Skip to main content
Glama
enesjakozh

OpenCTI MCP Server

by Spathodea-Network
GitHub
TypeScript
MIT License
22
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

OpenCTI MCP Server

Traditional Chinese (繁體中文)

Overview

OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with OpenCTI (Open Cyber Threat Intelligence) platform. It enables querying and retrieving threat intelligence data through a standardized interface.

Features

  • Fetch and search threat intelligence data
    • Get latest reports and search by ID
    • Search for malware information
    • Query indicators of compromise
    • Search for threat actors
  • User and group management
    • List all users and groups
    • Get user details by ID
  • STIX object operations
    • List attack patterns
    • Get campaign information by name
  • System management
    • List connectors
    • View status templates
  • File operations
    • List all files
    • Get file details by ID
  • Reference data access
    • List marking definitions
    • View available labels
  • Customizable query limits
  • Full GraphQL query support

Prerequisites

  • Node.js 16 or higher
  • Access to an OpenCTI instance
  • OpenCTI API token

Installation

Installing via Smithery

To install OpenCTI Server for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install opencti-server --client claude

Manual Installation

# Clone the repository git clone https://github.com/yourusername/opencti-mcp-server.git # Install dependencies cd opencti-mcp-server npm install # Build the project npm run build

Configuration

Environment Variables

Copy .env.example to .env and update with your OpenCTI credentials:

cp .env.example .env

Required environment variables:

  • OPENCTI_URL: Your OpenCTI instance URL
  • OPENCTI_TOKEN: Your OpenCTI API token

MCP Settings

Create a configuration file in your MCP settings location:

{ "mcpServers": { "opencti": { "command": "node", "args": ["path/to/opencti-server/build/index.js"], "env": { "OPENCTI_URL": "${OPENCTI_URL}", // Will be loaded from .env "OPENCTI_TOKEN": "${OPENCTI_TOKEN}" // Will be loaded from .env } } } }

Security Notes

  • Never commit .env file or API tokens to version control
  • Keep your OpenCTI credentials secure
  • The .gitignore file is configured to exclude sensitive files

Available Tools

Available Tools

Reports

get_latest_reports

Retrieves the most recent threat intelligence reports.

{ "name": "get_latest_reports", "arguments": { "first": 10 // Optional, defaults to 10 } }
get_report_by_id

Retrieves a specific report by its ID.

{ "name": "get_report_by_id", "arguments": { "id": "report-uuid" // Required } }

Search Operations

search_malware

Searches for malware information in the OpenCTI database.

{ "name": "search_malware", "arguments": { "query": "ransomware", "first": 10 // Optional, defaults to 10 } }
search_indicators

Searches for indicators of compromise.

{ "name": "search_indicators", "arguments": { "query": "domain", "first": 10 // Optional, defaults to 10 } }
search_threat_actors

Searches for threat actor information.

{ "name": "search_threat_actors", "arguments": { "query": "APT", "first": 10 // Optional, defaults to 10 } }

User Management

get_user_by_id

Retrieves user information by ID.

{ "name": "get_user_by_id", "arguments": { "id": "user-uuid" // Required } }
list_users

Lists all users in the system.

{ "name": "list_users", "arguments": {} }
list_groups

Lists all groups with their members.

{ "name": "list_groups", "arguments": { "first": 10 // Optional, defaults to 10 } }

STIX Objects

list_attack_patterns

Lists all attack patterns in the system.

{ "name": "list_attack_patterns", "arguments": { "first": 10 // Optional, defaults to 10 } }
get_campaign_by_name

Retrieves campaign information by name.

{ "name": "get_campaign_by_name", "arguments": { "name": "campaign-name" // Required } }

System Management

list_connectors

Lists all system connectors.

{ "name": "list_connectors", "arguments": {} }
list_status_templates

Lists all status templates.

{ "name": "list_status_templates", "arguments": {} }

File Operations

get_file_by_id

Retrieves file information by ID.

{ "name": "get_file_by_id", "arguments": { "id": "file-uuid" // Required } }
list_files

Lists all files in the system.

{ "name": "list_files", "arguments": {} }

Reference Data

list_marking_definitions

Lists all marking definitions.

{ "name": "list_marking_definitions", "arguments": {} }
list_labels

Lists all available labels.

{ "name": "list_labels", "arguments": {} }

Contributing

Contributions are welcome! Please feel free to submit pull requests.

License

MIT License

Deploy Server
A
security – no known vulnerabilities
A
license - permissive license
A
quality - confirmed to work

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Tools

View all tools

A Model Context Protocol server that facilitates integration with OpenCTI, allowing users to query and retrieve cyber threat intelligence data via a standardized interface.

  1. Overview
    1. Features
      1. Prerequisites
        1. Installation
          1. Installing via Smithery
          2. Manual Installation
        2. Configuration
          1. Environment Variables
          2. MCP Settings
          3. Security Notes
        3. Available Tools
          1. Available Tools
            1. Reports
            2. Search Operations
            3. User Management
            4. STIX Objects
            5. System Management
            6. File Operations
            7. Reference Data
          2. Contributing
            1. License

              Related Resources

              Related MCP Servers

              • OpenAI MCP Server

                arthurcolle
                -
                security
                F
                license
                -
                quality
                A Model Context Protocol server implementation that enables connection between OpenAI APIs and MCP clients for coding assistance with features like CLI interaction, web API integration, and tool-based architecture.
                Last updated -
                33
                • Linux
                • Apple

              • Enrichment MCP Server

                synackpwn
                -
                security
                F
                license
                -
                quality
                A Model Context Protocol server that performs third-party threat intelligence enrichment for various observables (IP addresses, domains, URLs, emails) using services like VirusTotal, Shodan, and AbuseIPDB.
                Last updated -

              • Enrichment MCP Server

                MSAdministrator
                A
                security
                F
                license
                A
                quality
                A Model Context Protocol server that enables users to perform third-party enrichment lookups for security observables (IP addresses, domains, URLs, emails) through services like VirusTotal, Shodan, and others.
                Last updated -
                1
                1
                • Apple

              • MCP Vulnerability Checker Server

                firetix
                A
                security
                A
                license
                A
                quality
                A Model Context Protocol server providing security vulnerability intelligence tools including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.
                Last updated -
                8
                5
                MIT License

              View all related MCP servers

              Appeared in Searches

              New MCP Servers

              MCP directory API

              We provide all the information about MCP servers via our MCP API.

              curl -X GET 'https://glama.ai/api/mcp/v1/servers/Spathodea-Network/opencti-mcp'

              If you have feedback or need assistance with the MCP directory API, please join our Discord server