| Name | umbrix-mcp JSON |
| Version |
0.2.0
JSON |
| download |
| home_page | None |
| Summary | MCP server for Umbrix CTI platform - AI-powered threat intelligence |
| upload_time | 2025-07-30 17:28:21 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.10 |
| license | MIT |
| keywords |
ai
claude
cti
mcp
security
threat-intelligence
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Umbrix MCP Server
Connect your AI assistant directly to live threat intelligence with **smart MCP tools** optimized for both large and small AI models.
## 🚀 Quick Start
### 1. Get Your API Key
Visit [umbrix.dev](https://umbrix.dev/account.html), sign in, and generate an API key from Account Settings.
### 2. Install & Configure
#### Option A: Docker (Recommended)
```bash
git clone https://github.com/trvon/umbrix-mcp.git
cd umbrix-mcp
docker build -t umbrix-mcp:latest .
```
#### Option B: Python Package
```bash
pip install git+https://github.com/trvon/umbrix-mcp.git
```
### 3. Configure Claude Desktop
Add to your `claude_desktop_config.json`:
```json
{
"mcpServers": {
"umbrix": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "UMBRIX_API_KEY",
"-e", "UMBRIX_API_BASE_URL",
"umbrix-mcp:latest"
],
"env": {
"UMBRIX_API_KEY": "your-api-key-here",
"UMBRIX_API_BASE_URL": "https://umbrix.dev/api"
}
}
}
}
```
**Config file locations:**
- **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
- **Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
- **Linux**: `~/.config/Claude/claude_desktop_config.json`
### 4. Alternative: Python Installation
If using pip install instead of Docker:
```json
{
"mcpServers": {
"umbrix": {
"command": "python",
"args": ["-m", "umbrix_mcp"],
"env": {
"UMBRIX_API_KEY": "your-api-key-here",
"UMBRIX_API_BASE_URL": "https://umbrix.dev/api"
}
}
}
}
```
## 🤖 Smart MCP Tools
**Optimized for all AI model sizes** - from GPT-4 to smaller local models.
### 🎯 Tool Selection Assistant (Perfect for Smaller Models)
- **get_tool_recommendation** - 🆕 Describe what you want to research → Get personalized tool suggestions
- Example: `get_tool_recommendation("I want to research APT29")` → Suggests best tools for that task
### 🔍 Discovery & Exploration (Great Starting Points)
- **discover_recent_threats** - Start here! Shows latest activity and data overview
- **threat_correlation** - Search for any threat entities with simple terms
- **analyze_indicator** - Deep analysis of specific IOCs (IPs, domains, hashes)
### 💬 Natural Language Queries (Enhanced for Small Models)
- **execute_graph_query** - 🚀 **ENHANCED** Smart tool that converts simple patterns to database queries
- **New patterns**: `"recent threats"`, `"APT29"`, `"192.168.1.1"`, `"ransomware campaigns"`
- **Still supports**: Advanced Cypher queries for expert users
- **threat_intel_chat** - Natural language Q&A about threats with graph context
### 🎯 Specific Entity Lookups
- **get_threat_actor** - Detailed threat actor profiles and attribution
- **get_malware_details** - Comprehensive malware analysis from graph database
- **get_campaign_details** - In-depth campaign intelligence from verified data
- **get_cve_details** - Comprehensive CVE analysis with severity and exploitation status
### 📊 Advanced Analysis
- **timeline_analysis** - Temporal patterns and activity analysis
- **indicator_reputation** - Reputation scoring for IOCs
- **network_analysis** - Analyze IP ranges and networks
- **threat_actor_attribution** - Attribute indicators to actors
- **ioc_validation** - Validate and enrich indicators
### 🛠️ System & Management
- **system_health_check** - Verify platform status when other tools fail
- **feed_status** - Check threat intelligence feed health
- **user_quota** - Monitor usage limits and access controls
## 🧠 Model Size Optimization
### For **Smaller Models** (Claude 3 Haiku, Local LLMs):
1. Start with `get_tool_recommendation("describe your task")`
2. Use `discover_recent_threats` for exploration
3. Try `execute_graph_query` with simple patterns like `"recent threats"` or `"APT29"`
### For **Larger Models** (GPT-4, Claude 3.5 Sonnet):
- Full access to advanced Cypher queries in `execute_graph_query`
- Complex natural language processing in `threat_intel_chat`
- Multi-step analysis workflows
## Development
```bash
# Clone repository
git clone https://github.com/umbrix/umbrix-mcp.git
cd umbrix-mcp
# Install dependencies
uv install
# Run tests
uv run pytest
# Build Docker image
docker build -t umbrix-mcp:latest .
