VERIFIED

Cortex

Safety: 65/100

0.0(0)

This MCP server bridges LLMs to a Cortex instance for threat intelligence, enabling analysis of observables like IPs and URLs via configured analyzers.

MCP ServersSearch & WebAI & LLMDevelopmentData & DatabasesProductivityCommunicationUtilitiesCloud & InfrastructureFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

This MCP server bridges LLMs to a Cortex instance for threat intelligence, enabling analysis of observables like IPs and URLs via configured analyzers.

This server is relatively safe for read-only operations, but the security posture depends heavily on the configuration of the Cortex instance and the protection of the API key. It is risky if the Cortex instance is not properly secured or if the API key is exposed.

Performance depends on the Cortex instance and the external services used by the analyzers. Network latency can also impact performance.

Cost depends on the usage of external services like VirusTotal and AbuseIPDB, which may have API usage limits or subscription fees.

Rust13 starsMITReleased 12/6/2025CI/CD

Connections & Capabilities

Connects To

GitHub

Capabilities

Read

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Claude Desktop Config

{
  "mcpServers": {
    // ... other server configurations ...
    "cortex": {
      "command": "/opt/mcp-servers/mcp-server-cortex",
      "args": [],
      "env": {
        "CORTEX_ENDPOINT": "http://your-cortex-instance:9000/api",
        "CORTEX_API_KEY": "your_cortex_api_key_here",
      }
    }
    // ... other server configurations ...
  }
}

Tools (4)

safe

analyze_ip_with_abuseipdb

Analyzes an IP address using AbuseIPDB via Cortex and returns the job report.

Read-only operation that queries AbuseIPDB for IP reputation.

safe

analyze_with_abusefinder

Analyzes data (IP, domain, URL, etc.) using AbuseFinder via Cortex and returns the job report.

Read-only operation that queries AbuseFinder for threat intelligence.

safe

scan_url_with_virustotal

Scans a URL using VirusTotal via Cortex and returns the job report.

Read-only operation that submits a URL to VirusTotal for scanning.

safe

analyze_url_with_urlscan_io

Analyzes a URL using Urlscan.io via Cortex and returns the job report.

Read-only operation that submits a URL to Urlscan.io for analysis.

Security

Auth Method

API Key

Known Risks

!Compromised Cortex API key could allow unauthorized analysis.
!Misconfigured Cortex analyzers could lead to inaccurate or misleading results.
!Reliance on external services (e.g., VirusTotal, AbuseIPDB) introduces dependencies and potential points of failure.
!Lack of input validation could expose Cortex to injection attacks (though Cortex should handle this).

Safety Score

moderate risk

Positive

+API key authentication for Cortex access.
+Read-only access to Cortex data via analyzers.
+No direct system-level access.
+Relies on Cortex's own security measures.

Risks

-Exposure of Cortex API key in environment variables.
-Potential for information leakage depending on Cortex analyzer configurations.
-Vulnerable if the underlying Cortex instance is compromised.
-No input sanitization performed by the MCP server itself.

Use Cases

Threat Intelligence

-Analyzing suspicious IPs for malicious activity.
-Checking URLs for malware or phishing attempts.
-Investigating domains for potential threats.

Security Automation

-Automatically enriching security alerts with threat intelligence data.
-Integrating threat analysis into incident response workflows.
-Automating the process of identifying and blocking malicious URLs.

Data Enrichment

-Enriching log data with threat intelligence information.
-Adding context to security events.
-Improving the accuracy of security analytics.

Who Is This For?

Best For

Security analysts investigating potential threats.
Incident responders enriching security alerts.
Security automation engineers integrating threat intelligence into workflows.
Anyone needing to quickly analyze observables for malicious activity.

Not Ideal For

Situations requiring real-time threat blocking (due to analysis latency).
Environments with strict data privacy requirements (due to data sharing with external services).
Use cases requiring modification of the Cortex instance.

Autonomy & Execution

Default ModeRead-only

Autonomy is limited by the read-only nature of the tools. The LLM can request analysis, but cannot modify the Cortex instance or take destructive actions.

StatelessYes

Retry LogicDocumented

ConcurrencyNot documented

Production Tip

Monitor Cortex performance and API usage to ensure the server can handle the load.

FAQ

What happens if a Cortex analyzer is not configured correctly?

The tool call will likely fail or return an error from Cortex. Ensure all analyzers are enabled and configured with the necessary API keys.

How do I protect the Cortex API key?

Store the API key securely and avoid committing it to version control. Use environment variables to pass the key to the server.

Can I use this server with other MCP clients besides Claude Desktop?

Yes, any MCP-compatible client should be able to use this server. However, compatibility may vary depending on the client's implementation.

What kind of data can I analyze with this server?

You can analyze IPs, URLs, domains, and other observables supported by the configured Cortex analyzers.

How do I configure the server to use different analyzers?

You can specify the analyzer name as a parameter in the tool call. If not specified, the server will use the default analyzer name.

What do I do if a tool call fails?

Check the server logs and the Cortex logs for error messages. Ensure the analyzer is configured correctly and that the Cortex instance is running.

Does this server support concurrent requests?

The server itself likely supports concurrent requests, but the performance will depend on the Cortex instance and the external services used by the analyzers.

Key Features

Search & Web AI & LLM Development Data & Databases Productivity Communication Utilities Cloud & Infrastructure

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Related Tools

Cortex | AI Builder Hub Review & Alternatives | Flaex AI