OpenCTI Server

БесплатноHosted

A Model Context Protocol server that connects AI assistants to OpenCTI threat intelligence platforms. It enables natural language interaction for searching thre

автор: DarkAngel-agents

GitHub

Описание

A Model Context Protocol server that connects AI assistants to OpenCTI threat intelligence platforms. It enables natural language interaction for searching threat intelligence, analyzing reports, managing indicators, and monitoring connectors.

README

A Model Context Protocol (MCP) server for OpenCTI — the Open Cyber Threat Intelligence Platform developed by Filigran.

Connect your AI assistant to your OpenCTI instance for threat intelligence search, indicator lookup, report analysis, and connector monitoring through natural conversation.

Tools

Tool	Description
`search_entities`	Search any STIX entity type (reports, malware, threat actors, etc)
`get_report`	Get full report details by STIX ID
`search_indicators`	Search IOCs by value, pattern type, or keyword
`create_indicator`	Create new indicator with STIX/YARA/Sigma pattern
`list_connectors`	List all connectors with status and queue depth

Quick Start

Environment Variables

Variable	Required	Default	Description
`OPENCTI_URL`	Yes	—	URL of your OpenCTI instance
`OPENCTI_TOKEN`	Yes	—	OpenCTI API token
`OPENCTI_SSL_VERIFY`	No	`false`	Verify SSL certificates
`MCP_TRANSPORT`	No	`stdio`	Transport: `stdio` or `http`
`MCP_HOST`	No	`0.0.0.0`	Host to bind (http mode)
`MCP_PORT`	No	`8000`	Port to bind (http mode)

Docker

git clone https://github.com/DarkAngel-agents/opencti-mcp.git
cd opencti-mcp

export OPENCTI_URL=https://your-opencti-instance.com
export OPENCTI_TOKEN=your-api-token

docker compose up -d

Local

pip install -r requirements.txt

export OPENCTI_URL=https://your-opencti-instance.com
export OPENCTI_TOKEN=your-api-token

# stdio mode
python server.py

# http mode
MCP_TRANSPORT=http python server.py

Claude Desktop

{
  "mcpServers": {
    "opencti": {
      "command": "python",
      "args": ["/path/to/opencti-mcp/server.py"],
      "env": {
        "OPENCTI_URL": "https://your-opencti-instance.com",
        "OPENCTI_TOKEN": "your-api-token"
      }
    }
  }
}

Example Prompts

"Search OpenCTI for threat actors related to APT28"
"Show me the latest reports about ransomware"
"Look up indicators matching this IP: 192.168.1.100"
"Create a STIX indicator for domain evil.example.com"
"What connectors are active and what's their queue status?"

Related Projects

misp-mcp — MCP server for MISP
nixos-anssi-bp028 — NixOS ANSSI hardening module

License

MIT

Как установить

Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.

{
  "mcpServers": {
    "opencti-mcp-server": {
      "command": "npx",
      "args": []
    }
  }
}

OpenCTI Server

Описание

README

Tools

Quick Start

Environment Variables

Docker

Local

Claude Desktop

Example Prompts

Related Projects

License

Как установить

Похожие MCP

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant

Command Palette

OpenCTI Server

Описание

README

Tools

Quick Start

Environment Variables

Docker

Local

Claude Desktop

Example Prompts

Related Projects

License

Как установить

Похожие MCP

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant