YaraFlux
13
YaraFlux is a Model Context Protocol server designed to perform YARA rule-based file analysis and threat detection. It integrates seamlessly with AI assistants to enable secure and modular threat analysis with comprehensive YARA rule management.
YaraFlux MCP Server
YaraFlux MCP Server enables AI assistants to perform YARA rule-based threat analysis through the standardized Model Context Protocol interface. It provides a modular architecture with distinct layers for MCP integration, tool implementation, and storage, supporting flexible rule management and secure scanning.
Features
- Modular Architecture: Clean separation of concerns with flexible storage options (local, S3/MinIO).
- MCP Integration: 19 integrated tools, optimized for Claude Desktop.
- YARA Scanning: Supports URL and file scanning with detailed match information.
- Rule Management: CRUD operations on YARA rules with validation.
- Security: JWT authentication, secure storage, and access controls.
Documentation
- Comprehensive documentation is available in the
docs/directory, including API reference and installation guides.