OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with OpenCTI (Open Cyber Threat Intelligence) platform. It enables querying and retrieving threat intelligence data through a standardized interface.
To install OpenCTI Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install opencti-server --client claude
## Clone the repository
git clone https://github.com/yourusername/opencti-mcp-server.git
## Install dependencies
cd opencti-mcp-server
npm install
## Build the project
npm run build
Copy .env.example to .env and update with your OpenCTI credentials:
cp .env.example .env
Required environment variables:
OPENCTI_URL: Your OpenCTI instance URLOPENCTI_TOKEN: Your OpenCTI API tokenCreate a configuration file in your MCP settings location:
{
"mcpServers": {
"opencti": {
"command": "node",
"args": ["path/to/opencti-server/build/index.js"],
"env": {
"OPENCTI_URL": "${OPENCTI_URL}", // Will be loaded from .env
"OPENCTI_TOKEN": "${OPENCTI_TOKEN}" // Will be loaded from .env
}
}
}
}
.env file or API tokens to version control.gitignore file is configured to exclude sensitive filesRetrieves the most recent threat intelligence reports.
{
"name": "get_latest_reports",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Retrieves a specific report by its ID.
{
"name": "get_report_by_id",
"arguments": {
"id": "report-uuid" // Required
}
}
Searches for malware information in the OpenCTI database.
{
"name": "search_malware",
"arguments": {
"query": "ransomware",
"first": 10 // Optional, defaults to 10
}
}
Searches for indicators of compromise.
{
"name": "search_indicators",
"arguments": {
"query": "domain",
"first": 10 // Optional, defaults to 10
}
}
Searches for threat actor information.
{
"name": "search_threat_actors",
"arguments": {
"query": "APT",
"first": 10 // Optional, defaults to 10
}
}
Retrieves user information by ID.
{
"name": "get_user_by_id",
"arguments": {
"id": "user-uuid" // Required
}
}
Lists all users in the system.
{
"name": "list_users",
"arguments": {}
}
Lists all groups with their members.
{
"name": "list_groups",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Lists all attack patterns in the system.
{
"name": "list_attack_patterns",
"arguments": {
"first": 10 // Optional, defaults to 10
}
}
Retrieves campaign information by name.
{
"name": "get_campaign_by_name",
"arguments": {
"name": "campaign-name" // Required
}
}
Lists all system connectors.
{
"name": "list_connectors",
"arguments": {}
}
Lists all status templates.
{
"name": "list_status_templates",
"arguments": {}
}
Retrieves file information by ID.
{
"name": "get_file_by_id",
"arguments": {
"id": "file-uuid" // Required
}
}
Lists all files in the system.
{
"name": "list_files",
"arguments": {}
}
Lists all marking definitions.
{
"name": "list_marking_definitions",
"arguments": {}
}
Lists all available labels.
{
"name": "list_labels",
"arguments": {}
}
Contributions are welcome! Please feel free to submit pull requests.
MIT License
Mcp Llms Txt Explorer
MCP to explore websites with llms.txt files
Face Generator
MCP server for generating human face images with various shapes and sizes
Mcp Communicator Telegram
An MCP server that enables communication with users through Telegram. This server provides a tool to ask questions to users and receive their responses via a Telegram bot.
