> MCP Server_

Your Security Data.
Your AI's Intelligence.

Connect AI agents directly to DarkStrata threat intelligence, credential monitoring, and security operations via the Model Context Protocol.

Get Started API Documentation

Extensive Tooling

Full coverage across all security domains

Live Resources

Real-time dashboards and statistics

Guided Prompts

Pre-built investigation workflows

SSE Streaming

Real-time server-sent event transport

Open Standard

Works with any MCP-compatible client

See It in Action

Watch an AI agent query DarkStrata in real-time

AI Agent Session

Comprehensive Security Coverage

Every DarkStrata capability, accessible to your AI agents

Query, triage, and manage security alerts. Filter by severity, status, and type.

Tools
  • alerts-listList alerts with filtering and pagination
  • alerts-getGet detailed information about a specific alert
  • alerts-get-statsGet aggregate alert statistics and severity breakdown
  • alerts-update-statusUpdate the status of an alert
  • alerts-deletePermanently delete an alert
Resources
  • darkstrata://alerts/statsAlert counts by status and severity breakdown

Manage monitored domains and keywords. Add, remove, and verify assets.

Tools
  • assets-listList monitored domain assets with filtering
  • assets-getGet detailed information about a specific asset
  • assets-get-statsGet aggregate asset statistics
  • assets-registerRegister a new domain asset for monitoring
  • assets-register-bulkRegister multiple domain assets in a single operation
  • assets-deleteRemove a domain asset from monitoring
  • assets-delete-bulkRemove multiple domain assets from monitoring
  • assets-resubmit-dnsRe-trigger DNS verification for an asset
Resources
  • darkstrata://assets/statsAsset verification statistics

Search compromised credential databases with k-anonymity privacy.

Tools
  • credential-check-statsGet credential check database statistics
Resources
  • darkstrata://credential-check/statsCredential database size and freshness

Query threat data, stealer logs, and exposure data across monitored domains.

Tools
  • data-intelligence-queryQuery credential exposure data with comprehensive filtering
  • data-intelligence-getGet details about a specific credential exposure
  • data-intelligence-get-statsGet data intelligence statistics and threat score distribution
  • data-intelligence-hostnamesList unique hostnames found in credential exposure data
  • data-intelligence-get-actionsGet configured actions for a credential exposure
  • data-intelligence-update-actionsUpdate actions for a credential exposure
Resources
  • darkstrata://data-intelligence/statsData intelligence metrics and monthly trends

Organise and manage identity groups for monitoring.

Tools
  • groups-listList identity groups with filtering and pagination
  • groups-getGet detailed information about a specific group
  • groups-createCreate a new identity group
  • groups-updateUpdate a group's name, description, or configuration
  • groups-deleteDelete a group

Request and manage credential data exports for incident investigation.

Tools
  • incident-response-requestRequest a new credential data export
  • incident-response-listList credential data export requests
  • incident-response-getGet details about a specific export request
  • incident-response-get-statsGet incident response export statistics
Resources
  • darkstrata://incident-response/statsIncident response export statistics

Manage private security awareness invites and review completion metrics.

Tools
  • lens-invite-sendSend Lens credential review invitations
  • lens-token-revokeRevoke a Lens review token

Manage organisations, view statistics, and update organisation details.

Tools
  • organisations-listList organisations accessible to the current API key
  • organisations-getGet detailed information about an organisation
  • organisations-get-statsGet organisation-level statistics
  • organisations-updateUpdate organisation details
  • organisations-deleteDelete an organisation
Resources
  • darkstrata://organisations/statsOrganisation-level statistics
  • darkstrata://organisations/alerts/statsOrganisation-level alert statistics

Access threat intelligence in STIX format for SIEM integration.

Tools
  • stix-export-alertsExport alerts as STIX 2.1 bundles for SIEM integration
  • stix-export-alertExport a specific alert as a STIX 2.1 bundle
  • stix-export-indicatorsExport STIX 2.1 indicators for SIEM ingestion

Monitor API usage, billing period summaries, and per-key breakdowns.

Tools
  • usage-getGet API usage data with optional filtering
  • usage-get-summaryGet API usage summary for the current billing period
  • usage-get-by-keyGet API usage breakdown by individual API key
Resources
  • darkstrata://usage/summaryAPI usage summary for current billing period
  • darkstrata://usage/by-keyAPI usage breakdown per API key

Multi-step investigation tools that combine data across domains into unified reports.

Tools
  • security-posture-overviewComprehensive security posture overview combining multiple stats
  • investigate-domainFull investigation context for a domain
  • triage-alertGather all context needed to triage a specific alert
  • exposure-summaryCredential exposure summary across all monitored domains
Resources
  • darkstrata://dashboardDashboard widget data including recent activity

Connect in Minutes

Add DarkStrata to your AI tools with a single configuration block

SSE Endpoint
# Connect any MCP client via Streamable HTTP https://mcp.darkstrata.io/mcp
Claude Desktop / Claude Code
{
  "mcpServers": {
    "darkstrata": {
      "url": "https://mcp.darkstrata.io/mcp",
      "headers": {
        "Authorization": "Bearer <YOUR_API_KEY>"
      }
    }
  }
}
Cursor
{
  "mcpServers": {
    "darkstrata": {
      "url": "https://mcp.darkstrata.io/mcp",
      "headers": {
        "Authorization": "Bearer <YOUR_API_KEY>"
      }
    }
  }
}

Replace <YOUR_API_KEY> with your DarkStrata API key. Generate one from your account settings.

Built-in Investigation Workflows

Pre-built multi-step prompts that guide AI agents through common security tasks

Pre-built Security Workflows

Guided prompts that help AI agents perform complex security operations with confidence.

View Docs

Triage alerts with context-aware severity assessment and recommended remediation actions.

Alert Triage

End-to-end incident response workflows from detection through containment and recovery.

Incident Response

Generate executive-ready security posture summaries with actionable recommendations.

Executive Summary

Triage Alert

Fetch an alert, enrich it with threat context, suggest a severity rating, and draft a response plan.

Analyse Exposure

Pull exposure data for a domain, cross-reference with credential databases, and assess organisational risk.

Incident Response

Gather all relevant alerts, exposures, and threat data for a domain and produce an incident timeline.

Onboard Assets

Walk through adding domains and keywords to monitoring with verification steps.

Executive Summary

Compile dashboard statistics, recent alerts, and exposure trends into a board-ready briefing.

Connect Your AI to Real Threat Intelligence.

API DocumentationGet Started

We value your privacy

We use cookies to analyse site traffic and improve your experience. No personal data is sold or shared with third parties for advertising.