You're viewing a demo portfolio

Join the waitlist
PRSM

incident_response_evidence_collector

Active

Tool of gapup-mcp

declared in 0.2.0

As a CTO, gather forensic evidence (logs, network flows, MITRE TTPs) from public breach reports and threat intelligence sources to support incident response post-mortems. Inputs include incident identifiers, date ranges, or MITRE technique IDs. Outputs structured evidence with attack patterns, indicators of compromise, and source references. — pass async:true REQUIRED to avoid x402 timeout.

Parameters schema

{
  "type": "object",
  "required": [
    "incident_id"
  ],
  "properties": {
    "async": {
      "type": "boolean",
      "description": "If true, returns a job_id immediately (<200ms) instead of waiting for the result. Poll the result with job_result(job_id). Use for slow tools to avoid client timeouts."
    },
    "date_range": {
      "type": "object",
      "properties": {
        "end": {
          "type": "string",
          "format": "date-time"
        },
        "start": {
          "type": "string",
          "format": "date-time"
        }
      }
    },
    "incident_id": {
      "type": "string",
      "description": "Unique identifier for the incident (e.g., CVE, GitHub Advisory ID)"
    },
    "mitre_technique_ids": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "List of MITRE ATT&CK technique IDs (e.g., T1059)"
    },
    "include_network_flows": {
      "type": "boolean",
      "default": false
    }
  }
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.70.

Parent server

gapup-mcp

https://github.com/getgapup/gapup-mcp-public

2/7 registries
View full server →