Defense MCP Server

Defense MCP - Claude Desktop Extension

Claude Desktop native extension for Defense.com threat intelligence

This is a native Claude Desktop extension that gives Claude direct access to your Defense.com threat intelligence data. No terminal or configuration files required.

Features

• One-click installation via Claude Desktop
• Complete threat intelligence toolset (16 tools)
• Source type alias mapping (200+ friendly aliases like "pentest", "m365", "vuln scan")
• Interactive security training sessions
• Parallel sub-resource fetching for performance

Installation

Option 1: One-Click Install (Recommended)

The easiest way to install - no terminal or config files needed:

1. Download the .mcpb extension file from Releases
2. Double-click the file to open it with Claude Desktop
3. Click "Install" in the installation dialog
4. Enter your API token when prompted (see Getting your API Token)

That's it! The extension is now ready to use.

Alternative: Drag and Drop

1. Open Claude Desktop
2. Go to Settings (gear icon)
3. Drag the .mcpb file into the Settings window
4. Click Install and enter your API token

Verifying Installation

Once installed, you should see the extension in Claude Desktop:

Step 1: Check Extension is Installed Navigate to Settings > Extensions. You should see "Defense.com Threat Analysis" listed under "Installed on your computer".

Step 2: Configure Your API Token Click Configure to enter your Defense.com API Token (required) and optionally modify the API Base URL.

Step 3: Verify All Tools Are Available Scroll down to see all 16 available tools. You can configure tool permissions to control when Claude is allowed to use each tool.

Option 2: Manual Configuration (Advanced)

For developers or users who prefer manual setup:

npm install
npm run build
npx @anthropic-ai/mcpb pack

{
  "mcpServers": {
    "Defense MCP": {
      "command": "node",
      "args": ["/absolute/path/to/desktop-extension/dist/index.js"],
      "env": {
        "DEFENSE_API_TOKEN": "your_token_here",
        "DEFENSE_API_BASE_URL": "https://api.defense.com"
      }
    }
  }
}

Getting your API Token

1. Log into your Defense.com Portal
2. Go to Account → API Keys
3. Click Add API Key
4. Copy the generated token

Your API token is stored securely in your operating system's keychain.

Using the Extension

Once installed, you can ask Claude natural language questions about your security data.

Example Prompts

Example 1: Risk Assessment

"What are my biggest security risks right now?"

Claude will call get_biggest_risks to retrieve critical and high severity threats, sorted by risk score and number of affected assets. You'll get a prioritized list with remediation guidance.

Example 2: Source-Based Threat Analysis

"Show me all phishing threats from the last 30 days that are still open"

Claude will call get_threats_by_source with source_type="phishing", days=30, and state="detected". The tool recognizes 200+ aliases, so "phishing", "phish", "email phishing", and "social engineering" all work.

Example 3: Interactive Security Training

"Start a security training session on ransomware for beginners"

Claude will call start_training_session with session_type="ransomware" and difficulty="beginner". You'll receive quiz questions about ransomware threats. Use follow-up prompts like "submit answer A" or "give me a hint" to continue.

More Examples

• "Show me new threats from the last 7 days"
• "Who has the most threats assigned to them?"
• "Get full details on threat ID abc-123"
• "What's my team's current threat workload?"
• "Generate 5 advanced training questions about vulnerability management"

Available Tools

Threat Intelligence Tools