ISAC Reports Dashboard

OSINT Threat Intelligence Aggregator

Items

1383

Cache Age

9h 20m
2026-04-22T15:00:21.902Z

By Source

cisa-kev7
cisa-advisories18
vendor-blogs81
nvd1129
malware-bazaar17
abuse-ipdb20
threatfox2
otx30
general-news94

Fetch Errors

None
Daily Weekly Monthly Full Report Search Architecture JSON | Markdown Data refreshes automatically at 3:00 AM and 3:00 PM

Sources

cisa-kevEnabled
cisa-advisoriesEnabled
nvdEnabled
vendor-blogsEnabled
malware-bazaarEnabled
abuse-ipdbEnabled
threatfoxEnabled
otxEnabled
general-newsEnabled

MCP Server

Client Configuration

To add this server to an MCP-compatible client (e.g. Claude Desktop, Cursor, Windsurf), use this config:

{
  "mcpServers": {
    "isac-reports": {
      "type": "http",
      "url": "https://security.deploy.dalcu.com/mcp"
    }
  }
}

Test with the MCP Inspector:

npx @modelcontextprotocol/inspector --transport streamableHttp https://security.deploy.dalcu.com/mcp

Available Tools

get_report

Get an OSINT threat intelligence report as markdown.

range (enum, default: daily) — daily (24h), weekly (7 days), or monthly (30 days)
sources (enum[], optional) — cisa-kev, cisa-advisories, nvd, vendor-blogs, malware-bazaar, abuse-ipdb, threatfox, otx, general-news

search

Search and filter threat intelligence items with structured filters.

query (string, optional) — text search across titles and descriptions
severity (enum, optional) — critical, high, medium, low, unknown
category (enum, optional) — vulnerability, advisory, news, malware, threat-intel, ip-reputation
source (enum, optional) — cisa-kev, cisa-advisories, nvd, vendor-blogs, malware-bazaar, abuse-ipdb, threatfox, otx, general-news
tag (enum, optional) — ransomware, apt, zeroday, phishing, botnet, ics, rce, supply-chain, infostealer, exploit-kit, transport
date_from (string, optional) — published_at >= date (ISO format)
date_to (string, optional) — published_at <= date (ISO format)
limit (number, default: 50) — max items to return (1–200)
offset (number, default: 0) — skip first N results

query_db

Execute a read-only SQL query against the threat intelligence SQLite database for advanced analysis.

sql (string, required) — SELECT query to execute

list_sources

List all available threat intelligence sources and their enabled/disabled status.

No parameters.

Available Prompts

generate_bulletin

Guided prompt for producing a Transportation-sector ISAC cybersecurity bulletin. Provides the recommended workflow, bulletin structure, and formatting guidelines.

range (enum, default: daily) — daily, weekly, or monthly