🚀 MCP Server

We’re excited to announce the official launch of the MCP Server - a powerful tool for interacting with AI agents through a structured protocol!

📄 Documentation: MCP Server API Docs

🔍 What is MCP?

MCP (Model Context Protocol) is a server that allows you to:

• Send structured prompts and system instructions to AI agents
• Manage multiple agent contexts and sessions
• Chain agent reasoning steps using history
• Build powerful AI workflows with fine-grained control

🧠 Key Features

• Full REST API interface
• Supports multi-turn conversations
• Integrated system/user/assistant role structure
• Agent state persistence
• Fast and lightweight server ideal for production and experimentation

📦 Use Cases

• AI research & prompt engineering
• Autonomous agent orchestration
• Server-side inference pipelines
• Custom AI assistants and LLM-based tools

⚙️ Setup

{
  "mcpServers": {
    "cavalier-api": {
      "url": "https://docs.hudsonrock.com/mcp"
    }
  }
}

We're actively improving it, so please check out the docs and give us your feedback. Contributions and ideas welcome!

→ Explore the MCP Docs

IPv6 Support in /search-by-ip Endpoint

Endpoint: POST search-by-ip

• Added support for IPv6 addresses in the /search-by-ip endpoint.
• You can now query using both IPv4 and IPv6 formats.

Example IPv6 Query:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-ip \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '{"ips": ["0400:1a00:b090:1c47:4e2:3b62:8e86:ecf6"]}'

Docs: POST search-by-stealer/infection-analysis

• Added a new endpoint: POST /infection-analysis
• Purpose: Provides a detailed AI-generated analysis of how a specific identity was likely compromised.
• Response includes:
  • likely_infection_url: Most probable infection source URL.
  • infection_confidence: Confidence score (0–1) indicating the likelihood of that URL being the infection point.
  • infection_reasoning: Explanation of the inferred infection path.
  • infection_flow: Chronological breakdown of visited URLs leading up to the infection.
  • analyst_summary: AI-written narrative summarizing the infection incident.

This new capability enhances incident investigation workflows by offering immediate, explainable insights into breach origins.

Example Request:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-stealer/infection-analysis \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '{"stealer": "[IN]175.101.37.65"}'

[Added] - Sensitive Applications Field in Domains Overview Endpoint

Endpoint: POST /search-by-domain/overview

Added a new field: sensitive_applications

• Type: array of strings
• Description: Identifies sensitive applications within the compromised URL structure, based on a predefined list of sensitive apps.

This enhancement provides greater visibility into high-risk application exposures associated with compromised domains.

Sensitive applications list:

• +cscoe+
• cscoe
• active-directory
• adfs
• auth
• bitbucket
• ciscovpn
• citrix
• confluence
• cpanel
• dana-na
• extranet
• ftp
• git
• github
• gitlab
• hipchat
• imap
• jira
• kaspersky
• okta
• oracle
• owa
• pentaho
• ping
• rlogin
• roundcube
• salesforce
• sap
• sharepoint
• ssh
• sso
• st
• sts
• twilio
• vpn
• webex
• webmail
• webvpn
• zendesk
• zimbra
• zoom