This repository contains the code and configurations used for Elevate 2025. It covers detection-as-code, threat intelligence, and MCP set up.
- all MCP servers were cloned and treated as standalone folders within the repo for simplicity
- ai-runbooks-elevate25 and mcp-security-elevate25 are cloned as of 6 June 2025 to keep the information frozen for simplicity sake.
- ai-runbooks-elevate25 was cloned from https://github.com/dandye/ai-runbooks
- mcp-security-elevate25 was clone from https://github.com/google/mcp-security
- opencti-mcp and github-mcp-server are cloned as of 28 May 2025 to keep the information frozen for simplicity sake
- opencti-mcp was cloned from https://github.com/Spathodea-Network/opencti-mcp
- github-mcp-server was cloned from https://github.com/github/github-mcp-server
- virustotal-mcp-server was purpose-built to create Livehunt Rules and create IOC Collections. They currently append the "-elevate2025" for tracking purpose
- ai-runbooks-elevate25 and mcp-security-elevate25 are cloned as of 6 June 2025 to keep the information frozen for simplicity sake.
Most of the folders will have it's own readme / instruction guide, taken from the original repository.
- Visual Studio Code installed
- UV installed
- Cline installed
- Python 3.11 or greater
- Credentials / API tokens for the integrations (SecOps, Google Threat Intelligence, Github, etc)
- Clone this repository
- This will also include Github Actions for the DaC portion
- Update your cline settings. look at the example_cline_mcp_settings.json can be found
- integrate AIP?
- include more actionable content - leverage secops-soar to push indicators, contain devices, build more complex hunting rules
- more malware analysis with ghidra?