> MCP Server_

Your Security Data.
Your AI's Intelligence.

Connect AI agents directly to DarkStrata threat intelligence, credential monitoring, and security operations via the Model Context Protocol.

Extensive Tooling

Full coverage across all security domains

Live Resources

Real-time dashboards and statistics

Guided Prompts

Pre-built investigation workflows

Streamable HTTP

Modern remote transport with server-sent streaming

Open Standard

Works with any MCP-compatible client

See It in Action

Watch an AI agent query DarkStrata in real-time

AI Agent Session

Use It Like This

Point your agent at DarkStrata and ask in plain language — it chooses the right tools and chains them automatically.

Give me a security posture briefing for this morning and flag anything critical.

security-posture-overview → alerts-list → exposure-summary

Triage the latest critical alert and draft a remediation plan.

alerts-list → triage-alert → data-intelligence-query

Investigate acme.com — what's exposed and who's most at risk?

investigate-domain → data-intelligence-query → data-intelligence-generate-summary

Export this week's alerts to our SIEM in STIX, plus the exposure events as CEF.

stix-export-alerts → siem-export-events

Comprehensive Security Coverage

Every DarkStrata capability, accessible to your AI agents

Query, triage, and manage security alerts. Filter by severity, status, and type.

  • alerts-listList alerts with filtering and pagination
  • alerts-getGet detailed information about a specific alert
  • alerts-get-statsGet aggregate alert statistics and severity breakdown
  • alerts-update-statusUpdate the status of an alert
  • alerts-deletePermanently delete an alert
  • darkstrata://alerts/statsAlert counts by status and severity breakdown

Manage monitored domains and keywords. Add, remove, and verify assets.

  • assets-listList monitored domain assets with filtering
  • assets-getGet detailed information about a specific asset
  • assets-get-statsGet aggregate asset statistics
  • assets-registerRegister a new domain asset for monitoring
  • assets-register-bulkRegister multiple domain assets in a single operation
  • assets-deleteRemove a domain asset from monitoring
  • assets-delete-bulkRemove multiple domain assets from monitoring
  • assets-resubmit-dnsRe-trigger DNS verification for an asset
  • darkstrata://assets/statsAsset verification statistics

Search compromised credential databases with k-anonymity privacy.

  • credential-check-statsGet credential check database statistics
  • darkstrata://credential-check/statsCredential database size and freshness

Query infostealer logs, third-party breaches, and credential-exposure events across monitored domains, with naming-rule views, AI exposure summaries, and malware-family threat profiles.

  • data-intelligence-queryQuery credential exposure data with comprehensive filtering
  • data-intelligence-getGet details about a specific credential exposure
  • data-intelligence-get-statsGet data intelligence statistics and threat score distribution
  • data-intelligence-hostnamesList unique hostnames found in credential exposure data
  • data-intelligence-get-actionsGet configured actions for a credential exposure
  • data-intelligence-update-actionsUpdate actions for a credential exposure
  • data-intelligence-generate-summaryGenerate an AI executive summary of an identifier's exposure risk profile
  • data-intelligence-breaches-queryList third-party breach exposures with filtering and pagination
  • data-intelligence-breaches-statsAggregate statistics over third-party breach exposures
  • data-intelligence-events-queryList outbound credential-exposure events (one row per identifier-service match)
  • data-intelligence-events-statsDistribution statistics for outbound credential-exposure events
  • data-intelligence-naming-rulesList the organisation's active asset naming rules
  • data-intelligence-breaches-update-statusUpdate the status of a single breach exposure
  • data-intelligence-breaches-bulk-statusBulk-update the status across multiple breach exposures
  • data-intelligence-malware-family-profileGet an AI threat-intelligence profile for a stealer malware family
  • darkstrata://data-intelligence/statsData intelligence metrics and monthly trends

Organise and manage identity groups for monitoring.

  • groups-listList identity groups with filtering and pagination
  • groups-getGet detailed information about a specific group
  • groups-createCreate a new identity group
  • groups-updateUpdate a group's name, description, or configuration
  • groups-deleteDelete a group

Request and manage credential data exports for incident investigation.

