Cortex Bridge FAQs

Question 1

What are the prerequisites for using Cortex Bridge?

Accepted Answer

You need a Rust toolchain, a running Cortex instance with API access, and configured analyzers (e.g., AbuseIPDB, VirusTotal) within your Cortex instance.

Question 2

What is Cortex Bridge?

Accepted Answer

Cortex Bridge connects MCP clients, like large language models, to a Cortex instance. This allows these clients to leverage Cortex's powerful analyzers for threat intelligence.

Question 3

What types of analysis can Cortex Bridge perform?

Accepted Answer

It supports analyzing IPs, URLs, domains, and emails using Cortex analyzers. Example tools include analyze_ip_with_abuseipdb, analyze_with_abusefinder, and scan_url_with_virustotal.

Question 4

What are the benefits of using Cortex Bridge?

Accepted Answer

Centralized threat analysis, easy integration with LLMs, and leveraging Cortex's extensibility and automation for enriching observables.

Question 5

How do I configure Cortex Bridge for my LLM?

Accepted Answer

Typically, you'll configure your LLM client (e.g., Claude Desktop) with the path to the `mcp-server-cortex` executable and set environment variables for `CORTEX_ENDPOINT` and `CORTEX_API_KEY`.

Cortex Bridge

About

Key Features

Use Cases