incident_response_evidence_collector
ActiveTool of gapup-mcp
As a CTO, gather forensic evidence (logs, network flows, MITRE TTPs) from public breach reports and threat intelligence sources to support incident response post-mortems. Inputs include incident identifiers, date ranges, or MITRE technique IDs. Outputs structured evidence with attack patterns, indicators of compromise, and source references. — pass async:true REQUIRED to avoid x402 timeout.
Parameters schema
{
"type": "object",
"required": [
"incident_id"
],
"properties": {
"async": {
"type": "boolean",
"description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
},
"date_range": {
"type": "object",
"properties": {
"end": {
"type": "string",
"format": "date-time"
},
"start": {
"type": "string",
"format": "date-time"
}
}
},
"incident_id": {
"type": "string",
"description": "Unique identifier for the incident (e.g., CVE, GitHub Advisory ID)"
},
"mitre_technique_ids": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of MITRE ATT&CK technique IDs (e.g., T1059)"
},
"include_network_flows": {
"type": "boolean",
"default": false
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
gapup-mcp
https://github.com/getgapup/gapup-mcp-public
2/7 registries