mcp-server-misp

gbrigandi/mcp-server-misp

3.2

If you are the rightful owner of mcp-server-misp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

An MCP server that integrates with the MISP threat intelligence platform to provide various threat intelligence services.

Tools

Functions exposed to the LLM to take actions

search_misp_ioc

Search for an IOC (IP, domain, hash, URL, email)

get_misp_event_context

Get full event details including tags and galaxies

check_misp_warninglist

Check if a value is on warninglists (false positive detection)

get_misp_sightings

Get sighting history for an IOC

get_misp_iocs_by_type

Extract IOCs by attribute type (ip-dst, domain, sha256, etc.)

search_misp_by_tag

Search attributes by tag (tlp:red, malware:emotet, etc.)

get_misp_recent_iocs

Get IOCs added within a time window

get_misp_threat_actor_iocs

Get IOCs attributed to a threat actor

list_misp_galaxies

List available MISP galaxies

Prompts

Interactive templates invoked by user choice

No prompts

Resources

Contextual data attached and managed by the client

No resources