What is Enrichment MCP Server?
Enrichment MCP Server is a Model Context Protocol (MCP) server designed for security data enrichment based on provided observables. It utilizes various third-party services to enrich data related to IP addresses, domains, URLs, and email addresses.
How to use Enrichment MCP Server?
To use the Enrichment MCP Server, clone the repository from GitHub, set up the required environment variables in a .env file, and run the server using the command: uv run --env-file .env server.py. For detailed instructions, refer to the quickstart guide.
Key features of Enrichment MCP Server?
- Supports multiple observable types: IP addresses, domains, URLs, and emails.
- Integrates with popular third-party services like VirusTotal, Hybrid Analysis, and Shodan for data enrichment.
- Provides a generic endpoint for observable lookups.
- Customizable configuration through a
config.yamlfile.
Use cases of Enrichment MCP Server?
- Enriching security data for threat intelligence.
- Analyzing IP addresses for potential malicious activity.
- Validating domain names and URLs for security assessments.
- Enhancing email security by checking against known breaches.
FAQ from Enrichment MCP Server?
-
What types of observables can be enriched?
The server can enrich IP addresses, domain names, URLs, and email addresses.
-
Is there a requirement for API keys?
Yes, most third-party services require API keys for access.
-
Can I contribute to the project?
Yes, contributions are welcome! Feel free to submit pull requests.