agentic-misp-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| MISP_URL | Yes | Base URL for MISP, for example https://misp.example.local. | |
| MISP_API_KEY | Yes | Runtime-only MISP automation/API key. Never pass as a tool argument. | |
| MISP_MAX_LIMIT | No | Maximum accepted result limit. | 100 |
| MISP_VERIFY_TLS | No | Keep TLS verification enabled. | true |
| MISP_DEFAULT_LIMIT | No | Default result limit. | 20 |
| MISP_TIMEOUT_SECONDS | No | HTTP timeout, > 0 and <= 300. | 30 |
| AGENTIC_MISP_MCP_ROLE | No | read_only, analyst_write, curator, or admin. | read_only |
| MISP_RELATED_EVENT_LIMIT | No | Related event expansion cap. | 5 |
| AGENTIC_MISP_MCP_LOG_LEVEL | No | Application log level. | INFO |
| MISP_EVENT_ATTRIBUTE_LIMIT | No | Attribute cap for event summaries/investigations. | 50 |
| AGENTIC_MISP_MCP_ENABLE_WRITE | No | Global write-mode gate. | false |
| AGENTIC_MISP_MCP_AUDIT_LOG_PATH | No | JSONL audit log path. | ./logs/audit.jsonl |
| AGENTIC_MISP_MCP_REQUIRE_APPROVAL | No | Require explicit approved=true for write execution. | true |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| logging | {} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| extensions | {
"io.modelcontextprotocol/ui": {}
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| search_iocC | Search MISP for an IOC and return normalized attribute matches. |
| investigate_iocC | Investigate an IOC using MISP matches, related events, tags, and warninglists. |
| summarize_eventC | Summarize a MISP event without returning full raw event JSON. |
| check_warninglistsC | Check an IOC against MISP warninglists when available. |
| generate_ioc_reportC | Generate a deterministic analyst report for an IOC. |
| pivot_iocC | Pivot from an IOC to related events and indicators useful for hunting. |
| find_related_iocsC | Return a focused, ranked list of IOCs related to the given IOC. |
| extract_event_iocsC | Extract supported IOC types from a MISP event, grouped and deduplicated. |
| explain_event_contextC | Explain what a MISP event represents in deterministic, analyst-friendly language. |
| find_events_by_tagD | Find MISP events associated with a tag. |
| generate_event_reportC | Generate a deterministic, structured analyst report for a MISP event. |
| generate_markdown_ioc_reportC | Generate a Markdown-formatted IOC report suitable for SOC documentation. |
| generate_markdown_event_reportC | Generate a Markdown-formatted MISP event report suitable for SOC escalation. |
| propose_eventA | Build a MISP event creation proposal. Never writes to MISP. |
| propose_attributeA | Build an attribute creation proposal for an existing event. Never writes to MISP. |
| submit_ioc_with_approvalB | Submit an IOC (attribute) to MISP only when write is enabled, role permits write, and approval (when required) has been explicitly given. Otherwise returns a blocked/proposal result. |
| add_sighting_with_approvalB | Add a sighting to MISP only when policy and approval allow. Otherwise returns a blocked/proposal result. |
| tag_event_with_approvalA | Tag a MISP event only when policy and approval allow. Otherwise returns a blocked/proposal result. |
| publish_event_with_approvalA | Publish a MISP event only when policy and approval allow. Requires curator/ admin-like permission and is always high-risk and approval-gated. Otherwise returns a blocked/proposal result. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/hdyrawan/agentic-misp-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server