  • incident-response-requestRequest a new credential data export
  • incident-response-listList credential data export requests
  • incident-response-getGet details about a specific export request
  • incident-response-get-statsGet incident response export statistics
  • darkstrata://incident-response/statsIncident response export statistics

Manage private security awareness invites and review completion metrics.

  • lens-invite-sendSend Lens credential review invitations
  • lens-token-revokeRevoke a Lens review token

Manage organisations, view statistics, and update organisation details.

  • organisations-listList organisations accessible to the current API key
  • organisations-getGet detailed information about an organisation
  • organisations-get-statsGet organisation-level statistics
  • organisations-updateUpdate organisation details
  • darkstrata://organisations/statsOrganisation-level statistics
  • darkstrata://organisations/alerts/statsOrganisation-level alert statistics

Export alerts and indicators as STIX 2.1 bundles, and credential-exposure events in CEF or LEEF format for SIEM ingestion.

  • stix-export-alertsExport alerts as STIX 2.1 bundles for SIEM integration
  • stix-export-alertExport a specific alert as a STIX 2.1 bundle
  • stix-export-indicatorsExport STIX 2.1 indicators for SIEM ingestion
  • siem-export-eventsExport credential-exposure events in CEF or LEEF format for SIEM ingestion
  • siem-export-alert-eventsExport the credential-exposure events for a specific alert in CEF or LEEF format

Monitor API usage, billing period summaries, and per-key breakdowns.

  • usage-getGet API usage data with optional filtering
  • usage-get-summaryGet API usage summary for the current billing period
  • usage-get-by-keyGet API usage breakdown by individual API key
  • darkstrata://usage/summaryAPI usage summary for current billing period
  • darkstrata://usage/by-keyAPI usage breakdown per API key

Multi-step investigation tools that combine data across domains into unified reports.

  • security-posture-overviewComprehensive security posture overview combining multiple stats
  • investigate-domainFull investigation context for a domain
  • triage-alertGather all context needed to triage a specific alert
  • exposure-summaryCredential exposure summary across all monitored domains
  • dashboard-exposure-summaryHeadline credential-exposure metrics across all verified domains
  • darkstrata://dashboardDashboard widget data including recent activity

Connect in Minutes

Add DarkStrata to your AI tools with a single configuration block

HTTP Endpoint
# Connect any MCP client via Streamable HTTP https://mcp.darkstrata.io/mcp
Claude Desktop / Claude Code
{
  "mcpServers": {
    "darkstrata": {
      "type": "streamable-http",
      "url": "https://mcp.darkstrata.io/mcp",
      "headers": {
        "x-api-key": "<YOUR_API_KEY>"
      }
    }
  }
}
Cursor
{
  "mcpServers": {
    "darkstrata": {
      "type": "streamable-http",
      "url": "https://mcp.darkstrata.io/mcp",
      "headers": {
        "x-api-key": "<YOUR_API_KEY>"
      }
    }
  }
}

Replace <YOUR_API_KEY> with your DarkStrata API key. Generate one from your account settings.

API keys are scoped. Issue a read-only key to give agents safe, least-privilege access — a key can only call the tools its scopes permit, so analysis and triage stay non-destructive. Add write scopes only for automation that needs to act.

Built-in Investigation Workflows

Pre-built multi-step prompts that guide AI agents through common security tasks

Pre-built Security Workflows

Guided prompts that help AI agents perform complex security operations with confidence.

View Docs

Triage alerts with context-aware severity assessment and recommended remediation actions.

Alert Triage

End-to-end incident response workflows from detection through containment and recovery.

Incident Response

Generate executive-ready security posture summaries with actionable recommendations.

Executive Summary

Triage Alert

Fetch an alert, enrich it with threat context, suggest a severity rating, and draft a response plan.

Analyse Exposure

Pull exposure data for a domain, cross-reference with credential databases, and assess organisational risk.

Incident Response

Gather all relevant alerts, exposures, and threat data for a domain and produce an incident timeline.

Onboard Assets

Walk through adding domains and keywords to monitoring with verification steps.

Executive Summary

Compile dashboard statistics, recent alerts, and exposure trends into a board-ready briefing.

Connect Your AI to Real Threat Intelligence.