MCPs tagged with incident-response
-
Wazuh MCP Server
Bridge Wazuh SIEM data to AI assistants with Model Context Protocol compatibility.
Wazuh MCP Server is a Rust-based service that interfaces with Wazuh SIEM systems and transforms their complex data into Model Context Protocol (MCP) compatible formats. It enables AI assistants, including Claude Desktop Integration, to access security alerts, vulnerability assessments, agent health, and other SIEM insights through natural language queries. This solution facilitates compliance teams and security operations by providing actionable data for monitoring, forensics, compliance validation, and incident response.
- ⭐ 137
- MCP
- gbrigandi/mcp-server-wazuh
-
MCP Server for TheHive
Connect AI-powered automation tools to TheHive incident response platform via MCP.
MCP Server for TheHive enables AI models and automation clients to interact with TheHive incident response platform using the Model Context Protocol. It provides tools to retrieve and analyze security alerts, manage cases, and automate incident response operations. The server facilitates seamless integration by exposing these functionalities over the standardized MCP protocol through stdio communication. It offers both pre-compiled binaries and a source build option with flexible configuration for connecting to TheHive instances.
- ⭐ 11
- MCP
- gbrigandi/mcp-server-thehive
-
MCP Server for Cortex
Bridge Cortex threat analysis capabilities to MCP-compatible clients like Claude.
MCP Server for Cortex exposes the analysis capabilities of a Cortex instance as tools consumable by Model Context Protocol (MCP) clients, such as large language models. It enables these clients to request threat intelligence analyses via Cortex and receive structured results. The server supports easy configuration, secure authentication, and flexible analyzer selection for integrating threat intelligence tasks into automated AI workflows.
- ⭐ 12
- MCP
- gbrigandi/mcp-server-cortex
-
ORKL MCP Server
A Model Context Protocol server for threat intelligence queries via the ORKL API.
ORKL MCP Server is an implementation of the Model Context Protocol (MCP) designed for seamless integration with MCP-compatible applications. It enables secure querying of the ORKL API, offering tools to fetch and analyze threat reports, threat actors, and intelligence sources. The server streamlines access to detailed cyber threat data for security operations and research.
- ⭐ 45
- MCP
- fr0gger/MCP_Security