# dora MCP server

DORAOracle — tools for DORA Art.5-32: risk register, ICT incidents, TLPT, third-party.

## Links
- Registry page: https://www.getdrio.com/mcp/io-tooloracle-dora
- Repository: https://github.com/ToolOracle/dora

## Install
- Endpoint: https://tooloracle.io/dora/mcp/
- Auth: Not captured

## Setup notes
- Remote endpoint: https://tooloracle.io/dora/mcp/

## Tools
- cve_search - Search CVEs by keyword, vendor or product. Returns CVSS scores, attack vectors, DORA pillar mapping. Endpoint: https://tooloracle.io/dora/mcp/
- cve_latest - Latest critical CVEs — daily DORA ICT risk briefing. Filter by severity and banking relevance. Endpoint: https://tooloracle.io/dora/mcp/
- kev_list - CISA Known Exploited Vulnerabilities — actively exploited CVEs with patch deadlines. DORA Art. 9 patch compliance. Endpoint: https://tooloracle.io/dora/mcp/
- kev_check - Check if a specific CVE is in CISA KEV (actively exploited in the wild). Returns DORA incident classification guidance. Endpoint: https://tooloracle.io/dora/mcp/
- cert_advisories - CERT-Bund security advisories — authoritative DE source for ICT threats. DORA Art. 17 threat monitoring. Endpoint: https://tooloracle.io/dora/mcp/
- breach_check - HaveIBeenPwned breach database — check domain/company breach exposure. DORA Art. 18 incident assessment. Endpoint: https://tooloracle.io/dora/mcp/
- threat_actors - Feodo Tracker: live C2 botnet servers (Emotet, QakBot, etc.). Actionable IP blocklist for DORA Art. 9. Endpoint: https://tooloracle.io/dora/mcp/
- incident_timeline - Generate DORA-compliant ICT incident reporting timeline with exact deadlines. DORA Art. 19 major incident workflow. Endpoint: https://tooloracle.io/dora/mcp/
- mitre_techniques - MITRE ATT&CK techniques for DORA TLPT / TIBER-EU penetration testing. Maps to DORA Art. 26. Endpoint: https://tooloracle.io/dora/mcp/
- tlpt_scenarios - TIBER-EU threat scenarios for DORA resilience testing planning. Banking-specific attack simulations. Endpoint: https://tooloracle.io/dora/mcp/
- cloud_status - Live status of AWS, GCP, Azure cloud providers. DORA Art. 28 third-party ICT risk monitoring. Endpoint: https://tooloracle.io/dora/mcp/
- provider_risk - DORA Art. 28 ICT third-party risk assessment: CVE history, news, GLEIF registration, contractual checklist. Endpoint: https://tooloracle.io/dora/mcp/
- dora_news - EBA/DORA regulatory news for banks. Topics: general, eba, incident, third_party, testing, guidelines, bafin, swift. Endpoint: https://tooloracle.io/dora/mcp/
- dora_calendar - DORA compliance milestones and upcoming deadlines for financial institutions. All Art. references included. Endpoint: https://tooloracle.io/dora/mcp/
- health_check - DORAOracle server status and all backend connectivity checks. Endpoint: https://tooloracle.io/dora/mcp/

## Resources
Not captured

## Prompts
Not captured

## Metadata
- Owner: io.tooloracle
- Version: 1.0.0
- Runtime: Streamable Http
- Transports: HTTP
- License: Not captured
- Language: Not captured
- Stars: Not captured
- Updated: May 7, 2026
- Source: https://registry.modelcontextprotocol.io