pycti-mcp
If you are the rightful owner of pycti-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
An MCP server front-end for pycti, designed to condense, normalize, and consolidate data from OpenCTI into JSON for LLM consumption.
The MCP server front-end for pycti is a specialized tool designed to interface with the OpenCTI platform, providing a streamlined and efficient way to access and process threat intelligence data. By leveraging the Model Context Protocol (MCP), this server aims to enhance the usability of OpenCTI data for language models by offering more verbose field naming, resolving GraphQL-linked entities, and minimizing non-informative metadata. This approach not only improves the clarity and context of the data but also optimizes the use of context windows, making it an invaluable resource for cybersecurity professionals and researchers who rely on comprehensive and precise threat intelligence. The server is inspired by the Spathodea-Network/opencti-mcp project but focuses on delivering a more refined and consolidated data output.
Features
- Verbose field naming for better LLM interpretation.
- Resolution of GraphQL-linked entities for comprehensive context.
- Reduction of non-informative metadata to optimize context window usage.
- Integration with OpenCTI for real-time threat intelligence data.
- Customizable settings for tailored data processing.
Tools
opencti_observable_lookup
Performs an exact-match lookup in OpenCTI for a given observable value.
opencti_adversary_lookup
Searches for adversaries in OpenCTI by name or alias.
opencti_report_lookup
Looks up threat reports in OpenCTI based on search terms and date filters.