cortex-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| CORTEX_URL | Yes | Cortex base URL (e.g., https://cortex.example.com:9001) | |
| CORTEX_API_KEY | Yes | API key for authentication | |
| CORTEX_VERIFY_SSL | No | Set to false to skip SSL verification | true |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| cortex_list_analyzersC | List all enabled analyzers, optionally filtered by data type |
| cortex_get_analyzerC | Get details about a specific analyzer by ID |
| cortex_run_analyzerC | Submit an observable to a specific analyzer for analysis |
| cortex_run_analyzer_by_nameB | Run an analyzer by name instead of ID (convenience wrapper) |
| cortex_get_jobC | Get the status and details of an analysis job |
| cortex_get_job_reportC | Get the full report of a completed analysis job |
| cortex_wait_and_get_reportA | Wait for a job to complete and return the full report (with polling timeout) |
| cortex_list_jobsC | List recent analysis jobs with optional filters |
| cortex_get_job_artifactsB | Get artifacts (extracted observables/IOCs) from a completed analysis job |
| cortex_list_respondersB | List all enabled responders, optionally filtered by data type |
| cortex_run_responderC | Execute a responder action against a TheHive entity (case, task, artifact, alert) |
| cortex_analyze_observableA | Run ALL applicable analyzers against an observable and collect aggregated results with taxonomy summary |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| analyze-observable | Guided workflow for analyzing an observable through Cortex analyzers |
| investigate-ioc | Deep investigation workflow for a suspicious indicator of compromise |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| analyzers | List of all enabled Cortex analyzers with their capabilities and supported data types |
| recent-jobs | Recent Cortex analysis jobs (last 50) |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/solomonneas/cortex-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server