port_activity
ActiveTool of Isc Sans
Get recent attack/probe activity for a TCP/UDP port from SANS ISC — daily counts of report records, distinct target IPs, and distinct source IPs hitting the port. Useful for spotting scanning surges against services like SSH (22), RDP (3389), SMB (445), or Telnet (23). Keyless.
Parameters schema
{
"type": "object",
"required": [
"port"
],
"properties": {
"port": {
"type": "number",
"description": "A port number, e.g. 22 (SSH), 3389 (RDP), 445 (SMB), 23 (Telnet)."
}
}
}No endpoints wrapped at confidence ≥ 0.50.
Parent server
Isc Sans
https://github.com/pipeworx-io/mcp-isc-sans
1/7 registries