Cyberbro

Provides IoC extraction, analysis, and multi-source reputation checks via MCP for LLM integrations.
  • python

17

GitHub Stars

python

Language

3 months ago

First Indexed

3 weeks ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "stanfrbd-mcp-cyberbro": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "CYBERBRO_URL",
        "-e",
        "API_PREFIX",
        "ghcr.io/stanfrbd/mcp-cyberbro:latest"
      ],
      "env": {
        "API_PREFIX": "api",
        "SSL_VERIFY": "false",
        "CYBERBRO_URL": "http://localhost:5000"
      }
    }
  }
}

You can run Cyberbro as an MCP server to extract and analyze Indicators of Compromise (IoCs) from unstructured text and check their reputation across multiple threat intelligence sources. This enables LLMs to query, analyze, and report on CTI data in real-time, with histories and exportable reports.

How to use

Use this MCP server with an MCP client to extract IoCs from input text, submit them for analysis, and retrieve results from multiple threat intelligence engines. You can ask an LLM to analyze a block of text for IoCs, choose the engines to run, and then fetch the analysis results and a consolidated web URL for review.

Typical workflow:

  • Submit text containing potential IoCs to the analyze_observable tool.
  • Check whether the analysis is complete with is_analysis_complete.
  • Retrieve the results with get_analysis_results and, if needed, get_web_url for a direct access URL.

How to install

Prerequisites: you should have Python installed and access to a shell. You can run the MCP server locally or via container.

# Option A: Docker (recommended for quick start)
export CYBERBRO_URL=http://localhost:5000

docker pull ghcr.io/stanfrbd/mcp-cyberbro:latest

Option B: Local installation (Python) – clone the project, install dependencies, and run the server.

# Install dependencies
pip install -r requirements.txt

# Set configuration via environment variables or CLI options as shown below
export CYBERBRO_URL=http://localhost:5000
export API_PREFIX=api

# Start the MCP server (example with Python script name from the project)
uv run mcp-cyberbro-server.py

Additional configuration and notes

Environment variables you may use while running Cyberbro MCP Server include:

  • CYBERBRO_URL: the base URL of your Cyberbro instance (used by the server to connect to Cyberbro).
  • API_PREFIX: a custom prefix for the Cyberbro API endpoints if your instance uses one.
  • SSL_VERIFY: set to false to skip SSL verification during local testing.

If you plan to use Claude Desktop or other MCP clients, configure the MCP server connection in your client with the appropriate command and environment settings from the options below.

Important notes:

  • Ensure that environment variables are exported prior to starting the MCP client or editor to allow a successful connection to Cyberbro.
  • You can run multiple engines and choose the ones you want to use for each analysis to tailor performance and results.

Available tools

analyze_observable

Extracts indicators from input text and submits them for analysis across multiple engines, returning an analysis ID.

is_analysis_complete

Checks if the analysis for a given analysis_id is finished and returns the status.

get_analysis_results

Retrieves the results of a completed analysis by its analysis_id.

get_engines

Lists all available analysis engines supported by Cyberbro.

get_web_url

Returns the web URL for the Cyberbro instance corresponding to a given analysis.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
Cyberbro MCP Server - stanfrbd/mcp-cyberbro | VeilStrat