Skip to main content

Configuring MCP server with AI assistants

note

This page covers Spectra Intelligence MCP integration. For Spectra Analyze MCP configuration, see Configuring MCP Server with AI assistants in the Spectra Analyze documentation.

Overview

The MCP (Model Context Protocol) server enables AI assistants to connect to Spectra Intelligence APIs for malware reporting, IOC triage, and reputation lookups. The following steps describe how to configure the MCP server integration with Claude Code or other MCP-compatible AI assistants.

Access

Official marketplace integrations for Claude.ai are currently in the submission phase and will be available in the near future. For immediate access, refer to the Manual configuration section below.

Prerequisites

  • A Spectra Intelligence account with the TCA-0050 API permission. Contact ReversingLabs support to request access.
  • An MCP client.

Manual configuration and other MCP clients

If your MCP client does not have an official connector, you can configure the MCP server manually.

Configuration parameters

  1. MCP server URL (no trailing slash): https://mcp.reversinglabs.com/mcp
  2. OpenID client ID: ai-assistant
  3. OpenID client secret: not required, leave empty
  4. OAuth scope (if explicitly requested): mcp-server-access

Example: Claude Code (CLI)

  1. Add the Spectra Intelligence MCP to a list of MCP servers
    • claude mcp add --client-id ai-assistant -t http spectra-intelligence https://mcp.reversinglabs.com/mcp
  2. Start claude code
  3. Use the /mcp command to connect to the configured spectra-intelligence MCP server
  4. Authenticate as required by the OAuth flow
  5. Once completed you can use the tools exposed by the server via Claude Code

Example: Claude Desktop

  1. Open Claude Desktop settings
  2. Navigate to the Developer tab in the left sidebar
  3. Click Edit Config, this opens the configuration json file
  4. Copy the spectra-intelligence object into the mcpServers section of your configuration
{
"mcpServers": {
"spectra-intelligence": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://mcp.reversinglabs.com/mcp",
"--static-oauth-client-info",
"{ \"client_id\": \"ai-assistant\" }"
]
}
}
}

Available tools

Once connected, AI assistants can invoke the following tools to query Spectra Intelligence. Each entry lists the tool's parameters and an example request.

get_file_reputation

Return file reputation with full analysis and generated LLM prompt.

Parameters:

  • hash: MD5, SHA1, or SHA256 hash of a sample.

Example:

{
"hash": "d41d8cd98f00b204e9800998ecf8427e"
}

bulk_file_reputation

Analyze multiple file hashes with batch processing.

Parameters:

  • hashes: List of MD5, SHA1, or SHA256 sample hashes to analyze.
  • batch_size: Positive integer for hashes per API call (max 25).

Example:

{
"hashes": [
"d41d8cd98f00b204e9800998ecf8427e",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
],
"batch_size": 25
}

get_network_reputation

Evaluate a network indicator (domain, IP, or full URL) and return reputation results including GeoIP, business context, and an automated verdict with a risk score.

Parameters:

  • indicator: IP address, domain, or URL to analyze.

Example:

{
"indicator": "example.com"
}

Search ReversingLabs malware intelligence (Threat Hunting Engine) using a query string. For more details, see Advanced search (TCA-0320).

Parameters:

  • query: Search query string with field:value syntax.
  • limit: Maximum results per page (1-500, default: 100).
  • page: Page number for pagination (default: 1).
  • time_range: Limit search to specific time range, for example, 7days, 6months, 1year, 2years, 3years (default: 7days).
  • sort_by: Sort results by field, for example, sha1, firstseen, threatname (default: None).
  • sort_order: Sort order, for example, asc or desc (default: desc).

Example:

{
"query": "classification:malicious sampletype:PE",
"limit": 100,
"page": 1,
"time_range": "7days",
"sort_by": "firstseen",
"sort_order": "desc"
}

enhanced_threat_analysis

Comprehensive threat intelligence with AI-powered insights, combining multiple analysis engines for comprehensive threat assessment.

Parameters:

  • hash: File hash for analysis.
  • context: Optional context about the sample origin.
  • skip_campaign_analysis: Skip campaign attribution analysis (boolean).

Example:

{
"hash": "d41d8cd98f00b204e9800998ecf8427e",
"context": "Suspicious email attachment",
"skip_campaign_analysis": false
}