cortex-mcp

B2hu/cortex-mcp

3.2

If you are the rightful owner of cortex-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Cortex-MCP is a public repository containing the Hive Cortex MCP server, utilizing Python FastMCP.

Cortex MCP Server

[!CAUTION]

WARNING: this MCP server is EXPERIMENTAL..

Connect to Cortex analyzers directly from any MCP Client using the Model Context Protocol (MCP).

This server connects agents to your Cortex Analyzers using the Model Context Protocol. It allows you to interact and Search for known IOCs with your Analyzers through natural language conversations.

Available Tools

  • analyze_with_abuseipdb: Analyze input with AbuseIPDB (Only IP Addresses).
  • analyze_with_virustotal: Analyze input with VirusTotal (IP, domain/FQDN, hash).
  • analyze_with_urlscan: Analyze domains/URLs with urlscan.io analyzer.

Prerequisites

  • A Cortex instance
  • Cortex authentication credentials (API key)
  • The Above Analyzers IDs.
  • An MCP Client (e.g. Claude Desktop, Goose)

Installation & Setup

This MCP server is provided as a Docker image, that only supports MCP's stdio.

docker pull b2hu/cortex-mcp:v1

Using the stdio protocol

before begining copy the .env.template to .env and paste you variables.

The MCP server needs environment variables to be set:

  • you just need .env file.

The MCP server is started in stdio mode with this command:

docker run -i --rm --env-file .env b2hu/cortex-mcp:v1

The configuration for VSCode Copilot is as follows: first run

mkdir .vscode
touch ./.vscode/mcp.json

{
  "servers": {
    "cortex-mcp": {
      "type": "stdio",
      "command": "docker",
      "args": [
        "run", "-i", "--rm",
        "--env-file", ".env",
        "b2hu/cortex-mcp:v1"
      ]
    }
  }
}