7elu-dl/OpenCTI_MCP_Server
If you are the rightful owner of OpenCTI_MCP_Server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
The OpenCTI FastMCP Server is a project that integrates an OpenCTI instance with Model Context Protocol (MCP) clients using the FastMCP framework.
Tools
Functions exposed to the LLM to take actions
search_indicators
Search indicators via curated GraphQL query returning key indicator metadata.
search_threat_actors
Locate threat actors with details like id, aliases, motivations, labels, and markings.
search_intrusion_sets
Locate intrusion sets with details like aliases, goals, temporal bounds, and markings.
search_campaigns
Locate campaigns with details like objectives, temporal bounds, and labels.
search_malware
Locate malware with details like types, family flag, temporal bounds, and labels.
search_attack_patterns
Locate attack patterns and TTPs with MITRE metadata, labels, and markings.
search_infrastructures
Locate infrastructures leveraged by adversaries with types, temporal bounds, and labels.
search_vulnerabilities
Locate vulnerabilities with score details, attack vector, and labels.
search_reports
Locate finished intelligence reports with report types, publication date, and markings.
ask_virustotal_enrichment
Request enrichment for an observable value using the VirusTotal connector.
get_entity
Retrieve a single entity from the REST API.
execute_graphql
Execute arbitrary GraphQL queries.
Prompts
Interactive templates invoked by user choice
No prompts
Resources
Contextual data attached and managed by the client