Intelligence (5 tools)¶

Tool	Description	Parameters
`search_cve`	Search CVE by ID	`cve_id` (e.g., CVE-2024-3400)
`search_cves_by_keyword`	Search CVEs by keyword	`query`, `limit`
`list_cves`	List CVEs with filters	`page`, `size`, `severity`, `sort_by`, `sort_order`
`get_cves_by_article`	Get CVEs from article	`article_id`
`get_cve_statistics`	Get CVE statistics	—

STIX Bundles (3 tools)¶

Tool	Description	Parameters
`get_stix_bundle`	Get STIX 2.1 bundle for an article	`article_id`
`list_stix_bundles`	List all available STIX bundles	`limit`, `offset`
`get_stix_statistics`	Get STIX generation statistics	—

The STIX bundle contains structured threat intelligence objects: - Threat Actors (threat-actor) - Malware (malware) - Attack Patterns / TTPs (attack-pattern) - Indicators / IOCs (indicator) - Vulnerabilities / CVEs (vulnerability) - Relationships between all objects

Bundles can be imported into STIX-compatible platforms like MISP, OpenCTI, or Microsoft Sentinel.

Statistics & Submissions (2 tools)¶

Tool	Description	Parameters
`get_statistics`	Platform statistics	—
`submit_article`	Submit URL for analysis	`url`

Protocol Details¶

Transport¶

Protocol: MCP over HTTP with SSE (Server-Sent Events)
Content-Type: application/json
Accept: application/json, text/event-stream

Session Management¶

The server uses session-based communication:

Client sends initialize request
Server returns Mcp-Session-Id header
Client includes Mcp-Session-Id in subsequent requests

Authentication Flow¶

Client                           MCP Server                    CosmosDB
  │                                   │                            │
  │─── initialize + X-API-Key ───────>│                            │
  │                                   │─── Validate API Key ──────>│
  │                                   │<── User claims ────────────│
  │<── Mcp-Session-Id ────────────────│                            │
  │                                   │                            │
  │─── tools/list + Mcp-Session-Id ──>│                            │
  │<── Tool definitions ──────────────│                            │

Example: Initialize Session¶

Request:

POST /mcp HTTP/1.1
Host: mcp.ti-mindmap-hub.com
X-API-Key: tim_your_api_key_here
Content-Type: application/json
Accept: application/json, text/event-stream

{
  "jsonrpc": "2.0",
  "method": "initialize",
  "params": {
    "protocolVersion": "2024-11-05",
    "capabilities": {},
    "clientInfo": {
      "name": "my-client",
      "version": "1.0.0"
    }
  },
  "id": 1
}

Response:

HTTP/1.1 200 OK
Content-Type: text/event-stream
Mcp-Session-Id: abc123def456

event: message
data: {"jsonrpc":"2.0","id":1,"result":{"protocolVersion":"2024-11-05","capabilities":{"tools":{"listChanged":true}},"serverInfo":{"name":"TI Mindmap HUB","version":"2.14.1"}}}

Example: Call Tool¶