Feedly MCP server
Query the Feedly Threat Graph for curated CTI on actors, malware, and campaigns.
About
Connect Tracecat to Feedly to query the Threat Graph for curated CTI on actors, malware, campaigns, and CVEs for SOC analysts and threat hunters running incident response. You can search the Threat Graph for a suspected actor and pull a full profile with aliases, TTPs, and recent activity. From there, walk related entities to linked malware and campaigns, fetch source reports, and surface trending threats with confidence.
Setup
- 1
Create an API key
Feedly's MCP server uses a Threat Intelligence API token issued from the Feedly Enterprise admin console. The token inherits the seat's Threat Intelligence permissions and is passed to the server as an environment variable.
- 2
Select the
Feedlytile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theFeedlytile, and paste your API key. - 3
Enable
Feedlyin your agentIn your
ai.agentaction orAgents→toolstab, selectFeedlyfrom theMCP integrationsdropdown.
Tools
search_threat_graph | Search the Feedly Threat Graph for actors, malware, campaigns, vulnerabilities, and TTPs. |
get_threat_actor | Pull a curated profile of a named threat actor with aliases, TTPs, and recent activity. |
get_malware_family | Retrieve a malware family profile including capabilities, variants, and recent reports. |
get_campaign | Fetch campaign details with timelines, targets, and linked indicators. |
get_vulnerability | Look up a CVE with exploitation status, affected products, and related reports. |
list_trending_threats | Surface the threats Feedly is tracking as currently trending in the open source feed. |
get_related_entities | Walk the Threat Graph from one entity to connected actors, malware, or indicators. |
get_threat_report | Fetch the full text and metadata of a specific threat intelligence report. |