Enrichment
CreatedMSAdministrator
Enriches data from multiple security products using a Model Context Protocol server.
About
This tool provides an MCP server implementation for enriching observable data using various third-party security services like VirusTotal, Hybrid Analysis, and AlienVault. It leverages the security-cli Python package to perform enrichment and communicate with these services, enabling easy integration with the Model Context Protocol and providing valuable context for security investigations.
Key Features
- Supports multiple observable types (IP, Domain, URL, Email)
- Uses security-cli for service communication and configuration
- Integrates with various security services (VirusTotal, HybridAnalysis, AlienVault, etc.)
- Configurable via YAML and environment variables
- Provides customizable prompt templates for different services
- 0 GitHub stars
Use Cases
- Investigating suspicious IPs, domains, and URLs
- Enriching security alerts with threat intelligence data
- Providing contextual information for security incidents