MCP.so
登录

MCP Server for Cortex

@gbrigandi

关于 MCP Server for Cortex

MCP Server for Cortex

基本信息

分类

其他

许可证

MIT

运行时

rust

传输方式

stdio

发布者

gbrigandi

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

4

Analyzes an IP address using an AbuseIPDB analyzer (or a similarly configured IP reputation analyzer) via Cortex. Returns the job report if successful.

Analyzes various types of data (IP, domain, FQDN, URL, or email) using an AbuseFinder analyzer via Cortex. Returns the job report if successful.

Scans a URL using a VirusTotal_Scan analyzer (e.g., `VirusTotal_Scan_3_1`) via Cortex. Returns the job report if successful.

Analyzes a URL using a Urlscan.io analyzer (e.g., `Urlscan_io_Scan_0_1_0`) via Cortex. Returns the job report if successful.

概览

What is MCP Server for Cortex?

MCP Server for Cortex bridges a Cortex instance with MCP-compatible clients, exposing Cortex’s threat-intelligence analyzers as callable tools for large language models like Claude. It is intended for security analysts and automation engineers who need to programmatically enrich observables (IPs, URLs, domains, etc.) via a Cortex backend.

How to use MCP Server for Cortex?

Download or build the server binary, set environment variables CORTEX_ENDPOINT (Cortex API URL) and CORTEX_API_KEY, then configure your MCP client (e.g., Claude Desktop’s claude_desktop_config.json) to launch the binary with those env vars. Once running, the client can call tools like analyze_ip_with_abuseipdb to submit observables for analysis.

Key features of MCP Server for Cortex

  • Exposes Cortex analyzers as MCP tools for LLM clients.
  • Supports IP, URL, domain, FQDN, and email analysis.
  • Uses API-key-based authentication for Cortex access.
  • Requires only a binary download (Rust-based); no runtime dependencies.
  • Built for extensibility – works with any enabled Cortex analyzer.

Use cases of MCP Server for Cortex

  • Enrich an IP address with AbuseIPDB reputation data via an MCP client.
  • Scan a URL with VirusTotal to detect malicious content.
  • Analyze a domain or email using AbuseFinder in an automated playbook.
  • Integrate Cortex’s analysis capabilities into a conversational AI (e.g., Claude).

FAQ from MCP Server for Cortex

What prerequisites are needed?

A Rust toolchain (for building from source), a running Cortex instance with network access, a Cortex API key with permissions to list analyzers and run jobs, and the desired analyzers enabled and configured inside Cortex.

How is the server configured?

Set the environment variables CORTEX_ENDPOINT (e.g., http://localhost:9000/api) and CORTEX_API_KEY. Optionally set RUST_LOG for logging level. No config file is required.

What tools does the server provide?

Four tools: analyze_ip_with_abuseipdb, analyze_with_abusefinder, scan_url_with_virustotal, and analyze_url_with_urlscan_io. Each accepts the observable data, an optional analyzer name, and optional max polling retries.

How do I install the server?

Download a pre-compiled binary from the GitHub Releases page for your OS, place it in your PATH, and make it executable (Linux/macOS: chmod +x). Alternatively, clone the repo and run cargo build --release.

How do I use it with Claude Desktop?

Add an entry to Claude Desktop’s claude_desktop_config.json under mcpServers with the binary path as the command and the two required environment variables. No arguments are needed.

评论

其他 分类下的更多 MCP 服务器