Claude Code LogoClaude Code
Back to All MCP Servers

opencti-mcp

opencti-mcp avatar

by calclavia

Community Servers
View Source

What is opencti-mcp

OpenCTI MCP Server

smithery badge Traditional Chinese (繁體中文)

Overview

OpenCTI MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with OpenCTI (Open Cyber Threat Intelligence) platform. It enables querying and retrieving threat intelligence data through a standardized interface.

Features

  • Fetch and search threat intelligence data
    • Get latest reports and search by ID
    • Search for malware information
    • Query indicators of compromise
    • Search for threat actors
  • User and group management
    • List all users and groups
    • Get user details by ID
  • STIX object operations
    • List attack patterns
    • Get campaign information by name
  • System management
    • List connectors
    • View status templates
  • File operations
    • List all files
    • Get file details by ID
  • Reference data access
    • List marking definitions
    • View available labels
  • Customizable query limits
  • Full GraphQL query support

Prerequisites

  • Node.js 16 or higher
  • Access to an OpenCTI instance
  • OpenCTI API token

Installation

Installing via Smithery

To install OpenCTI Server for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install opencti-server --client claude

Manual Installation

# Clone the repository
git clone https://github.com/yourusername/opencti-mcp-server.git

# Install dependencies
cd opencti-mcp-server
npm install

# Build the project
npm run build

Configuration

Environment Variables

Copy .env.example to .env and update with your OpenCTI credentials:

cp .env.example .env

Required environment variables:

  • OPENCTI_URL: Your OpenCTI instance URL
  • OPENCTI_TOKEN: Your OpenCTI API token

MCP Settings

Create a configuration file in your MCP settings location:

{
  "mcpServers": {
    "opencti": {
      "command": "node",
      "args": ["path/to/opencti-server/build/index.js"],
      "env": {
        "OPENCTI_URL": "${OPENCTI_URL}",  // Will be loaded from .env
        "OPENCTI_TOKEN": "${OPENCTI_TOKEN}"  // Will be loaded from .env
      }
    }
  }
}

Security Notes

  • Never commit .env file or API tokens to version control
  • Keep your OpenCTI credentials secure
  • The .gitignore file is configured to exclude sensitive files

Available Tools

Available Tools

Reports

get_latest_reports

Retrieves the most recent threat intelligence reports.

{
  "name": "get_latest_reports",
  "arguments": {
    "first": 10  // Optional, defaults to 10
  }
}

get_report_by_id

Retrieves a specific report by its ID.

{
  "name": "get_report_by_id",
  "arguments": {
    "id": "report-uuid"  // Required
  }
}

Search Operations

search_malware

Searches for malware information in the OpenCTI database.

{
  "name": "search_malware",
  "arguments": {
    "query": "ransomware",
    "first": 10  // Optional, defaults to 10
  }
}

search_indicators

Searches for indicators of compromise.

{
  "name": "search_indicators",
  "arguments": {
    "query": "domain",
    "first": 10  // Optional, defaults to 10
  }
}

search_threat_actors

Searches for threat actor information.

{
  "name": "search_threat_actors",
  "arguments": {
    "query": "APT",
    "first": 10  // Optional, defaults to 10
  }
}

User Management

get_user_by_id

Retrieves user information by ID.

{
  "name": "get_user_by_id",
  "arguments": {
    "id": "user-uuid"  // Required
  }
}

list_users

Lists all users in the system.

{
  "name": "list_users",
  "arguments": {}
}

list_groups

Lists all groups with their members.

{
  "name": "list_groups",
  "arguments": {
    "first": 10  // Optional, defaults to 10
  }
}

STIX Objects

list_attack_patterns

Lists all attack patterns in the system.

{
  "name": "list_attack_patterns",
  "arguments": {
    "first": 10  // Optional, defaults to 10
  }
}

get_campaign_by_name

Retrieves campaign information by name.

{
  "name": "get_campaign_by_name",
  "arguments": {
    "name": "campaign-name"  // Required
  }
}

System Management

list_connectors

Lists all system connectors.

{
  "name": "list_connectors",
  "arguments": {}
}

list_status_templates

Lists all status templates.

{
  "name": "list_status_templates",
  "arguments": {}
}

File Operations

get_file_by_id

Retrieves file information by ID.

{
  "name": "get_file_by_id",
  "arguments": {
    "id": "file-uuid"  // Required
  }
}

list_files

Lists all files in the system.

{
  "name": "list_files",
  "arguments": {}
}

Reference Data

list_marking_definitions

Lists all marking definitions.

{
  "name": "list_marking_definitions",
  "arguments": {}
}

list_labels

Lists all available labels.

{
  "name": "list_labels",
  "arguments": {}
}

Contributing

Contributions are welcome! Please feel free to submit pull requests.

License

MIT License

View Source

Leave a Comment

Comments section will be available soon. Stay tuned!

Frequently Asked Questions

What is MCP?

MCP (Model Context Protocol) is an open protocol that standardizes how applications provide context to LLMs. Think of MCP like a USB-C port for AI applications, providing a standardized way to connect AI models to different data sources and tools.

What are MCP Servers?

MCP Servers are lightweight programs that expose specific capabilities through the standardized Model Context Protocol. They act as bridges between LLMs like Claude and various data sources or services, allowing secure access to files, databases, APIs, and other resources.

How do MCP Servers work?

MCP Servers follow a client-server architecture where a host application (like Claude Desktop) connects to multiple servers. Each server provides specific functionality through standardized endpoints and protocols, enabling Claude to access data and perform actions through the standardized protocol.

Are MCP Servers secure?

Yes, MCP Servers are designed with security in mind. They run locally with explicit configuration and permissions, require user approval for actions, and include built-in security features to prevent unauthorized access and ensure data privacy.

View all FAQs

Related MCP Servers

Ableton Live MCP Server avatar

Ableton Live MCP Server

MCP Server implementation for Ableton Live OSC control

Community Servers
Airbnb MCP Server avatar

Airbnb MCP Server

Community Servers
AI Agent Marketplace Index Search MCP Server avatar

AI Agent Marketplace Index Search MCP Server

MCP Server for AI Agent Marketplace Index from DeepNLP

Community Servers
Algorand MCP Implementation avatar

Algorand MCP Implementation

Algorand Model Context Protocol (Server & Client)

Community Servers
mcp-server-apache-airflow avatar

mcp-server-apache-airflow

pypi.org/project/mcp-server-apache-airflow/

Community Servers
airtable-mcp-server avatar

airtable-mcp-server

πŸ—‚οΈπŸ€– Airtable Model Context Protocol Server, for allowing AI systems to interact with your Airtable bases

Community Servers
Airtable MCP Server avatar

Airtable MCP Server

Search, create and update Airtable bases, tables, fields, and records using Claude Desktop and MCP (Model Context Protocol) clients

Community Servers
Alphavantage MCP Server avatar

Alphavantage MCP Server

A MCP server for the stock market data API, Alphavantage API.

Community Servers
Amadeus MCP Server avatar

Amadeus MCP Server

Amadeus MCP(Model Context Protocol) Server

Community Servers
Anki MCP Server avatar

Anki MCP Server

An MCP server for Anki

Community Servers

Submit Your MCP Server

Share your MCP server with the community

Submit Now