Enrichment MCP Server
@MSAdministrator
About Enrichment MCP Server
A Model Context Protocol server for enriching data from multiple security products
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"enrichment-mcp": {
"command": "uv",
"args": [
"run",
"--env-file",
".env",
"server.py"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Enrichment MCP Server?
Enrichment MCP Server is a Model Context Protocol (MCP) server that performs third-party enrichment on a provided observable. It uses the security-cli Python package and configured services (such as VirusTotal, HybridAnalysis, and Shodan) to determine which enrichment services to call based on the observable type.
How to use Enrichment MCP Server?
Run locally with uv run --env-file .env server.py after creating a .env file with the required API keys. For use with Claude Desktop, add the server to your claude_desktop_config.json file under mcpServers, pointing command to the uv binary and passing the directory and server.py as arguments.
Key features of Enrichment MCP Server
- Exposes a single
lookup-observabletool that routes observables to the correct enrichment service - Supports VirusTotal, HybridAnalysis, AlienVault, Shodan, Urlscan.io, AbuseIPDB, and HaveIBeenPwned
- Handles IP addresses, domains, URLs, and email addresses
- Uses environmental variables for API key configuration
- Customizable prompt templates via Jinja2 files in the templates directory
- All enrichment services require API keys
Use cases of Enrichment MCP Server
- Enrich an IP address with VirusTotal and Shodan from an MCP client
- Look up a domain reputation using AlienVault and HybridAnalysis
- Check if an email address appears in known data breaches via HaveIBeenPwned
- Automate observable analysis within Claude Desktop using the exposed MCP tool
FAQ from Enrichment MCP Server
What services are supported?
VirusTotal, HybridAnalysis, AlienVault, Shodan, Urlscan.io, AbuseIPDB, and HaveIBeenPwned. All require API keys.
How do I configure API keys?
Set environmental variables in the format ENRICHMENT_MCP_VIRUSTOTAL_KEY, ENRICHMENT_MCP_HYBRIDANALYSIS_KEY, etc., and load them via a .env file when starting the server.
What observable types are supported?
Currently supported types: ipaddress, domain, url, and email. File hashes (md5, sha1, sha256) are defined but not yet implemented.
Where does enrichment data come from?
Data is fetched live from each configured third-party service. No local storage of results is implemented.
How do I run the server with Claude Desktop?
Add an entry to claude_desktop_config.json under mcpServers with the command pointing to uv, the directory path to the cloned repository, and the argument run server.py.
More Other MCP servers
ICSS
chokcoco不止于 CSS
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
Maestro
mobile-dev-incPainless E2E Automation for Mobile and Web
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Comments