Skip to main content
Glama
hdyrawan

agentic-misp-mcp

by hdyrawan

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
MISP_URLYesBase URL for MISP, for example https://misp.example.local.
MISP_API_KEYYesRuntime-only MISP automation/API key. Never pass as a tool argument.
MISP_MAX_LIMITNoMaximum accepted result limit.100
MISP_VERIFY_TLSNoKeep TLS verification enabled.true
MISP_DEFAULT_LIMITNoDefault result limit.20
MISP_TIMEOUT_SECONDSNoHTTP timeout, > 0 and <= 300.30
AGENTIC_MISP_MCP_ROLENoread_only, analyst_write, curator, or admin.read_only
MISP_RELATED_EVENT_LIMITNoRelated event expansion cap.5
AGENTIC_MISP_MCP_LOG_LEVELNoApplication log level.INFO
MISP_EVENT_ATTRIBUTE_LIMITNoAttribute cap for event summaries/investigations.50
AGENTIC_MISP_MCP_ENABLE_WRITENoGlobal write-mode gate.false
AGENTIC_MISP_MCP_AUDIT_LOG_PATHNoJSONL audit log path../logs/audit.jsonl
AGENTIC_MISP_MCP_REQUIRE_APPROVALNoRequire explicit approved=true for write execution.true

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": true
}
logging
{}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
extensions
{
  "io.modelcontextprotocol/ui": {}
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
search_iocC

Search MISP for an IOC and return normalized attribute matches.

investigate_iocC

Investigate an IOC using MISP matches, related events, tags, and warninglists.

summarize_eventC

Summarize a MISP event without returning full raw event JSON.

check_warninglistsC

Check an IOC against MISP warninglists when available.

generate_ioc_reportC

Generate a deterministic analyst report for an IOC.

pivot_iocC

Pivot from an IOC to related events and indicators useful for hunting.

find_related_iocsC

Return a focused, ranked list of IOCs related to the given IOC.

extract_event_iocsC

Extract supported IOC types from a MISP event, grouped and deduplicated.

explain_event_contextC

Explain what a MISP event represents in deterministic, analyst-friendly language.

find_events_by_tagD

Find MISP events associated with a tag.

generate_event_reportC

Generate a deterministic, structured analyst report for a MISP event.

generate_markdown_ioc_reportC

Generate a Markdown-formatted IOC report suitable for SOC documentation.

generate_markdown_event_reportC

Generate a Markdown-formatted MISP event report suitable for SOC escalation.

propose_eventA

Build a MISP event creation proposal. Never writes to MISP.

propose_attributeA

Build an attribute creation proposal for an existing event. Never writes to MISP.

submit_ioc_with_approvalB

Submit an IOC (attribute) to MISP only when write is enabled, role permits write, and approval (when required) has been explicitly given. Otherwise returns a blocked/proposal result.

add_sighting_with_approvalB

Add a sighting to MISP only when policy and approval allow. Otherwise returns a blocked/proposal result.

tag_event_with_approvalA

Tag a MISP event only when policy and approval allow. Otherwise returns a blocked/proposal result.

publish_event_with_approvalA

Publish a MISP event only when policy and approval allow. Requires curator/ admin-like permission and is always high-risk and approval-gated. Otherwise returns a blocked/proposal result.

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/hdyrawan/agentic-misp-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server