cortex-mcp
The cortex-mcp server provides an MCP interface to the Cortex threat intelligence platform, enabling AI-driven observable analysis, automated response, and Cortex management.
Analyze observables — Run specific Cortex analyzers by ID or name against data types like IPs, domains, URLs, hashes, emails, filenames, etc., with TLP and PAP classification support
Bulk analysis — Submit an observable to all applicable analyzers at once and receive aggregated results with taxonomy summaries (malicious/suspicious/info/safe counts)
Job management — Check job status, retrieve full reports, wait/poll for completion, list recent jobs with filters, and extract artifacts/IOCs from completed jobs
Responder execution — List enabled responders and execute automated response actions against TheHive entities (cases, tasks, artifacts, alerts)
Browse analyzers & responders — List and filter enabled analyzers/responders by supported data type, or retrieve details for a specific analyzer
System status — Monitor Cortex health, version, and configuration
Organization & user management — List, create, and retrieve organizations and users (requires superadmin API key)
MCP resources — Browse live Cortex data such as enabled analyzers and recent jobs
Guided workflows — Use MCP prompts for structured observable analysis and IOC investigation
Allows for the submission of observables like IPs and hashes to VirusTotal through Cortex's analysis pipeline for security enrichment.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@cortex-mcpAnalyze the IP 185.220.101.42 and give me a summary of the findings"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
cortex-mcp is a Model Context Protocol (MCP) server for Cortex, the observable analysis and active-response engine from StrangeBee/TheHive Project. It exists because analysts already drive Cortex by hand through its web UI or raw REST API, and an AI client can do that work faster: detonate an indicator across every applicable analyzer, aggregate the taxonomy verdicts, and pull artifacts without anyone clicking through a dozen jobs. It differs from a generic HTTP bridge by exposing Cortex's real domain model as 31 typed MCP tools, auto-detecting observable data types, fanning out analysis with a cap, and gating every destructive action (responders, deletes, file reads) behind explicit confirmation.
What it does
cortex-mcp connects an MCP-capable AI client (Claude Desktop, Claude Code, Codex CLI, OpenClaw, Hermes, and others) to a running Cortex instance so the model can perform real observable analysis and threat-intelligence enrichment. Cortex is the analyzer/responder engine in the StrangeBee and TheHive SOAR stack: it runs analyzers against observables (IPs, domains, URLs, file hashes, emails, files) and executes responders against TheHive entities. This server speaks Cortex's REST API and projects the full pipeline as MCP tools, resources, and prompts, so an agent can browse analyzer definitions, enable and configure them, submit observables, wait for job reports, extract IOC artifacts, and triage alerts. Auto-detection classifies an observable's data type before analysis, bulk analysis fans out across applicable analyzers and aggregates the taxonomy results, and superadmin tools cover organization and user/API-key management. The result is conversational observable analysis: ask "what does Cortex think of 185.220.101.42?" and get an aggregated multi-analyzer verdict back.
Related MCP server: misp-mcp
Prerequisites
Node.js 20 or later
A running Cortex instance (v3.x recommended)
A Cortex API key with appropriate permissions
Installation from source
If you prefer to run from a checkout instead of npx:
git clone https://github.com/lidless-labs/cortex-mcp.git
cd cortex-mcp
npm install
npm run buildThen point your client at the built binary (see the per-client recipes below).
Try it (copy-paste MCP client config)
Add this to your MCP client config (this example is Claude Desktop's claude_desktop_config.json; the same command/args/env shape works for Claude Code, Codex, OpenClaw, and Hermes). It runs the published npm package directly with npx, no clone or build required:
{
"mcpServers": {
"cortex": {
"command": "npx",
"args": ["-y", "thehive-cortex-mcp"],
"env": {
"CORTEX_URL": "http://cortex.example.com:9001",
"CORTEX_API_KEY": "your-org-admin-key",
"CORTEX_SUPERADMIN_KEY": "your-superadmin-key"
}
}
}
}The npm package is named thehive-cortex-mcp; it installs a cortex-mcp binary. Set CORTEX_SUPERADMIN_KEY only if you want the organization and user management tools.
Usage
Claude Code
claude mcp add cortex \
--env CORTEX_URL=http://cortex.example.com:9001 \
--env CORTEX_API_KEY=your-org-admin-key \
--env CORTEX_SUPERADMIN_KEY=your-superadmin-key \
-- npx -y thehive-cortex-mcpAdd --scope user to make it available from any directory instead of only the current project.
