lookup_indicator
Pack: alienvault-otx · Endpoint: https://gateway.pipeworx.io/alienvault-otx/mcp
Look up an indicator (IPv4, domain, URL, or file hash) in OTX. Returns pulses referencing the indicator and observed-context fields. type auto-detected when omitted.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
indicator | string | yes | IPv4, domain, URL, or file hash (md5/sha1/sha256) |
type | string | no | Force a type instead of auto-detecting |
Example call
curl -X POST https://gateway.pipeworx.io/alienvault-otx/mcp \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"lookup_indicator","arguments":{}}}'Response shape
Always returns: indicator, type, pulse_count, pulses, context
| Field | Type | Description |
|---|---|---|
indicator | string | The indicator being looked up |
type | string | Detected or specified indicator type |
pulse_count | number | Number of pulses referencing this indicator |
pulses | array | Pulses containing this indicator |
context | object | Additional context fields from OTX API response |
Full JSON Schema
{
"type": "object",
"properties": {
"indicator": {
"type": "string",
"description": "The indicator being looked up"
},
"type": {
"type": "string",
"description": "Detected or specified indicator type",
"enum": [
"IPv4",
"IPv6",
"domain",
"hostname",
"url",
"file"
]
},
"pulse_count": {
"type": "number",
"description": "Number of pulses referencing this indicator"
},
"pulses": {
"type": "array",
"description": "Pulses containing this indicator",
"items": {
"type": "object",
"properties": {
"id": {
"type": [
"string",
"null"
]
},
"name": {
"type": [
"string",
"null"
]
},
"description": {
"type": [
"string",
"null"
]
},
"author": {
"type": [
"string",
"null"
]
},
"created": {
"type": [
"string",
"null"
]
},
"modified": {
"type": [
"string",
"null"
]
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"targeted_countries": {
"type": "array",
"items": {
"type": "string"
}
},
"malware_families": {
"type": "array",
"items": {
"type": "string"
}
},
"attack_ids": {
"type": "array",
"items": {
"type": "string"
}
},
"industries": {
"type": "array",
"items": {
"type": "string"
}
},
"indicators_count": {
"type": [
"number",
"null"
]
},
"otx_url": {
"type": [
"string",
"null"
]
}
}
}
},
"context": {
"type": "object",
"description": "Additional context fields from OTX API response"
}
},
"required": [
"indicator",
"type",
"pulse_count",
"pulses",
"context"
]
}Connect
Add this to your MCP client config, or use one-click install buttons:
{
"mcpServers": {
"alienvault-otx": {
"url": "https://gateway.pipeworx.io/alienvault-otx/mcp"
}
}
}See Getting Started for client-specific install steps.