OpenCTI MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@OpenCTI MCP ServerList indicators related to Emotet"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
OpenCTI MCP Server
A Model Context Protocol server that exposes OpenCTI, the open-source threat-intelligence platform, to AI assistants. Built on the official pycti client, it registers 45 typed tools (91 when writes are enabled) across 15 threat-intel domains — indicators, observables, reports, malware, threat actors, intrusion sets, campaigns, attack patterns, tools, vulnerabilities, incidents, cases, relationships, identities, and labels/markings — plus platform/operations tools (connectors, users, groups, files), STIX bundle import/export, a graphql_query escape-hatch, and cross-cutting search/relationship/observable-lookup tools for anything the typed per-domain tools don't cover.
This is an unofficial, community-maintained project. It is not affiliated with, endorsed by, or supported by Filigran or the OpenCTI project.
Ships read-only by default. With the default configuration, only list/get/query tools are registered and graphql_query rejects mutations. Setting OPENCTI_READ_ONLY=false exposes *_create, *_update, and the destructive *_delete tools, and lets graphql_query run mutations. Only enable writes with a least-privilege OpenCTI API token, and understand that an assistant with write access can create, modify, and permanently delete intelligence data in your instance.
Tools
Domain | Reads | Writes | Notable tools |
Indicators | 2 | 3 |
|
Observables | 2 | 3 |
|
Reports | 2 | 3 |
|
Malware | 2 | 3 |
|
Threat actors | 2 | 3 |
|
Intrusion sets | 2 | 3 |
|
Campaigns | 2 | 3 |
|
Attack patterns | 2 | 3 |
|
Tools | 2 | 3 |
|
Vulnerabilities | 2 | 3 |
|
Incidents | 2 | 3 |
|
Cases | 2 | 3 |
|
Relationships | 2 | 3 |
|
Identities | 2 | 2 |
|
Labels & markings | 4 | 3 |
|
Every domain also has an _update and _delete tool once writes are enabled (markings are read-only; identities has _create/_delete but no _update). In addition, graphql_query runs a raw GraphQL query/mutation against the OpenCTI API for anything not covered by a typed tool above — reads always work, mutations are rejected unless OPENCTI_READ_ONLY=false. See docs/ENDPOINTS.md for the full tool-to-pycti-call mapping.
Every *_list tool also accepts order_by (a field name, e.g. "created_at") and descending (default true), so order_by="created_at" gives most-recent-first without any extra filtering.
observables_create also accepts StixFile.* observable keys (normalized to File.*), coerces Autonomous-System.number values to an integer, and takes an optional additional_hashes param (a list of "ALGO:VALUE" entries, e.g. "SHA-1:...") to attach extra hashes to a file observable alongside the primary one.
Cross-cutting read tools
search_all(query, types?, first?)— full-text search across all STIX object types at once, optionally restricted to specifictypes.relationships_for_entity(entity_id, relationship_type?, first?)— lists relationships touching an entity as either source or target, e.g. "what is related to X".observables_by_value(value, first?)— exact-value lookup for an observable (IP, domain, URL, hash, etc.) without knowing its id.
Platform & operations
connectors_list/connectors_get(connector_id)— list connectors and check one's status/health (active, state, queue details).users_list/users_get(id)— list/get OpenCTI users.groups_list/groups_get(id)— list/get OpenCTI groups.files_for_entity(entity_id)— list files/attachments on an entity.stix_export_entity(entity_type, entity_id, mode?)/stix_export_list(entity_type, first=25, mode?)— export a single entity, or up tofirstentities of a type (max 500), as a STIX 2 bundle; large exports are capped byfirst, and if the bundle is still too large a small note (_note,entity_type,first,object_count) is returned instead.stix_import_bundle(bundle_json, update?)— write, requiresOPENCTI_READ_ONLY=false— bulk create/update entities and relationships from a STIX bundle.entity_ask_enrichment(entity_id, connector_id)— write, requiresOPENCTI_READ_ONLY=false— trigger a connector to enrich an entity.
