routermcp
← Back to Blog

Security/Threat Intel MCP Pack (2025) — VirusTotal, Shodan, Okta, CrowdStrike

• By RouterMCP Team

Hunt, triage, and respond with integrated intel, identity, and EDR via MCP. Includes playbooks and safety policies.

Threat intel panel with VT, Shodan, IdP, and EDR data.

Security/Threat Intel MCP Pack (2025) — VirusTotal, Shodan, Okta, CrowdStrike

TL;DR: Query indicators in VirusTotal, check exposure in Shodan, validate identity in Okta, and kick off an EDR action — in one place.

Servers

  • VirusTotal MCP (community). https://github.com/pulkitsinghal/mcp-server-virustotal
  • Shodan MCP (community). https://github.com/jonpulsifer/shodan-mcp
  • Okta MCP (community). https://github.com/jonpulsifer/okta-mcp
  • CrowdStrike MCP (community). https://github.com/aaronsdevera/mcp_crowdstrike

Playbook

  1. Look up a hash in VT; record verdict.
  2. Search Shodan for the asset; check ports/exposure.
  3. Validate user/device in Okta; if needed, suspend until triage.
  4. Query CrowdStrike detections; isolate host with approval.

Internal links

  • Pack docs: /packs/security
  • Related posts: Security (01), Governance (05)

FAQ Q: How do we prevent accidental isolation?
A: Require approvals and “dry‑run” on sensitive actions; log all requests.

Schema

Checklist (fast)

  1. Intent. 2) Title/meta. 3) Slug. 4) TL;DR. 5) Playbook. 6) FAQ. 7) Links. 8) Images/alt. 9) Edit. 10) CTA.

CTA

  • Use the template: examples/packs/security.mcp.json and the “sensitive action” policy pack with approvals + rate limits.