Schema | cortex-mcp

Describes the environment variables required to run the server.

Name	Required	Description	Default
`CORTEX_URL`	Yes	Cortex base URL (e.g., https://cortex.example.com:9001)
`CORTEX_API_KEY`	Yes	API key for authentication
`CORTEX_VERIFY_SSL`	No	Set to false to skip SSL verification	true

Features and capabilities supported by this server

Functions exposed to the LLM to take actions

Name	Description
cortex_list_analyzers	List all enabled analyzers, optionally filtered by data type
cortex_get_analyzer	Get details about a specific analyzer by ID
cortex_run_analyzer	Submit an observable to a specific analyzer for analysis
cortex_run_analyzer_by_name	Run an analyzer by name instead of ID (convenience wrapper)
cortex_get_job	Get the status and details of an analysis job
cortex_get_job_report	Get the full report of a completed analysis job
cortex_wait_and_get_report	Wait for a job to complete and return the full report (with polling timeout)
cortex_list_jobs	List recent analysis jobs with optional filters
cortex_get_job_artifacts	Get artifacts (extracted observables/IOCs) from a completed analysis job
cortex_list_responders	List all enabled responders, optionally filtered by data type
cortex_run_responder	Execute a responder action against a TheHive entity (case, task, artifact, alert)
cortex_analyze_observable	Run ALL applicable analyzers against an observable and collect aggregated results with taxonomy summary

Interactive templates invoked by user choice

Name	Description
`analyze-observable`	Guided workflow for analyzing an observable through Cortex analyzers
`investigate-ioc`	Deep investigation workflow for a suspicious indicator of compromise

Contextual data attached and managed by the client

Name	Description
`analyzers`	List of all enabled Cortex analyzers with their capabilities and supported data types
`recent-jobs`	Recent Cortex analysis jobs (last 50)

cortex-mcp