Traditional Chinese (繁體中文){:target=“_blank”}
OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with OpenCTI (Open Cyber Threat Intelligence) platform. It enables querying and retrieving threat intelligence data through a standardized interface.
To install OpenCTI Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install opencti-server --client claude
## Clone the repository
git clone https://github.com/yourusername/opencti-mcp-server.git
## Install dependencies
cd opencti-mcp-server
npm install
## Build the project
npm run build
Copy .env.example to .env and update with your OpenCTI credentials:
cp .env.example .env
Required environment variables:
OPENCTI_URL: Your OpenCTI instance URLOPENCTI_TOKEN: Your OpenCTI API tokenCreate a configuration file in your MCP settings location:
{
"mcpServers": {
"opencti": {
"command": "node",
"args": ["path/to/opencti-server/build/index.js"],
"env": {
"OPENCTI_URL": "${OPENCTI_URL}", // Will be loaded from .env
"OPENCTI_TOKEN": "${OPENCTI_TOKEN}" // Will be loaded from .env
}
}
}
}
.env file or API tokens to version control.gitignore file is configured to exclude sensitive filesRetrieves the most recent threat intelligence reports.
{
"name": "get_latest_reports",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Retrieves a specific report by its ID.
{
"name": "get_report_by_id",
"arguments": {
"id": "report-uuid" // Required
}
}
Searches for malware information in the OpenCTI database.
{
"name": "search_malware",
"arguments": {
"query": "ransomware",
"first": 10 // Optional, defaults to 10
}
}
Searches for indicators of compromise.
{
"name": "search_indicators",
"arguments": {
"query": "domain",
"first": 10 // Optional, defaults to 10
}
}
Searches for threat actor information.
{
"name": "search_threat_actors",
"arguments": {
"query": "APT",
"first": 10 // Optional, defaults to 10
}
}
Retrieves user information by ID.
{
"name": "get_user_by_id",
"arguments": {
"id": "user-uuid" // Required
}
}
Lists all users in the system.
{
"name": "list_users",
"arguments": {}
}
Lists all groups with their members.
{
"name": "list_groups",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Lists all attack patterns in the system.
{
"name": "list_attack_patterns",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Retrieves campaign information by name.
{
"name": "get_campaign_by_name",
"arguments": {
"name": "campaign-name" // Required
}
}
Lists all system connectors.
{
"name": "list_connectors",
"arguments": {}
}
Lists all status templates.
{
"name": "list_status_templates",
"arguments": {}
}
Retrieves file information by ID.
{
"name": "get_file_by_id",
"arguments": {
"id": "file-uuid" // Required
}
}
Lists all files in the system.
{
"name": "list_files",
"arguments": {}
}
Lists all marking definitions.
{
"name": "list_marking_definitions",
"arguments": {}
}
Lists all available labels.
{
"name": "list_labels",
"arguments": {}
}
Contributions are welcome! Please feel free to submit pull requests.
MIT License
Mcp Crypto Price
A Model Context Protocol (MCP) server that provides real-time cryptocurrency analysis via CoinCap's API. Enables Claude and other MCP clients to fetch crypto prices, analyze market trends, and track historical data.
Nhl Go
NHL api client, mcp server, and cli written in Go
System_information_mcp
DevEnvInfoServer - Cursor MCP Server for Development Environment Information
An MCP server implementation that integrates the Tavily Search API, providing optimized search capabilities for LLMs.
Model Context Protocol server for Audius. Perform market research, purchase premium tracks, upload songs, and much more!
A Model Context Protocol server for SMTP email services
A Python-based MCP (Model Context Protocol) server that predicts the origin