MCP Servers

OpenCTI MCP Server

A Model Context Protocol server that facilitates integration with OpenCTI, allowing users to query and retrieve cyber threat intelligence data via a standardized interface.

Spathodea-Network

Category.security-and-iam

Databases

Visit Server

Tools

get_latest_reports

獲取最新的OpenCTI報告

get_report_by_id

根據ID獲取OpenCTI報告

search_indicators

搜尋OpenCTI中的指標

search_malware

搜尋OpenCTI中的惡意程式

search_threat_actors

搜尋OpenCTI中的威脅行為者

get_user_by_id

根據ID獲取使用者資訊

list_users

列出所有使用者

list_groups

列出所有群組

list_attack_patterns

列出所有攻擊模式

get_campaign_by_name

根據名稱獲取行動資訊

list_connectors

列出所有連接器

list_status_templates

列出所有狀態模板

get_file_by_id

根據ID獲取檔案資訊

list_files

列出所有檔案

list_marking_definitions

列出所有標記定義

list_labels

列出所有標籤

README

OpenCTI MCP Server

Traditional Chinese (繁體中文)

Overview

OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with OpenCTI (Open Cyber Threat Intelligence) platform. It enables querying and retrieving threat intelligence data through a standardized interface.

Features

Fetch and search threat intelligence data
- Get latest reports and search by ID
- Search for malware information
- Query indicators of compromise
- Search for threat actors
User and group management
- List all users and groups
- Get user details by ID
STIX object operations
- List attack patterns
- Get campaign information by name
System management
- List connectors
- View status templates
File operations
- List all files
- Get file details by ID
Reference data access
- List marking definitions
- View available labels
Customizable query limits
Full GraphQL query support

Prerequisites

Node.js 16 or higher
Access to an OpenCTI instance
OpenCTI API token

Installation

Installing via Smithery

To install OpenCTI Server for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install opencti-server --client claude

Manual Installation

# Clone the repository
git clone https://github.com/yourusername/opencti-mcp-server.git

# Install dependencies
cd opencti-mcp-server
npm install

# Build the project
npm run build

Configuration

Environment Variables

Copy .env.example to .env and update with your OpenCTI credentials:

cp .env.example .env

Required environment variables:

OPENCTI_URL: Your OpenCTI instance URL
OPENCTI_TOKEN: Your OpenCTI API token

MCP Settings

Create a configuration file in your MCP settings location:

{
  "mcpServers": {
    "opencti": {
      "command": "node",
      "args": ["path/to/opencti-server/build/index.js"],
      "env": {
        "OPENCTI_URL": "${OPENCTI_URL}",  // Will be loaded from .env
        "OPENCTI_TOKEN": "${OPENCTI_TOKEN}"  // Will be loaded from .env
      }
    }
  }
}

Security Notes

Never commit .env file or API tokens to version control
Keep your OpenCTI credentials secure
The .gitignore file is configured to exclude sensitive files

Available Tools

Reports

get_latest_reports

Retrieves the most recent threat intelligence reports.

{
  "name": "get_latest_reports",
  "arguments": {
    "first": 10  // Optional, defaults to 10
  }
}

get_report_by_id

Retrieves a specific report by its ID.

{
  "name": "get_report_by_id",
  "arguments": {
    "id": "report-uuid"  // Required
  }
}

Search Operations

search_malware

Searches for malware information in the OpenCTI database.

{
  "name": "search_malware",
  "arguments": {
    "query": "ransomware",
    "first": 10  // Optional, defaults to 10
  }
}

search_indicators

Searches for indicators of compromise.

{
  "name": "search_indicators",
  "arguments": {
    "query": "domain",
    "first": 10  // Optional, defaults to 10
  }
}

search_threat_actors

Searches for threat actor information.

{
  "name": "search_threat_actors",
  "arguments": {
    "query": "APT",
    "first": 10  // Optional, defaults to 10
  }
}

User Management

get_user_by_id

Retrieves user information by ID.

{
  "name": "get_user_by_id",
  "arguments": {
    "id": "user-uuid"  // Required
  }
}

list_users

Lists all users in the system.

{
  "name": "list_users",
  "arguments": {}
}

list_groups

Lists all groups with their members.

{
  "name": "list_groups",
  "arguments": {
    "first": 10  // Optional, defaults to 10
  }
}

STIX Objects

list_attack_patterns

Lists all attack patterns in the system.

{
  "name": "list_attack_patterns",
  "arguments": {
    "first": 10  // Optional, defaults to 10
  }
}

get_campaign_by_name

Retrieves campaign information by name.

{
  "name": "get_campaign_by_name",
  "arguments": {
    "name": "campaign-name"  // Required
  }
}

System Management

list_connectors

Lists all system connectors.

{
  "name": "list_connectors",
  "arguments": {}
}

list_status_templates

Lists all status templates.

{
  "name": "list_status_templates",
  "arguments": {}
}

File Operations

get_file_by_id

Retrieves file information by ID.

{
  "name": "get_file_by_id",
  "arguments": {
    "id": "file-uuid"  // Required
  }
}

list_files

Lists all files in the system.

{
  "name": "list_files",
  "arguments": {}
}

Reference Data

list_marking_definitions

Lists all marking definitions.

{
  "name": "list_marking_definitions",
  "arguments": {}
}

list_labels

Lists all available labels.

{
  "name": "list_labels",
  "arguments": {}
}

Contributing

Contributions are welcome! Please feel free to submit pull requests.

License

MIT License

Recommended Servers

Supabase MCP Server

A Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.

Featured

JavaScript

MCP DuckDB Knowledge Graph Memory Server

A memory server for Claude that stores and retrieves knowledge graph data in DuckDB, enhancing performance and query capabilities for conversations with persistent user information.

Featured

TypeScript

dbt Semantic Layer MCP Server

A server that enables querying the dbt Semantic Layer through natural language conversations with Claude Desktop and other AI assistants, allowing users to discover metrics, create queries, analyze data, and visualize results.

Featured

TypeScript

Metabase MCP Server

Enables AI assistants to interact with Metabase databases and dashboards, allowing users to list and execute queries, access data visualizations, and interact with database resources through natural language.

Featured

JavaScript

Airtable MCP Server

A Model Context Protocol server that provides tools for programmatically managing Airtable bases, tables, fields, and records through Claude Desktop or other MCP clients.

Featured

JavaScript

VirusTotal MCP Server

A MCP server for querying the VirusTotal API. This server provides tools for scanning URLs, analyzing file hashes, and retrieving IP address reports.

Featured

TypeScript

mcp-shodan

MCP server for querying the Shodan API and Shodan CVEDB. This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more.

Featured

JavaScript

Azure MCP Server

Enables natural language interaction with Azure services through Claude Desktop, supporting resource management, subscription handling, and tenant selection with secure authentication.

Official

Local

TypeScript

Verodat MCP Server

An MCP server that integrates Verodat's data management capabilities with AI systems like Claude Desktop, enabling users to manage accounts, workspaces, and datasets, as well as perform AI-powered queries on their data.

Official

Local

TypeScript

Story SDK MCP Server

This server provides MCP (Model Context Protocol) tools for interacting with Story's Python SDK. Features Get license terms Mint and register IP Asset with PIL Terms Mint license tokens Send $IP to a wallet Upload image to ipfs via Pinata [External] Upload ip and nft metadata via Pinata [External]

Official

Python