XTron MCP
Cybersecurity threat intelligence for AI assistants — connect Claude, ChatGPT, Cursor, and other MCP-compatible clients to CyberXTron's threat intelligence platform.
Query indicators of compromise, CVEs, threat actors, ransomware attacks, and security advisories directly from your AI assistant.
https://xtronmcp.cyberxtron.com/mcpTools
| Tool | Description | Tier |
|---|---|---|
search_iocs | Search Indicators of Compromise by type, value, CVE, threat actor, geolocation, score, and more | Free + Paid |
search_vulnerabilities | Find CVEs by ID, CVSS/EPSS score, exploit status, CISA KEV, ransomware exploitation, vendor, and product | Free + Paid |
search_breaches | Search ransomware attacks and data breaches by domain, organization, threat actor, country, and industry | Free + Paid |
search_threat_advisories | Search XTron security advisories covering threat campaigns, malware analysis, and vulnerability disclosures | Free + Paid |
search_threat_intel | Deep threat actor and malware intelligence — capabilities, MITRE TTPs, targets, and associated IOCs | Paid only |
Tools are designed to chain together — results carry cross-references that can be passed directly into other tools for richer investigation workflows.
Connecting to Claude
Claude Desktop
- Go to Settings → Connectors
- Click Add custom connectors
- Enter a name — e.g.
XTron-Intel - Enter the Remote MCP server URL:
https://xtronmcp.cyberxtron.com/mcp - Click Add
- Click Connect — you will be redirected to the Application Access Request page
- Click Allow Access
- Enter your CyberXTron portal login credentials
- Go to the prompt page, click the + sign → Connectors and ensure the XTron-Intel connector is enabled
Other MCP-Compatible Clients
Any client that supports the MCP OAuth flow can connect using the server URL:
https://xtronmcp.cyberxtron.com/mcp
Supported clients: Claude Desktop, ChatGPT, Cursor, and any MCP OAuth-compatible client.
Authentication
XTron MCP uses OAuth 2.0 Authorization Code flow. When you connect for the first time, your MCP client will redirect you to the CyberXTron login page to authorize access.
Usage Examples
Investigate a suspicious IP address
"Is 185.220.101.45 a known malicious IP? What threat actor is behind it and what CVEs has it been used to exploit?"
The assistant searches for the IP using search_iocs, retrieves threat actor context via search_threat_intel, then cross-references any associated CVEs using search_vulnerabilities.
Ransomware exposure assessment
"Has any ransomware group attacked companies in the healthcare sector in the United States in the last 30 days? Show me the threat actor behind the most recent attacks and any CVEs they are known to exploit."
The assistant searches recent breaches in the healthcare sector using search_breaches, identifies the responsible threat actor, then calls search_vulnerabilities to surface any CVEs they are known to exploit.
Patch prioritisation
"Show me all critical CVEs affecting Microsoft Exchange that are in CISA KEV and have a known exploit. Are any actively exploited in ransomware campaigns?"
The assistant queries search_vulnerabilities filtered to Microsoft Exchange, critical severity, CISA KEV status, and known exploits, then identifies any actively used in ransomware campaigns.
Threat actor deep-dive
"What are Lazarus Group's known capabilities, malware tools, and MITRE TTPs? Find all IOCs linked to them from the last 90 days."
The assistant calls search_threat_intel for a full actor profile including capabilities, malware, and TTPs, then queries search_iocs to retrieve recently linked indicators.
Advisory and campaign research
"Are there any recent XTron advisories about supply chain attacks targeting financial institutions? Show associated CVEs and IOCs."
The assistant searches search_threat_advisories for supply chain attack coverage, extracts CVE references, then calls search_vulnerabilities for full details.
Support
- Support: support@cyberxtron.com
- Privacy Policy: cyberxtron.com/privacy
- Website: cyberxtron.com