Enrichment MCP

A server based on the Model Context Protocol (MCP) for performing enrichment queries on provided observables (such as IP addresses, domain names, etc.) through third - party services (such as VirusTotal, HybridAnalysis, etc.). This project is currently only for development and testing, supports multiple observable types and third - party services, and uses environment variables to manage API keys for security.

Security Developer tools #Enrichment Query #MCP Protocol #Security Analysis .Python

rating : 2 points

downloads : 17

update time : 2025-04-29

What is the Enrichment MCP Server?

The Enrichment MCP Server is an implementation of the Model Context Protocol (MCP) for security analysis. It enriches the provided observations by integrating multiple third - party services. For example, it can analyze IP addresses, domain names, URLs, or email addresses and return relevant threat intelligence and risk assessments.

How to use the Enrichment MCP Server?

Users can input observations (such as IP addresses, domain names, etc.) through simple commands or interfaces, and the server will automatically call the corresponding services and return detailed analysis results.

Applicable Scenarios

The Enrichment MCP Server is suitable for security analysts, researchers, and enterprise security teams who need to quickly obtain threat intelligence on network assets.

Main Features

Multi - service IntegrationSupports multiple third - party services such as VirusTotal, Hybrid Analysis, and AlienVault.

Diverse Observation TypesSupports enrichment analysis of IP addresses, domain names, URLs, and email addresses.

Templated ResponsesUses Jinja2 templates to generate standardized response formats for easy parsing and display.

Advantages and Limitations

Advantages

Efficiently integrate multi - source threat intelligence

Easy to expand new third - party services

Provide a unified API interface

Limitations

Some advanced features may depend on paid API keys

Support for complex observations is still being improved

How to Use

Install the Dependent Environment

Ensure that Python, the uv tool, and related dependencies are installed.

Configure the Service

Edit the configuration file `config.yaml` and set the necessary API keys.

Start the Server

Run the command to start the Enrichment MCP Server.

Usage Examples

Example 1: IP Address Enrichment AnalysisAfter inputting an IP address, the system will call multiple services to return its threat intelligence.

Example 2: URL Threat Intelligence DetectionAfter inputting a URL, the system will check if it has malicious behavior.

Frequently Asked Questions

How to add a new third - party service?

Does it support custom templates?

Why are API keys required?

Related Resources

Official Documentation

The official user manual for the Enrichment MCP Server.

GitHub Code Repository

The homepage of the open - source project, containing the complete code and examples.

YouTube Tutorial

A quick - start video tutorial.

🚀 Enrichment MCP Project

This project is an Enrichment Model Context Protocol (MCP) server. It offers IP and domain query functionalities to enhance context.

🚀 Quick Start

✨ Features

IP Query: Supports querying relevant information by inputting an IP address.
Domain Query: Supports querying relevant information by inputting a domain name.

📦 Installation

Clone the Repository

git clone git@github.com:yourusername/enrichment-mcp.git

Install Dependencies

After entering the project directory, install the required Python packages:

pip install -r requirements.txt

Configuration File

Create a configuration file config.json and add the following content:

{
    "ip": {
        "enable": true,
        "apikey": "your_api_key_here",
        "apisecretkey": "your_api_secret_key_here"
    },
    "domain": {
        "enable": true,
        "apikey": "your_api_key_here",
        "apisecretkey": "your_api_secret_key_here"
    }
}

💻 Usage Examples

Download the Pre - built Server

For instructions on using the pre - built server, please refer to: https://modelcontextprotocol.io/quickstart/user

Download and Install Claude for Desktop

curl -LsSf https://astral.sh/uv/install.sh | sh

Configure Claude for Desktop

Open the settings of Claude for Desktop.
Edit the configuration file in the developer options:
- macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
- Windows: %APPDATA%\Claude\claude_desktop_config.json
Add the following content to the configuration file:

{
    "mcpServers": {
        "enrichment-mcp": {
            "command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/uv",
            "args": [
                "--directory",
                "/ABSOLUTE/PATH/TO/CLONED/REPOSITORY/enrichment-mcp",
                "run",
                "server.py"
            ]
        }
    }
}

Restart Claude for Desktop. Now, you should see two icons in the chat bar: a hammer (showing available tools) and a connection icon (showing defined prompts and input requirements).

📚 Documentation

Design Ideas

During the process of building this server, I learned about astral's uv and MCP. I might have over - designed it, but the process was very interesting. I also considered future uses, so I tried to design it in a more general way (more details coming soon).

In addition, I specifically chose to use Jinja2 templates because it can better manage the returned prompts/results and provide more flexibility for future use cases.