ISAC Reports Dashboard

OSINT Threat Intelligence Aggregator

Items

395

Cache Age

10h 17m
2026-06-22T03:00:09.929Z

By Source

cisa-kev2
cisa-advisories16
vendor-blogs214
malware-bazaar26
abuse-ipdb20
threatfox3
otx30
general-news97

Fetch Errors

nvdNVD API responded 503
Daily Weekly Monthly Full Report Search Architecture JSON | Markdown Data refreshes automatically at 3:00 AM and 3:00 PM

Sources

cisa-kevEnabled
cisa-advisoriesEnabled
nvdEnabled
vendor-blogsEnabled
malware-bazaarEnabled
abuse-ipdbEnabled
threatfoxEnabled
otxEnabled
general-newsEnabled

MCP Server

Client Configuration

To add this server to an MCP-compatible client (e.g. Claude Desktop, Cursor, Windsurf), use this config:

{
  "mcpServers": {
    "isac-reports": {
      "type": "http",
      "url": "https://security.deploy.dalcu.com/mcp"
    }
  }
}

Test with the MCP Inspector:

npx @modelcontextprotocol/inspector --transport streamableHttp https://security.deploy.dalcu.com/mcp

Available Tools

get_report

Get an OSINT threat intelligence report as markdown.

range (enum, default: daily) — daily (24h), weekly (7 days), or monthly (30 days)
sources (enum[], optional) — cisa-kev, cisa-advisories, nvd, vendor-blogs, malware-bazaar, abuse-ipdb, threatfox, otx, general-news

search

Search and filter threat intelligence items with structured filters.

query (string, optional) — text search across titles and descriptions
severity (enum, optional) — critical, high, medium, low, unknown
category (enum, optional) — vulnerability, advisory, news, malware, threat-intel, ip-reputation
source (enum, optional) — cisa-kev, cisa-advisories, nvd, vendor-blogs, malware-bazaar, abuse-ipdb, threatfox, otx, general-news
tag (enum, optional) — ransomware, apt, zeroday, phishing, botnet, ics, rce, supply-chain, infostealer, exploit-kit, transport
date_from (string, optional) — published_at >= date (ISO format)
date_to (string, optional) — published_at <= date (ISO format)
limit (number, default: 50) — max items to return (1–200)
offset (number, default: 0) — skip first N results

query_db

Execute a read-only SQL query against the threat intelligence SQLite database for advanced analysis.

sql (string, required) — SELECT query to execute

list_sources

List all available threat intelligence sources and their enabled/disabled status.

No parameters.

Available Prompts

generate_bulletin

Guided prompt for producing a Transportation-sector ISAC cybersecurity bulletin. Provides the recommended workflow, bulletin structure, and formatting guidelines.

range (enum, default: daily) — daily, weekly, or monthly