Overview
What is MCP Server for Cortex?
MCP Server for Cortex is a bridge that exposes the analysis capabilities of a Cortex instance to Model Context Protocol (MCP) clients, enabling them to leverage Cortex analyzers for threat intelligence tasks.
How to use MCP Server for Cortex?
To use the MCP Server, ensure you have a running Cortex instance and the necessary analyzers configured. Download the server binary from the GitHub Releases page, configure the environment variables, and run the server to allow MCP clients to request analyses.
Key features of MCP Server for Cortex?
- Centralized analysis of observables from a single point.
- Extensibility to add new analyzers for various threat intelligence feeds.
- Automation of observable enrichment processes.
- Integration with TheHive for incident response.
- API-key based access for security.
Use cases of MCP Server for Cortex?
- Analyzing IP addresses for malicious activity.
- Scanning URLs for potential threats.
- Enriching observables with threat intelligence data.
FAQ from MCP Server for Cortex?
-
What is required to run the MCP Server?
You need a running Cortex instance, Rust toolchain, and configured analyzers. -
Is the MCP Server free to use?
Yes, it is open-source and free to use. -
Can I add my own analyzers?
Yes, you can easily add new analyzers to the Cortex instance.