Schema | mitre-mcp

mitre-mcp

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
`MITRE_ICS_URL`	No	Override ATT&CK bundle locations or point to internal mirror for ICS domain
`MITRE_DATA_DIR`	No	Store cached bundles in custom directory	mitre_mcp/data
`MITRE_LOG_LEVEL`	No	Logging verbosity (DEBUG, INFO, WARNING, etc.)	INFO
`MITRE_MOBILE_URL`	No	Override ATT&CK bundle locations or point to internal mirror for Mobile domain
`MITRE_CORS_ORIGINS`	No	CORS allowed origins for HTTP mode (* = all, or comma-separated list of domains)	*
`MITRE_MAX_PAGE_SIZE`	No	Maximum records returned by list tools	1000
`MITRE_ENTERPRISE_URL`	No	Override ATT&CK bundle locations or point to internal mirror for Enterprise domain
`MITRE_MAX_DESC_LENGTH`	No	Trimmed description length in responses	500
`MITRE_DOWNLOAD_TIMEOUT`	No	HTTP timeout in seconds for bundle downloads	30
`MITRE_CACHE_EXPIRY_DAYS`	No	Maximum age before cached data is refreshed	1
`MITRE_DEFAULT_PAGE_SIZE`	No	Default records returned by list tools	20
`MITRE_REQUIRED_SPACE_MB`	No	Disk space threshold checked before downloading	200

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": false }
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
get_techniquesA	Get techniques from the MITRE ATT&CK framework with token-optimized responses. Args: domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) include_subtechniques: Include subtechniques in the result remove_revoked_deprecated: Remove revoked or deprecated objects include_descriptions: Whether to include technique descriptions (uses more tokens) limit: Maximum number of techniques to return (default: 20) offset: Index to start from when returning techniques (for pagination) Returns: Dictionary containing a list of techniques and pagination metadata
get_tacticsA	Get all tactics from the MITRE ATT&CK framework. Args: domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) remove_revoked_deprecated: Remove revoked or deprecated objects Returns: Dictionary containing a list of tactics
get_groupsA	Get all groups from the MITRE ATT&CK framework. Args: domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) remove_revoked_deprecated: Remove revoked or deprecated objects Returns: Dictionary containing a list of groups
get_softwareA	Get all software from the MITRE ATT&CK framework. Args: domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) remove_revoked_deprecated: Remove revoked or deprecated objects software_types: Optional list of ATT&CK object types to include (e.g., ["malware"]) Returns: Dictionary containing a list of software
get_techniques_by_tacticB	Get techniques by tactic. Args: tactic_shortname: The shortname of the tactic (e.g., 'defense-evasion') domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) remove_revoked_deprecated: Remove revoked or deprecated objects Returns: Dictionary containing a list of techniques
get_techniques_used_by_groupB	Get techniques used by a group. Args: group_name: The name of the group domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) Returns: Dictionary containing the group and a list of techniques
get_mitigationsA	Get all mitigations from the MITRE ATT&CK framework. Args: domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) remove_revoked_deprecated: Remove revoked or deprecated objects Returns: Dictionary containing a list of mitigations
get_techniques_mitigated_by_mitigationA	Get techniques mitigated by a mitigation. Args: mitigation_name: The name of the mitigation domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) Returns: Dictionary containing the mitigation and a list of techniques
get_technique_by_idA	Get a technique by its MITRE ATT&CK ID. Args: technique_id: The MITRE ATT&CK ID of the technique (e.g., 'T1055') domain: Domain to query (enterprise-attack, mobile-attack, or ics-attack) Returns: Dictionary containing the technique

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
`get_server_info`	Get information about the MITRE ATT&CK MCP server.

Server Configuration
Capabilities
Tools
Prompts
Resources

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Montimage/mitre-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server