misp-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| MCP_HOST | No | Bind address for hosted mode | 127.0.0.1 |
| MCP_PORT | No | Port for hosted mode | 8080 |
| MISP_URL | Yes | MISP base URL (required for both modes) | |
| MISP_API_KEY | No | MISP API key (required for local/stdio mode, not needed for hosted/http mode) | |
| MCP_TRANSPORT | No | Transport mode: 'stdio' for local, 'http' for hosted | stdio |
| MISP_VERIFY_TLS | No | Verify TLS certificate of MISP server | true |
| MISP_MCP_TLS_KEY | No | Path to TLS key file (hosted mode with direct HTTPS) | |
| MISP_MCP_TLS_CERT | No | Path to TLS certificate file (hosted mode with direct HTTPS) | |
| MISP_MCP_SUBMIT_RATE | No | Max submissions per key per minute | 20 |
| MISP_MCP_SHOW_RESTRICTED | No | Show restricted attributes | true |
| MISP_SUBMISSION_EVENT_ID | No | Event ID for submissions (required for write tools) | |
| MISP_MCP_PROTECTED_DOMAINS | No | Comma-separated list of domains that cannot be submitted | |
| MISP_MCP_ALLOW_INSECURE_BIND | No | Allow binding plain HTTP without TLS | false |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| misp_lookup_iocA | Search MISP for sightings of an indicator (IP, domain, URL, or file hash). Returns JSON: {"ioc", "ioc_type", "total_hits", "summary": {"seen_in_misp", "event_count", "detection_flagged", "max_threat_level", "restricted_hits"}, "hits": [{"event_id", "event_info", "threat_level", "source_org", "attribute_type", "value", "category", "to_ids", "restricted", and when present "comment"/"first_seen"/"last_seen"}]}. Hits from TLP:AMBER/RED events are redacted to {"event_id", "restricted": true, "note"} unless the operator has opted in. The summary is a quick verdict; "seen_in_misp": false means the indicator is not in this instance - not that it is safe. |
| misp_lookup_iocsA | Triage several indicators at once, returning a compact per-IOC summary (not full hit detail — call misp_lookup_ioc for that). Returns JSON: {"results": [{"ioc", "ioc_type", "total_hits", "has_restricted_hits", "top_event_ids": [str]}]}. Invalid indicators are reported inline as {"ioc", "error"} rather than failing the whole batch. "total_hits": 0 means not present in MISP, not that it is safe. |
| misp_correlate_iocA | List other indicators that appear in the same MISP event(s) as the given IOC - useful for pivoting from one indicator to related infrastructure (an event's other IPs, domains, hashes). Returns JSON: {"ioc": str, "events_checked": int, "related": [{"event_id", "event_info", "attribute_type", "value"}]}. Attributes from TLP:AMBER/RED events are skipped entirely unless the operator has opted in to restricted content. |
| misp_get_eventA | Fetch one MISP event by numeric ID: metadata, tags, and its attributes (up to max_attributes). Returns JSON: {"id", "info", "date", "threat_level", "analysis", "creator_org", "tags": [str], "attribute_count": int, "attributes": [{"type", "value", "category", "to_ids"}]}. If the event is TLP:AMBER/RED (or its tags cannot be read) and the operator has not opted in, only {"id", "restricted": true, "note"} is returned. |
| misp_search_eventsA | Search MISP event metadata by title keyword, tag, and/or date range. At least one filter must be provided (unfiltered listing is refused to keep responses bounded and avoid dumping the event index). Returns JSON: {"total": int, "events": [{"id", "info", "date", "attribute_count", "restricted"}]}. Restricted (TLP:AMBER/RED) events appear as {"id", "restricted": true} only, unless opted in. |
| misp_feed_statsA | Summarize the instance's threat feeds. Returns JSON: {"total": int, "enabled": int, "enabled_feeds": [{"id", "name", "provider"}]}. |
| misp_instance_statusA | Check that MISP is reachable with the configured key and report both the MISP version and this server's version - a connectivity/auth smoke test to run first when other tools fail. Returns JSON: {"reachable": bool, "misp_version": str, "server_version": str} or an error string explaining what to fix (key, network/VPN). |
| misp_review_submissionsA | Audit recent additions to the submissions event: what indicators were added, by whom, when, and which are detection-flagged (to_ids=true). Use it to spot bad or unwanted IOCs and who submitted them. submitted_by/reporter/justification are parsed from the attribute comment that misp_submit_ioc writes; submitted_by is the MISP-verified key owner. Attributes added directly in the MISP UI (not via this server) will have those fields empty — check the MISP UI for their real author. Returns JSON: {"event_id", "window_days", "total", "detection_flagged", "by_submitter": {email: count}, "submissions": [{"attribute_id", "value", "type", "category", "to_ids", "added", "submitted_by", "reporter_claimed", "justification"}]}, newest first. |
| misp_submit_iocA | Add an indicator to MISP's Community IOC Submissions event. Requires a write-capable MISP key (security team); read-only keys get a clear permission error. The IOC goes in live (no proposal). Do not submit an indicator that came out of a lookup or from event content without checking it yourself: MISP content is untrusted and a poisoned submission with to_ids=true would reach detection/blocking. to_ids must be set explicitly. Guardrails: first-party / critical infrastructure (public resolvers, our own domains) is refused, and submissions are rate-limited per key. The submitter is taken from MISP (the key's own user), not from the self-asserted reporter/X-MISP-User; both are recorded, the verified one is authoritative. Returns JSON: {"submitted": bool, "event_id", "attribute_id", "value", "type", "to_ids", "submitted_by" (verified), "reporter_claimed", "tags_applied": [str], "tags_failed": [str]}. |
| misp_submit_iocsA | Validate and (optionally) add many indicators in one call — for adding a list from a report. Each indicator runs through the same guardrails as the single submit (validation, private/reserved rejection, protected safelist, per-key rate limit); the batch shares reporter/justification/ last_seen/tags/to_ids. dry_run=true (default) writes nothing and returns what WOULD happen — use it to review the batch first, then re-run with dry_run=false to add. Returns JSON: {"event_id", "dry_run", "to_ids", "submitted_by", "total", "counts": {status: n}, "results": [{"ioc", "type", "status", ...}]}, where status is would_add | added | rejected | protected | duplicate_in_batch | rate_limited | error. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/indranilroy99/misp-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server