# Test the server
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | \
docker run --rm -i -e UMBRIX_API_KEY=test umbrix-mcp:latest
```
## 📄 License
MIT License - see [LICENSE](LICENSE) file for details.
---
**[umbrix.dev](https://umbrix.dev)** • **[Documentation](https://umbrix.dev/docs)**
Raw data
{
"_id": null,
"home_page": null,
"name": "umbrix-mcp",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "ai, claude, cti, mcp, security, threat-intelligence",
"author": null,
"author_email": "Umbrix Team <support@umbrix.dev>",
"download_url": "https://files.pythonhosted.org/packages/b2/d0/01e5d4959183c449cccb3afc33a312e095c9279532a8ad42b3ae36c43876/umbrix_mcp-0.2.0.tar.gz",
"platform": null,
"description": "# Umbrix MCP Server\n\nConnect your AI assistant directly to live threat intelligence with **smart MCP tools** optimized for both large and small AI models.\n\n## \ud83d\ude80 Quick Start\n\n### 1. Get Your API Key\nVisit [umbrix.dev](https://umbrix.dev/account.html), sign in, and generate an API key from Account Settings.\n\n### 2. Install & Configure\n\n#### Option A: Docker (Recommended)\n```bash\ngit clone https://github.com/trvon/umbrix-mcp.git\ncd umbrix-mcp\ndocker build -t umbrix-mcp:latest .\n```\n\n#### Option B: Python Package\n```bash\npip install git+https://github.com/trvon/umbrix-mcp.git\n```\n\n### 3. Configure Claude Desktop\nAdd to your `claude_desktop_config.json`:\n\n```json\n{\n \"mcpServers\": {\n \"umbrix\": {\n \"command\": \"docker\",\n \"args\": [\n \"run\", \"-i\", \"--rm\",\n \"-e\", \"UMBRIX_API_KEY\",\n \"-e\", \"UMBRIX_API_BASE_URL\", \n \"umbrix-mcp:latest\"\n ],\n \"env\": {\n \"UMBRIX_API_KEY\": \"your-api-key-here\",\n \"UMBRIX_API_BASE_URL\": \"https://umbrix.dev/api\"\n }\n }\n }\n}\n```\n\n**Config file locations:**\n- **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`\n- **Windows**: `%APPDATA%\\Claude\\claude_desktop_config.json`\n- **Linux**: `~/.config/Claude/claude_desktop_config.json`\n\n### 4. Alternative: Python Installation\nIf using pip install instead of Docker:\n\n```json\n{\n \"mcpServers\": {\n \"umbrix\": {\n \"command\": \"python\",\n \"args\": [\"-m\", \"umbrix_mcp\"],\n \"env\": {\n \"UMBRIX_API_KEY\": \"your-api-key-here\",\n \"UMBRIX_API_BASE_URL\": \"https://umbrix.dev/api\"\n }\n }\n }\n}\n```\n\n## \ud83e\udd16 Smart MCP Tools\n\n**Optimized for all AI model sizes** - from GPT-4 to smaller local models.\n\n### \ud83c\udfaf Tool Selection Assistant (Perfect for Smaller Models)\n- **get_tool_recommendation** - \ud83c\udd95 Describe what you want to research \u2192 Get personalized tool suggestions\n - Example: `get_tool_recommendation(\"I want to research APT29\")` \u2192 Suggests best tools for that task\n\n### \ud83d\udd0d Discovery & Exploration (Great Starting Points)\n- **discover_recent_threats** - Start here! Shows latest activity and data overview\n- **threat_correlation** - Search for any threat entities with simple terms\n- **analyze_indicator** - Deep analysis of specific IOCs (IPs, domains, hashes)\n\n### \ud83d\udcac Natural Language Queries (Enhanced for Small Models)\n- **execute_graph_query** - \ud83d\ude80 **ENHANCED** Smart tool that converts simple patterns to database queries\n - **New patterns**: `\"recent threats\"`, `\"APT29\"`, `\"192.168.1.1\"`, `\"ransomware campaigns\"`\n - **Still supports**: Advanced Cypher queries for expert users\n- **threat_intel_chat** - Natural language Q&A about threats with graph context\n\n### \ud83c\udfaf Specific Entity Lookups\n- **get_threat_actor** - Detailed threat actor profiles and attribution\n- **get_malware_details** - Comprehensive malware analysis from graph database\n- **get_campaign_details** - In-depth campaign intelligence