OpenCTI MCP Server

This repository contains the OpenCTI MCP Server, designed to integrate with the Open Cyber Threat Intelligence (OpenCTI) platform via the Model Context Protocol (MCP). It allows users to query and retrieve threat intelligence data through a standardized interface.

Key features include fetching and searching threat intelligence data, such as reports, malware information, indicators of compromise, and threat actors. It also supports user and group management, STIX object operations (attack patterns, campaigns), system management (connectors, status templates), and file operations. Reference data access is available for marking definitions and labels.

Installation can be done via Smithery or manually, requiring Node.js 16+ and access to an OpenCTI instance with an API token. Configuration involves setting environment variables (OPENCTI_URL, OPENCTI_TOKEN) and configuring MCP settings. The server offers a suite of tools for reports, search, user management, STIX objects, system management, file operations, and reference data.