Caution
WARNING: this MCP server is EXPERIMENTAL..
Connect to Cortex analyzers directly from any MCP Client using the Model Context Protocol (MCP).
This server connects agents to your Cortex Analyzers using the Model Context Protocol. It allows you to interact and Search for known IOCs with your Analyzers through natural language conversations.
analyze_with_abuseipdb: Analyze input with AbuseIPDB (Only IP Addresses).analyze_with_virustotal: Analyze input with VirusTotal (IP, domain/FQDN, hash).analyze_with_urlscan: Analyze domains/URLs with urlscan.io analyzer.
- A Cortex instance
- Cortex authentication credentials (API key)
- The Above Analyzers IDs.
- An MCP Client (e.g. Claude Desktop, Goose)
This MCP server is provided as a Docker image, that only supports MCP's stdio.
docker pull b2hu/cortex-mcp:v1
before begining copy the .env.template to .env and paste you variables.
The MCP server needs environment variables to be set:
- you just need
.envfile.
The MCP server is started in stdio mode with this command:
docker run -i --rm --env-file .env b2hu/cortex-mcp:v1The configuration for VSCode Copilot is as follows: first run
mkdir .vscode
touch ./.vscode/mcp.json{
"servers": {
"cortex-mcp": {
"type": "stdio",
"command": "docker",
"args": [
"run", "-i", "--rm",
"--env-file", ".env",
"b2hu/cortex-mcp:v1"
]
}
}
}