from verified data\n- **get_cve_details** - Comprehensive CVE analysis with severity and exploitation status\n\n### \ud83d\udcca Advanced Analysis\n- **timeline_analysis** - Temporal patterns and activity analysis\n- **indicator_reputation** - Reputation scoring for IOCs\n- **network_analysis** - Analyze IP ranges and networks\n- **threat_actor_attribution** - Attribute indicators to actors\n- **ioc_validation** - Validate and enrich indicators\n\n### \ud83d\udee0\ufe0f System & Management\n- **system_health_check** - Verify platform status when other tools fail\n- **feed_status** - Check threat intelligence feed health\n- **user_quota** - Monitor usage limits and access controls\n\n## \ud83e\udde0 Model Size Optimization\n\n### For **Smaller Models** (Claude 3 Haiku, Local LLMs):\n1. Start with `get_tool_recommendation(\"describe your task\")`\n2. Use `discover_recent_threats` for exploration\n3. Try `execute_graph_query` with simple patterns like `\"recent threats\"` or `\"APT29\"`\n\n### For **Larger Models** (GPT-4, Claude 3.5 Sonnet):\n- Full access to advanced Cypher queries in `execute_graph_query`\n- Complex natural language processing in `threat_intel_chat`\n- Multi-step analysis workflows\n\n## Development\n\n```bash\n# Clone repository\ngit clone https://github.com/umbrix/umbrix-mcp.git\ncd umbrix-mcp\n\n# Install dependencies \nuv install\n\n# Run tests\nuv run pytest\n\n# Build Docker image\ndocker build -t umbrix-mcp:latest .\n\n# Test the server\necho '{\"jsonrpc\":\"2.0\",\"id\":1,\"method\":\"tools/list\",\"params\":{}}' | \\\n docker run --rm -i -e UMBRIX_API_KEY=test umbrix-mcp:latest\n```\n\n## \ud83d\udcc4 License\n\nMIT License - see [LICENSE](LICENSE) file for details.\n\n---\n\n**[umbrix.dev](https://umbrix.dev)** \u2022 **[Documentation](https://umbrix.dev/docs)**\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "MCP server for Umbrix CTI platform - AI-powered threat intelligence",
"version": "0.2.0",
"project_urls": {
"Documentation": "https://umbrix.dev/docs",
"Homepage": "https://umbrix.dev",
"Repository": "https://github.com/umbrix/umbrix-mcp"
},
"split_keywords": [
"ai",
" claude",
" cti",
" mcp",
" security",
" threat-intelligence"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "80c86a43ccf461fbbfa0425890d59371a78b6d130dff2ffa98014b92f99967f0",
"md5": "e7f3fb2561e1f4b1941b46934e5340e6",
"sha256": "464fb9ec0054155b0d4081b98232360957d0e78b3b42f5681462e0abf9757b2b"
},
"downloads": -1,
"filename": "umbrix_mcp-0.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e7f3fb2561e1f4b1941b46934e5340e6",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 23032,
"upload_time": "2025-07-30T17:28:20",
"upload_time_iso_8601": "2025-07-30T17:28:20.070589Z",
"url": "https://files.pythonhosted.org/packages/80/c8/6a43ccf461fbbfa0425890d59371a78b6d130dff2ffa98014b92f99967f0/umbrix_mcp-0.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "b2d001e5d4959183c449cccb3afc33a312e095c9279532a8ad42b3ae36c43876",
"md5": "90c3ab7502466a891649a9ee66f2b518",
"sha256": "c9b9fff0155e5b15533a186e1e8a66d9e260c205d822576a352af155df2b4b5b"
},
"downloads": -1,
"filename": "umbrix_mcp-0.2.0.tar.gz",
"has_sig": false,
"md5_digest": "90c3ab7502466a891649a9ee66f2b518",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 33497,
"upload_time": "2025-07-30T17:28:21",
"upload_time_iso_8601": "2025-07-30T17:28:21.435737Z",
"url": "https://files.pythonhosted.org/packages/b2/d0/01e5d4959183c449cccb3afc33a312e095c9279532a8ad42b3ae36c43876/umbrix_mcp-0.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-30 17:28:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "umbrix",
"github_project": "umbrix-mcp",
"github_not_found": true,
"lcname": "umbrix-mcp"
}
