umbrix documentation
connect your ai assistant directly to live threat intelligence with 17 specialized mcp tools and smart web interface
🚀 quick start: connect with your llm AI-Powered
umbrix integrates seamlessly with your ai assistant through mcp (model context protocol). get threat intelligence directly in your ai conversations.
build the docker image
clone and build the umbrix mcp server:
git clone https://github.com/trvon/umbrix-mcp.git
cd umbrix-mcp
docker build -t umbrix-mcp:latest .
configure claude desktop
Open your Claude Desktop configuration file and add the Umbrix MCP server:
Configuration file locations:
-
macOS:
~/Library/Application Support/Claude/claude_desktop_config.json -
Windows:
%APPDATA%\Claude\claude_desktop_config.json -
Linux:
~/.config/Claude/claude_desktop_config.json
Add this configuration:
{
"mcpServers": {
"umbrix": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "UMBRIX_API_KEY",
"-e", "UMBRIX_API_BASE_URL",
"umbrix-mcp:latest"
],
"env": {
"UMBRIX_API_KEY": "your-api-key-here",
"UMBRIX_API_BASE_URL": "https://umbrix.dev/api"
}
}
}
}
Important: Replace your-api-key-here with your actual API key from step 1.
start using umbrix in claude
restart claude desktop and you're ready! try these commands:
// Quick discovery (new specialized tools)
"What are the latest threats in the last 30 days?"
"Find threat actors with recent activity"
"Show me recent indicators of compromise"
"What vulnerabilities are being exploited?"
// Deep analysis
"Analyze this IP: 185.220.101.45"
"Tell me about APT28"
"Get details on Emotet malware"
"Analyze the SolarWinds campaign"
// Graph database queries
"Execute: MATCH (n:ThreatActor) RETURN n.name LIMIT 5"
"Show threat correlation for APT29"
"Use intelligent graph query to find all malware used by Lazarus Group"
// System management
"Check system health status"
"Generate a threat report for APT28"
install umbrix mcp server
install the umbrix mcp server using pip or build from source:
# Install directly from git
pip install git+https://github.com/trvon/umbrix-mcp.git
# Or clone and build
git clone https://github.com/trvon/umbrix-mcp.git
cd umbrix-mcp
pip install -e .
configure lm studio
Add Umbrix to your LM Studio MCP servers configuration:
{
"mcpServers": {
"umbrix": {
"command": "python",
"args": ["-m", "umbrix_mcp"],
"env": {
"UMBRIX_API_KEY": "your-api-key-here",
"UMBRIX_API_BASE_URL": "https://umbrix.dev/api"
}
}
}
}
Quick Setup:
Click to add Umbrix MCP to LM Studio (you'll need to enter your API key)
Important: Replace your-api-key-here with your actual API key from step 1.
start using umbrix in lm studio
restart lm studio and start a conversation with any model. the umbrix tools will be available:
// Quick discovery
"What are the latest threats in the last 30 days?"
"Find threat actors with recent activity"
"Show me recent indicators of compromise"
// Deep analysis
"Analyze this IP: 185.220.101.45"
"Tell me about APT28"
"Get details on Emotet malware"
// Graph queries
"Execute: MATCH (n:ThreatActor) RETURN n.name LIMIT 5"
"Show threat correlation for APT29"
"Use intelligent graph query to find related threats"
build the docker image
clone the repository and build the mcp server:
git clone https://github.com/trvon/umbrix-mcp.git
cd umbrix-mcp
docker build -t umbrix-mcp:latest .
configure claude desktop with docker
add to your claude_desktop_config.json:
{
"mcpServers": {
"umbrix": {
"command": "docker",
"args": [
"run", "-i", "--rm",
"-e", "UMBRIX_API_KEY",
"-e", "UMBRIX_API_BASE_URL",
"umbrix-mcp:latest"
],
"env": {
"UMBRIX_API_KEY": "your-api-key-here",
"UMBRIX_API_BASE_URL": "https://umbrix.dev/api"
}
}
}
}
test the server
verify the mcp server is working correctly:
# Test the server directly
docker run --rm -i \
-e UMBRIX_API_KEY=your-key \
-e UMBRIX_API_BASE_URL=https://umbrix.dev/api \
umbrix-mcp:latest
# You should see: "Starting Umbrix MCP server..."
create a custom gpt
use our pre-configured umbrix gpt or create your own with our api
Name: Umbrix Threat Intelligence
Description: Cyber threat intelligence analysis powered by Umbrix
Instructions: Use the Umbrix API to search for threat actors, analyze indicators, and provide threat intelligence insights.
Actions: Configure with Umbrix OpenAPI spec from /api/openapi.json
configure api authentication
add your umbrix api key to the gpt configuration
install continue extension
install the continue extension for vs code
ext install continue.continue
configure umbrix as mcp server
add umbrix to your continue config.json:
{
"models": [...],
"mcpServers": {
"umbrix": {
"command": "uvx",
"args": ["--from", "git+https://github.com/trvon/umbrix-mcp.git", "umbrix-mcp"],
"env": {
"UMBRIX_API_KEY": "your-api-key-here"
}
}
}
}
use any mcp-compatible client
umbrix works with any mcp client. install our server:
# Install with pip
pip install umbrix-mcp
# Or use uvx
uvx --from git+https://github.com/trvon/umbrix-mcp.git umbrix-mcp
# Set environment variables
export UMBRIX_API_KEY="your-api-key"
export UMBRIX_API_URL="https://api.umbrix.dev"
available mcp tools (17 specialized tools)
your llm can use these umbrix tools:
- 🔍 Entity Details (6): get_threat_actor_summary, get_malware_details, get_campaign_details, get_attack_pattern_details, get_indicator_details, get_vulnerability_details
- 📊 Analysis & Correlation (5): threat_correlation, threat_actor_attribution, timeline_analysis, network_analysis, indicator_reputation
- 🔗 Query & Search (2): execute_graph_query, intelligent_graph_query
- 🛡️ Security Operations (3): ioc_validation, threat_hunting_query_builder, report_generation
- ⚙️ System (1): system_health
umbrix mcp capabilities
17 specialized tools optimized for ai assistants