search_iocs
Search IOCs by keyword.
Params
- query: string
- type?: string
- limit?: number
Developer Portal
Integrate ThreatNoir IOCs into your security workflow
Use the ThreatNoir MCP server for AI tools, or call the IOC REST API directly.
Getting started
- 1. Create an account and sign in.
- 2. Go to Settings → API Keys.
- 3. Generate a new API key.
- 4. Install the MCP server (recommended) or use the REST API.
Installation
Use npx or add to your MCP config.
Terminal
# Using npx (recommended)
npx threatnoir-mcp-iocs
# Or add to your .mcp.json.mcp.json
{
"mcpServers": {
"threatnoir-iocs": {
"command": "npx",
"args": ["threatnoir-mcp-iocs"],
"env": { "THREATNOIR_API_KEY": "your-key-here" }
}
}
}Set THREATNOIR_API_KEY to your generated key.
Available tools
list_iocs
List recent IOCs.
Params
- type?: string
- limit?: number
lookup_ioc
Exact match lookup.
Params
- value: string
IOC types
Use these values for type filters.
| Type | Example |
|---|---|
| ip | 8.8.8.8 |
| domain | example.com |
| hash_md5 | d41d8cd98f00b204e9800998ecf8427e |
| hash_sha1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| hash_sha256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| url | https://example.com/path |
| cve | CVE-2024-12345 |
| mitre_attack | T1059 |
| analyst@example.com | |
| malware | Emotet |
Rate limits
- 100 requests per minute per API key.
- 30 requests per minute for unauthenticated access (list only).
REST API
Use Authorization: Bearer tn_live_your_key for authenticated endpoints.
Examples
GET https://threatnoir.com/api/v1/iocs?type=cve&limit=10
GET https://threatnoir.com/api/v1/iocs?q=192.168&type=ip
Authorization: Bearer tn_live_your_key