# UpGuard MCP

> UpGuard monitors your entire attack surface and assesses third-party vendor risks through natural conversation. It lets you check security scores, track identity breaches affecting employees, and audit digital assets—all without jumping between dashboards. Connect this MCP to see exactly where vulnerabilities exist before attackers do.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** attack-surface, vendor-risk, cybersecurity, compliance, security-scanning, risk-assessment

## Description

Monitoring an organization's digital perimeter is a full-time job that used to require running reports across five different consoles. This MCP connects your AI agent directly to UpGuard data, letting you talk through complex security questions like talking to a seasoned analyst. You can ask about specific vendors or track down every instance of identity theft affecting your staff. If you're using Vinkius, this connector pulls together vendor risk profiles, monitored domains, and active account risks into one chat window. It’s simple: instead of building complex queries, you just tell the AI what you need to know about who you trust or where your data might be exposed.

## Tools

### get_vendor
Retrieves detailed security information for a single, specified vendor.

### list_saas_apps
Provides a list of all SaaS applications monitored by UpGuard.

### list_identity_breaches
Generates a full report detailing identity breaches found across the organization's workforce.

### list_monitored_domains
Lists all domain names that are currently under continuous monitoring.

### list_monitored_ips
Provides a comprehensive list of monitored IP addresses for asset visibility.

### list_account_risks
Lists all currently detected security risks affecting the entire account or organization.

### list_user_risks
Retrieves specific risk data and threat indicators for individual users.

### list_vendor_risks
Lists all active security risks found specifically within a target vendor's profile.

### list_vendors
Retrieves an overview list of every third-party vendor currently being monitored.

## Prompt Examples

**Prompt:** 
```
List all monitored vendors and their security scores.
```

**Response:** 
```
I've retrieved your vendor list. You are monitoring 15 vendors. Top scorers include 'Cloud Analytics' (950/950) and 'Payment Gateway X' (920/950). 'Old Legacy Supplier' has a lower score of 450. Which one would you like a detailed risk report for?
```

**Prompt:** 
```
Show me the active risks for the vendor 'Microsoft'.
```

**Response:** 
```
I've fetched the risks for Microsoft. There are 2 active findings: 'Unencrypted backup found' and 'TLS 1.0 support detected'. Shall I retrieve the remediation steps for these?
```

**Prompt:** 
```
Are there any recent identity breaches affecting our domain?
```

**Response:** 
```
Inspecting breach data... I found one recent identity breach affecting 3 employees. It occurred on a third-party site 'TrainingPortal.com'. Would you like the list of affected email addresses?
```

## Capabilities

### Audit Vendor Security Scores
Retrieve security scores and detailed risk metrics for any third-party vendor you work with.

### Map Digital Assets
List all monitored domains, IP ranges, and SaaS applications to understand your full digital footprint.

### Track Identity Theft Incidents
View recent identity breaches affecting your workforce and get reports on affected email addresses.

### Assess User Risk Profiles
Audit user-specific risk data, checking for signs of compromised accounts or behavioral issues.

### Identify Active Infrastructure Risks
List all active security risks found across your own infrastructure and your vendor network.

## Use Cases

### Vendor Due Diligence Check
A compliance officer needs to prove that a new partner, 'Acme Corp,' meets security standards. They ask the agent: 'List active risks for Acme Corp and list all monitored vendors.' The AI responds with specific findings from list_vendor_risks and then gives a list of competitors using list_vendors.

### Identifying Internal Exposure
An IT Ops Manager suspects an employee's credentials were stolen. They prompt: 'What is the current risk status for user Jane Doe?' The agent runs list_user_risks, providing a clear report on identity theft exposure and recommending immediate action.

### Mapping Forgotten Assets
The security team needs to know every public asset they manage. They run 'List all domains and IPs.' The agent uses list_monitored_domains and list_monitored_ips, giving them a definitive inventory of the organization's digital perimeter.

### Post-Incident Review
After an incident, the security team needs to know how many employees were affected. They ask: 'Were there any identity breaches in Q3?' The agent uses list_identity_breaches and provides a detailed report on the scale and source of the breach.

## Benefits

- Stop manually checking security reports. You can run list_vendors and immediately get a full overview of every monitored vendor, including their current score.
- Audit user activity risk instantly. Using list_user_risks lets you pinpoint which employees are exposed to identity theft or suspicious behavior without needing the HR team's help.
- Keep track of your digital footprint by listing all assets with list_monitored_domains and list_monitored_ips in one query, eliminating spreadsheet sprawl.
- Determine exactly what’s wrong with a partner. You can check active issues for any third party using list_vendor_risks, then narrow it down with get_vendor.
- Respond to breaches faster. Calling list_identity_breaches gives you immediate access to breach reports and affected employee lists when an incident happens.

## How It Works

The bottom line is you ask a question in plain English and get actionable, data-backed security answers instantly.

1. Subscribe to this MCP and enter your UpGuard API Key into the Vinkius catalog.
2. Your AI client authenticates the connection, giving your agent access to all monitored security data.
3. You prompt the agent with a natural language query—like 'Show me the top three vendors with high-risk scores'—and get immediate, summarized results.

## Frequently Asked Questions

**How do I check a vendor’s score using UpGuard MCP?**
You can use list_vendors to see an overview, or get_vendor to pull deep security details for a single partner. The agent presents this data in plain English so you don't have to read technical reports.

**Can UpGuard MCP track my employees' personal breaches?**
Yes. You can use list_identity_breaches to monitor identity theft affecting your workforce, giving you immediate alerts on compromised credentials or domains.

**Does this MCP show me all my assets?**
It provides comprehensive visibility by letting you list_monitored_domains and list_monitored_ips. This ensures your entire digital footprint is accounted for in one place.

**How do I check if a user account is risky with UpGuard MCP?**
Use the list_user_risks tool. It aggregates behavioral data to show you specific risks associated with individual users, helping you preemptively address compromised accounts.

**Is this better than just looking at vendor reports?**
Yes. While vendor reports are useful, the MCP allows you to run list_vendor_risks and compare those findings against your own monitored IP ranges (list_monitored_ips) in a single, cross-referenced view.