OpenClaw
openclaw mcp set cortex '{
"command": "npx",
"args": ["-y", "thehive-cortex-mcp"],
"env": {
"CORTEX_URL": "http://cortex.example.com:9001",
"CORTEX_API_KEY": "your-org-admin-key",
"CORTEX_SUPERADMIN_KEY": "your-superadmin-key"
}
}'If you are running from a source checkout instead, point command/args at the built dist/index.js:
openclaw mcp set cortex '{
"command": "node",
"args": ["/absolute/path/to/cortex-mcp/dist/index.js"],
"env": {
"CORTEX_URL": "http://cortex.example.com:9001",
"CORTEX_API_KEY": "your-org-admin-key",
"CORTEX_SUPERADMIN_KEY": "your-superadmin-key"
}
}'Then restart the OpenClaw gateway so the new server is picked up:
systemctl --user restart openclaw-gateway
openclaw mcp list # confirm "cortex" is registeredHermes Agent
Hermes Agent reads MCP config from ~/.hermes/config.yaml under the mcp_servers key. Add an entry:
mcp_servers:
cortex:
command: "npx"
args: ["-y", "thehive-cortex-mcp"]
env:
CORTEX_URL: "http://cortex.example.com:9001"
CORTEX_API_KEY: "your-org-admin-key"
CORTEX_SUPERADMIN_KEY: "your-superadmin-key"Then reload MCP from inside a Hermes session:
/reload-mcpCodex CLI
Codex CLI registers MCP servers via codex mcp add:
codex mcp add cortex \
--env CORTEX_URL=http://cortex.example.com:9001 \
--env CORTEX_API_KEY=your-org-admin-key \
--env CORTEX_SUPERADMIN_KEY=your-superadmin-key \
-- npx -y thehive-cortex-mcpCodex writes the entry to ~/.codex/config.toml under [mcp_servers.cortex]. Verify with:
codex mcp listStandalone
export CORTEX_URL=http://cortex.example.com:9001
export CORTEX_API_KEY=your-org-admin-key
npx -y thehive-cortex-mcp # or `npm start` from a source checkoutMCP Tools (31)
Status
Tool | Description |
| Get Cortex instance health, version, and configuration |
Analyzer Tools
Tool | Description |
| List all enabled analyzers, optionally filtered by data type |
| Get details about a specific analyzer by ID |
| Submit an observable to a specific analyzer for analysis |
| Run an analyzer by name instead of ID (convenience wrapper) |
| Submit a file to an analyzer. |
Analyzer Definition Tools
Tool | Description |
| Browse all available analyzer definitions with filtering (by data type, free/no-config, search) |
| Enable an analyzer definition in the current org with configuration |
| Disable (remove) an enabled analyzer (destructive; requires |
Job Tools
Tool | Description |
| Get the status and details of an analysis job |
| Get the full report of a completed analysis job |
| Wait for a job to complete and return the report |
| List recent analysis jobs with optional filters |
| Get artifacts (extracted IOCs) from a completed job |
| Delete a specific job (destructive; requires |
| Bulk delete jobs by status or age (with dry-run) |
Responder Tools
Tool | Description |
| List all enabled responders, optionally filtered by data type |
| Execute a responder action against a TheHive entity (destructive; requires |
Responder Definition Tools
Tool | Description |
| Browse all available responder definitions with filtering |
| Enable a responder definition with configuration |
| Disable (remove) an enabled responder |
Bulk Operations
Tool | Description |
| Run analyzers against an observable (auto-detected data type) and aggregate taxonomy results. Pass an |
Organization Management (superadmin)
Tool | Description |
| List all organizations |
| Get organization details |
| Create a new organization |
| Update organization description or status |
User Management (superadmin)
Tool | Description |
| List all users across organizations |
| Get user details |
| Create a new user in an organization |
| Generate a new API key for a user (invalidates previous) |
| Retrieve a user's current API key |
MCP Resources (4)
URI | Description |
| Enabled analyzers with capabilities |
| All available analyzer definitions with config requirements |
| All available responder definitions with config requirements |
| Last 50 analysis jobs |
MCP Prompts (4)
Prompt | Description |
| Guided workflow for analyzing an observable through Cortex |
| Deep investigation workflow for a suspicious IOC |
| Guided setup wizard for fresh Cortex instances (enable free analyzers, configure API keys) |
| Structured alert triage workflow with multi-observable analysis and risk assessment |
Configuration
Variable | Required | Default | Description |
| Yes | - | Cortex base URL (e.g., |
| Yes | - | API key for normal operations (org admin level) |
| No | - | Superadmin API key for org/user/definition management |
| No |
| Set to |
| No |
| Request timeout in seconds |
| No | - | Absolute base directory that |
| No |
| Set to |
| No |
| Maximum number of analyzers |
Security and safety gates
This server can trigger real-world actions and submit observables to third-party services, so several capabilities are secured by default:
Arbitrary file reads are blocked.
cortex_run_analyzer_fileonly reads files insideCORTEX_FILE_BASE_DIR(realpath-confined to defeat symlink/..escapes). With no base dir configured, path-based reads are refused; usefileBase64to submit content explicitly.Responders are gated.
cortex_run_responderrequires bothCORTEX_ALLOW_DESTRUCTIVE=1in the environment andconfirm=truein the call.Single-item destructive tools require confirmation.
cortex_delete_jobandcortex_disable_analyzerrequireconfirm=true.Bulk analysis is conservative.
cortex_analyze_observabledoes not fan out to every analyzer by default. Pass an explicitanalyzersallowlist, or setfanOut=trueto run all applicable analyzers (capped byCORTEX_MAX_FANOUT).SSL verification is scoped. Disabling
CORTEX_VERIFY_SSLrelaxes TLS only for Cortex connections, never for the whole Node process.
