mcp -cortex
MCP Server for Cortex
claude mcp add --transport stdio gbrigandi-mcp-server-cortex docker run -i gbrigandi/mcp-server-cortex \ --env RUST_LOG="info" \ --env CORTEX_API_KEY="your_cortex_api_key_here" \ --env CORTEX_ENDPOINT="http://your-cortex-instance:9000/api"
How to use
This MCP server exposes Cortex-powered analysis tools as MCP-compatible endpoints. It acts as a bridge between a Cortex instance and MCP clients (such as large language models), allowing you to request observable analyses (e.g., IP reputation checks, URL/URL-based analyses, and other threat intel lookups) through well-defined tools. Tools available include analyze_ip_with_abuseipdb, analyze_with_abusefinder, scan_url_with_virustotal, and analyze_url_with_urlscan_io, each delegating the actual work to configured Cortex analyzers. By invoking these tools via your MCP client, you receive structured job results from Cortex, including any enrichment data and analysis reports provided by the configured analyzers.
How to install
Prerequisites:
- A Cortex instance with enabled analyzers and a valid API key.
- Docker installed on the host where you will run the MCP server.
- Access to the internet from the host to pull the Docker image if not already cached.
Steps:
- Ensure Cortex is reachable and you have your API key ready.
- Pull and run the MCP Cortex server container: docker run -i gbrigandi/mcp-server-cortex Note: You may want to customize environment variables and volume mappings as needed (see Environment Variables). If you prefer to run locally, you can build and run the binary directly once available, but this guide uses the Docker image for simplicity.
- Configure your MCP client to point at the running server (see mcp_config in this document) and supply required environment variables as needed.
- Validate by invoking one of the available tools (e.g., analyze_ip_with_abuseipdb) with appropriate parameters and confirm you receive a structured response from Cortex.
Additional notes
Environment variables: CORTEX_ENDPOINT and CORTEX_API_KEY are required for the server to access your Cortex instance. You can override logging with RUST_LOG for troubleshooting. If an analyzer is not configured, enabled, or lacks valid keys in Cortex, related tool calls may fail or return errors. Ensure analyzers such as AbuseIPDB_1_0, Abuse_Finder_3_0, VirusTotal_Scan_3_1, and Urlscan_io_Scan_0_1_0 are enabled in Cortex and correctly configured. When using Docker, consider mounting a persistent volume for logs or config if needed, and ensure the container has network access to your Cortex API endpoint.
Tips:
- Test analyzers directly in Cortex UI to confirm keys and connectivity before enabling through MCP.
- If you run into rate limits or API key restrictions, adjust Cortex analyzer configurations or acquire additional keys as appropriate.
Related MCP Servers
goose
an open source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM
cunzhi
告别AI提前终止烦恼,助力AI更加持久
probe
AI-friendly semantic code search engine for large codebases. Combines ripgrep speed with tree-sitter AST parsing. Powers AI coding assistants with precise, context-aware code understanding.
mcp-center
A centralized platform for managing and connecting MCP servers. MCP Center provides a high-performance proxy service that enables seamless communication between MCP clients and multiple MCP servers.
backlog -rust
MCP server for Backlog, project management service.
perplexity-web-api
🔍 Perplexity AI MCP without API key