Two related capabilities are intentionally not exposed as typed tools and remain available via graphql_query: OpenCTI status templates, and connector start/stop/reset (pycti exposes no dedicated method for either).
Related MCP server: OpenCTI MCP Server
Bundled skill
A Claude Skill lives at skills/opencti-usage/ that teaches an AI agent OpenCTI's model — the STIX data model, entity types, indicators vs observables, relationships, containers, TLP markings, confidence, connectors, and RBAC — and maps each concept to the right MCP tool above. An agent operating the opencti tools loads this skill to understand the platform before creating, relating, or reasoning about OpenCTI data.
skills/opencti-usage/SKILL.mdis the entry point; thereferences/folder holds the per-topic detail.The content is distilled from the official OpenCTI docs (
docs.opencti.io/latest), distilled 2026-07-10. Each reference file has a## Sourcelink back to the docs it was drawn from, so it can be refreshed later.
Quick start
Install
git clone https://github.com/Space-C0wboy/OpenCTI-MCP-Server.git
cd OpenCTI-MCP-Server
uv venv
uv pip install -e ".[dev]"Or with plain pip:
pip install -e .Get an API token
In OpenCTI, open your profile menu → API access, then copy your personal access token.
Configuration
Configuration is read from environment variables, or from a .env file in the working directory (either a standard KEY=value dotenv file or a JSON-style fragment). OS environment variables always take precedence over the file.
Variable | Required | Default | Description |
| Yes | — | Base URL of your OpenCTI instance |
| Yes | — | OpenCTI API token |
| No |
| When |
| No |
| Request timeout in seconds |
| No |
| Verify TLS certificates |
| No |
| Logging verbosity |
| No |
| Bind host when using |
| No |
| Bind port when using |
Run
Stdio (default, for editor/IDE integrations):
uv run opencti-mcpHTTP transport:
uv run opencti-mcp --transport http --host 127.0.0.1 --port 8765Read-only mode
OPENCTI_READ_ONLY defaults to true. In read-only mode, only list/get tools and markings_list/markings_get are registered — no *_create, *_update, or *_delete tool is available for any domain, and graphql_query raises an error if the query document contains a mutation. Set OPENCTI_READ_ONLY=false to register the write tools and allow graphql_query to run mutations.
Editor integration
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"opencti": {
"command": "uv",
"args": ["--directory", "/absolute/path/to/OpenCTI-MCP-Server", "run", "opencti-mcp"],
"env": {
"OPENCTI_URL": "https://your-opencti-instance.example.com/",
"OPENCTI_TOKEN": "your-api-token"
}
}
}
}Claude Code
claude mcp add opencti -- uv --directory /absolute/path/to/OpenCTI-MCP-Server run opencti-mcpExample prompts
"List the 10 most recent indicators."
"Search reports mentioning 'Emotet'."
"Show me the MITRE ATT&CK technique T1059."
"Create an IPv4 observable for 1.2.3.4." (requires
OPENCTI_READ_ONLY=false)"Which threat actors are linked to intrusion set APT29?"
"Get the full detail on case CASE-ID, including its labels and markings."
"What are the 10 most recent reports?"
"Is 1.2.3.4 in OpenCTI?"
"What is this threat actor related to?"
"Search across everything for 'Emotet'."
"Are our OpenCTI connectors healthy?"
"Export this report as a STIX bundle."
"List the groups in OpenCTI."
"Add the victim organization 'Acme Corp' to OpenCTI." (requires
OPENCTI_READ_ONLY=false)"Create an individual identity for John Doe with a description."
Development
uv run pytest
uv run ruff check .License
MIT — see LICENSE.
Support
This is a community-maintained project provided as-is, with no guaranteed support SLA. Issues and pull requests are welcome.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Space-C0wboy/OpenCTI-MCP-Server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server