Examples
Set up analyzers from scratch
1. Use cortex_list_analyzer_definitions with freeOnly=true to find analyzers
that need no API keys.
2. Use cortex_enable_analyzer to enable "Abuse_Finder_3_0" with empty config.
3. Use cortex_analyze_observable with data "8.8.8.8" and fanOut=true to run
all applicable analyzers (or pass analyzers ["Abuse_Finder"] to scope it).Auto-detect observable type
Use cortex_analyze_observable with data "185.220.101.42" and fanOut=true
(no dataType needed - auto-detects as IP). Or pass an `analyzers` allowlist
to limit which analyzers run.Clean up old failed jobs
Use cortex_cleanup_jobs with status "Failure", dryRun true to preview,
then dryRun false to delete.Analyze a file
Set CORTEX_FILE_BASE_DIR=/srv/cortex-uploads in the server environment, then:
Use cortex_run_analyzer_file with analyzerId "Yara_3_0",
filePath "/srv/cortex-uploads/suspicious.exe" to scan with YARA rules.
(Paths outside CORTEX_FILE_BASE_DIR are refused; alternatively pass fileBase64.)Manage API keys
Use cortex_renew_user_key with userId "analyst1" to rotate their API key.Triage a security alert
Use the triage-alert prompt with alertDescription "Suspicious outbound traffic
detected" and observables "185.220.101.42, evil.example.com, 44d88612fea8a8f36de82e1278abb02f"Supported Data Types
Type | Examples | Auto-detected |
|
| yes |
|
| yes |
|
| yes |
| MD5, SHA1, SHA256, SHA512 | yes |
|
| yes |
|
| As domain |
|
| Manual |
|
| Manual |
| Binary file uploads | Manual |
| CVEs, custom types | Manual |
Deployment
Proxmox LXC
bash -c "$(wget -qLO - https://raw.githubusercontent.com/lidless-labs/cortex-mcp/main/scripts/proxmox_install.sh)"Why not something else?
The Cortex web UI is built for one analyst clicking through jobs by hand. cortex-mcp puts the same engine behind an AI client, so analysis, taxonomy aggregation, and artifact extraction happen conversationally instead of through a dozen page loads.
A raw REST wrapper or generic HTTP MCP bridge gives a model an untyped endpoint and no domain knowledge. cortex-mcp models analyzers, responders, jobs, definitions, organizations, and users as 31 typed tools with auto data-type detection, capped fan-out, and built-in safety gates, so the agent works in Cortex's vocabulary rather than reconstructing the API from scratch.
Wiring Cortex into a SOAR runbook or n8n flow is great for fixed, pre-authored pipelines. This server is for the open-ended path: ad hoc enrichment, investigation, and triage where the analyst (or the agent) decides the next step as results come in.
thehive-mcp (the companion server) drives case and alert management in TheHive. cortex-mcp is the analysis-and-response layer; the two are complementary, not substitutes.
What cortex-mcp is not
It is not a Cortex replacement or a reimplementation of analyzers. It calls a Cortex instance you already run; Cortex still does the analysis.
It is not a SIEM, a case manager, or a TheHive client. Case and alert workflows belong to TheHive (see thehive-mcp).
It is not an autonomous responder. Destructive actions (responders, job deletion, file reads by path) are off or confirmation-gated by default and never fire silently.
It is not a hosted service. It runs locally as a stdio MCP server next to your client; nothing is sent anywhere except the Cortex instance you configure.
Testing
npm test # Unit tests
npm run test:watch # Watch mode
npm run lint # Type check
# Integration tests (requires live Cortex instance)
CORTEX_URL=http://cortex.example.com:9001 \
CORTEX_API_KEY=your-key \
CORTEX_SUPERADMIN_KEY=your-superadmin-key \
npx vitest run tests/integration.test.tsProject Structure
cortex-mcp/
src/
index.ts # MCP server entry point
config.ts # Environment config + validation
client.ts # Cortex REST API client (full surface)
types.ts # Cortex API type definitions
resources.ts # MCP resources (4)
prompts.ts # MCP prompts (4)
tools/
analyzers.ts # Analyzer tools (list, get, run, run-by-name)
analyzer-definitions.ts # Definition browsing, enable, disable
jobs.ts # Job management + cleanup
responders.ts # Responder tools (list, run)
responder-definitions.ts # Definition browsing, enable, disable
bulk.ts # Bulk analysis with auto-detect
status.ts # Health/version check
organizations.ts # Org CRUD (superadmin)
users.ts # User CRUD + key management (superadmin)
tests/
client.test.ts # API client unit tests
tools.test.ts # Tool handler unit tests
integration.test.ts # Live instance integration tests
scripts/
proxmox_install.sh # Proxmox LXC deployment scriptContributing
Issues and pull requests are welcome. See CONTRIBUTING.md for the contribution path and SECURITY.md for reporting vulnerabilities. By participating you agree to the Code of Conduct.
License
MIT. See LICENSE.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/lidless-labs/cortex-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server