Traditional Chinese (繁體中文){:target=“_blank”}
OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with OpenCTI (Open Cyber Threat Intelligence) platform. It enables querying and retrieving threat intelligence data through a standardized interface.
To install OpenCTI Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install opencti-server --client claude
## Clone the repository
git clone https://github.com/yourusername/opencti-mcp-server.git
## Install dependencies
cd opencti-mcp-server
npm install
## Build the project
npm run build
Copy .env.example to .env and update with your OpenCTI credentials:
cp .env.example .env
Required environment variables:
OPENCTI_URL: Your OpenCTI instance URLOPENCTI_TOKEN: Your OpenCTI API tokenCreate a configuration file in your MCP settings location:
{
"mcpServers": {
"opencti": {
"command": "node",
"args": ["path/to/opencti-server/build/index.js"],
"env": {
"OPENCTI_URL": "${OPENCTI_URL}", // Will be loaded from .env
"OPENCTI_TOKEN": "${OPENCTI_TOKEN}" // Will be loaded from .env
}
}
}
}
.env file or API tokens to version control.gitignore file is configured to exclude sensitive filesRetrieves the most recent threat intelligence reports.
{
"name": "get_latest_reports",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Retrieves a specific report by its ID.
{
"name": "get_report_by_id",
"arguments": {
"id": "report-uuid" // Required
}
}
Searches for malware information in the OpenCTI database.
{
"name": "search_malware",
"arguments": {
"query": "ransomware",
"first": 10 // Optional, defaults to 10
}
}
Searches for indicators of compromise.
{
"name": "search_indicators",
"arguments": {
"query": "domain",
"first": 10 // Optional, defaults to 10
}
}
Searches for threat actor information.
{
"name": "search_threat_actors",
"arguments": {
"query": "APT",
"first": 10 // Optional, defaults to 10
}
}
Retrieves user information by ID.
{
"name": "get_user_by_id",
"arguments": {
"id": "user-uuid" // Required
}
}
Lists all users in the system.
{
"name": "list_users",
"arguments": {}
}
Lists all groups with their members.
{
"name": "list_groups",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Lists all attack patterns in the system.
{
"name": "list_attack_patterns",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Retrieves campaign information by name.
{
"name": "get_campaign_by_name",
"arguments": {
"name": "campaign-name" // Required
}
}
Lists all system connectors.
{
"name": "list_connectors",
"arguments": {}
}
Lists all status templates.
{
"name": "list_status_templates",
"arguments": {}
}
Retrieves file information by ID.
{
"name": "get_file_by_id",
"arguments": {
"id": "file-uuid" // Required
}
}
Lists all files in the system.
{
"name": "list_files",
"arguments": {}
}
Lists all marking definitions.
{
"name": "list_marking_definitions",
"arguments": {}
}
Lists all available labels.
{
"name": "list_labels",
"arguments": {}
}
Contributions are welcome! Please feel free to submit pull requests.
MIT License
Mcp Shell
Execute a secure shell in Claude Desktop using the Model Context Protocol.
Mcp Pubmed Server
PubMed MCP Server for accessing research papers
Mcp Guide
A beginner-friendly guide server that helps users understand MCP concepts, provides interactive examples, and demonstrates best practices for building MCP integrations. Features tools for exploring MCP capabilities, resources for learning core concepts, and prompts for guided tutorials.
