Enrichment MCP Server: Scalable Tool for AI Application Integration Using Model Context Protocol

Overview: What is Enrichment MCP Server?

The Enrichment MCP Server is a specialized implementation of the Model Context Protocol (MCP) designed to facilitate third-party enrichment services for observables such as IP addresses, domains, URLs, and email addresses. By leveraging common security tools and protocols, this server provides a flexible framework to enhance AI applications like Claude Desktop with rich contextual data.

🔧 Core Features & MCP Capabilities

The Enrichment MCP Server exposes several key endpoints for different types of observables:

• Observable Lookup: Route incoming observable queries to the appropriate enrichment service.
  • Lookup-IP Address: Perform in-depth IP address analysis.
  • Lookup-Domain: Analyze domain names and associated metadata.
  • Lookup-URL: Gather detailed information about URLs, including schema, netloc, and more.
  • Lookup-Email: Enrich email addresses with additional context.

These features allow AI applications to seamlessly integrate third-party services, enriching threat intelligence and enhancing overall security posture. The server supports multiple popular tools and allows for extensibility through configuration updates.

⚙️ MCP Architecture & Protocol Implementation

This implementation of the enrichment-mcp MCP Server adheres closely to the Model Context Protocol's specification, ensuring compatibility with various MCP clients such as Claude Desktop. It uses an internal custom configuration file (config.yaml) for mapping third-party services and their API keys.

The server is built using UV, a robust Python web framework which supports asynchronous operations. The architecture includes components such as:

• Observable Routing: Decides the appropriate enrichment action based on observable type.
• Service Endpoints: Exposes endpoints for different kinds of observables (IP addresses, domains, URLs, emails).

The MCP protocol flow and data architecture are visually represented using Mermaid diagrams.

🚀 Getting Started with Installation

To set up a local environment for testing the Enrichment MCP Server:

1. Clone the Repository:

   git clone [repository-url]
   cd enrichment-mcp
   

2. Configure Environment Variables: Create and populate .env using provided example template.

3. Start the Server:

   uv run --env-file .env server.py
   

By following these steps, developers can quickly integrate this server into local testing environments.

💡 Key Use Cases in AI Workflows

Real-world Threat Intelligence Enrichment

Imagine an organization needing to enhance its threat intelligence capabilities. By integrating the Enrichment MCP Server with various security tools (e.g., VirusTotal, Hybrid Analysis), they can gather comprehensive reports on suspicious IP addresses and domains, improving their detection rates.

Automated URL Analysis for E-commerce Security

In an e-commerce setting, analyzing URLs dynamically is crucial to identifying potential phishing attempts. Integrating this server with the Enrichment MCP allows for real-time URL analysis, ensuring user safety and compliance with security policies.

🔌 Integration with MCP Clients

The Enrichment MCP Server seamlessly integrates with popular AI applications:

• Claude Desktop: Fully compatible out-of-the-box.
• Continue: Partially compatible; APIs can be emulated through custom endpoints.
• Cursor: Limited compatibility due to missing prompt template support for URLs and emails.

📊 Performance & Compatibility Matrix

MCP Client Compatibility

MCP Client	Resources	Tools	Prompts	Status
Claude Desktop	✅	✅	✅	Full Support
Continue	✅	✅	✅	Full Support
Cursor	❌	✅	❌	Tools Only

🛠️ Advanced Configuration & Security

Configuration of the Enrichment MCP Server involves editing the config.yaml file, where each service can be mapped to a specific enrichment action. Additional security measures such as API key management and rate limiting are enforced.

Example Configuration Code Sample

Here is an example of how configuration might look:

{
  "mcpServers": {
    "enrichment-mcp": {
      "command": "./uv",
      "args": [
        "--directory", "/path/to/clone/repo/enrichment-mcp",
        "run", "server.py"
      ],
      "env": {
        "VIRUSTOTAL_API_KEY": "your-virustotal-api-key",
        "HYBRID_ANALYSIS_API_KEY": "your-hybrid-analysis-api-key"
      }
    }
  }
}

❓ Frequently Asked Questions (FAQ)

Q1: Can I use custom observables with the Enrichment MCP Server?

A1: Currently, only pre-defined observable types are supported. Custom observables require manual service integration.

Q2: How do I handle rate limiting for API keys?

A2: Rate limits are configured within each client's environment variables to prevent excessive usage and ensure services remain available.

Q3: Is the Enrichment MCP Server supported by security tools other than those provided?

A3: Yes, additional services can be integrated via custom configurations in config.yaml.

Q4: How often does the server update its data sources?

A4: The update frequency depends on each service provider; however, some APIs can be polled periodically to ensure up-to-date information.

Q5: Can I contribute improvements or new features?

A5: Contributions are welcome! Please refer to the contribution guidelines for more details.

👨‍💻 Development & Contribution Guidelines

Contributors are encouraged to improve and expand this server. For detailed instructions on contributing, please visit our repository's main page.

🌐 MCP Ecosystem & Resources

Explore other resources in the broader MCP ecosystem:

• MCP Documentation: Detailed protocol specification.
• Community Forums: Join discussions and share insights with fellow developers.

By integrating the Enrichment MCP Server into AI workflows, organizations can significantly enhance their threat detection capabilities and improve overall security posture. The server’s flexible architecture ensures compatibility with various MCP clients and provides a robust foundation for expanding integration options in future releases.