Public Docs / MCP / Resources

MCP Resources Reference

Resources are read-only data endpoints that return structured JSON. Use the resources/read JSON-RPC method with a uri parameter matching one of the patterns below.

How to Read a Resource

{
  "jsonrpc": "2.0",
  "id": "1",
  "method": "resources/read",
  "params": {
    "uri": "phoenix://cve/CVE-2024-27198"
  }
}

The response wraps the data in a contents array, with each item containing uri, mimeType, and text (JSON string). To list all available resources, call resources/list with no params.

CVE Resources

phoenix://cve/{cve_id}

Full CVE record including PS-HP score, EPSS probability, KEV status, exploit maturity, CVSS vectors, affected products, and enrichments from 15+ intelligence sources. Replace {cve_id} with a valid CVE identifier, e.g. phoenix://cve/CVE-2024-3400.

KEV & Threat Intelligence Resources

phoenix://kev/catalog

The CISA Known Exploited Vulnerabilities catalog as tracked by Phoenix. Returns paginated KEV entries with vendor, product, and due date fields.

phoenix://threat-actors

Threat actor intelligence map — groups, campaigns, and their associated CVE sets from Phoenix's threat tracking database.

High-Profile & Enterprise Watchlist Resources

phoenix://high-profile/tier/{tier}

PS-HP classified CVEs at a given tier. Replace {tier} with 1 (confirmed actively exploited), 2 (likely high-risk), or 3 (emerging threat). Example: phoenix://high-profile/tier/1.

phoenix://enterprise-watchlist

The PS-EW Enterprise Watchlist — high-severity CVEs in enterprise-critical products that carry significant latent risk without confirmed exploitation evidence.

phoenix://enterprise-cpe/{category}

Enterprise-critical vendor/product classifications from the CPE registry. Replace {category} with a category name or all for the full registry. Fields returned depend on your access tier (see Access Tiers).

End-of-Life Resources

phoenix://eol/products

Full EOL product catalog with lifecycle status, vendor, category, and support timeline for each tracked product.

phoenix://eol/products/{product_slug}

Lifecycle detail for a single product. Replace {product_slug} with the product identifier, e.g. phoenix://eol/products/ubuntu-20.04.

phoenix://eol/cve-correlation

CVE-to-EOL correlation data — which CVEs affect products at or approaching end of life, with patch availability status.

phoenix://eol/replacements

Replacement recommendations for EOL products — curated safe migration targets across all tracked categories.

phoenix://eol/statistics

Aggregate EOL statistics: counts by status, vendor breakdowns, category summaries, and trend data.

phoenix://eol/timeline

Upcoming EOL events ordered chronologically — useful for planning remediation windows and lifecycle budget cycles.

Response Shape

All resource responses are returned as JSON wrapped in the MCP contents envelope:

{
  "jsonrpc": "2.0",
  "id": "1",
  "result": {
    "contents": [
      {
        "uri": "phoenix://kev/catalog",
        "mimeType": "application/json",
        "text": "{ ... JSON data ... }"
      }
    ]
  }
}

Data depth in each resource response is filtered by your access tier. Enterprise keys receive the most complete field set. See Access Tiers for the per-tier field breakdown.