mcp-server-cortex
If you are the rightful owner of mcp-server-cortex and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This server acts as a bridge, exposing the powerful analysis capabilities of a Cortex instance as tools consumable by Model Context Protocol (MCP) clients.
The MCP Server for Cortex is designed to integrate the robust analysis capabilities of a Cortex instance with MCP-compatible clients, such as large language models like Claude. Cortex is an open-source engine that allows for the analysis of observables using various analyzers. This server enables MCP clients to leverage these analyzers for threat intelligence tasks, providing a centralized, extensible, and automated solution for observable analysis. By using this server, clients can request analyses and receive structured results, enhancing their ability to perform threat intelligence operations efficiently.
Features
- Centralized Analysis: Run various analyses from a single point.
- Extensibility: Easily add new analyzers for different threat intelligence feeds and tools.
- Automation: Automate the process of enriching observables.
- Integration: Designed to work closely with TheHive, a Security Incident Response Platform (SIRP), but can also be used standalone.
- Security: API-key based access to protect your Cortex instance.
Tools
analyze_ip_with_abuseipdb
Analyzes an IP address using an AbuseIPDB analyzer via Cortex.
analyze_with_abusefinder
Analyzes various types of data using an AbuseFinder analyzer via Cortex.
scan_url_with_virustotal
Scans a URL using a VirusTotal_Scan analyzer via Cortex.