MISP
A Model Context Protocol (MCP) server that integrates with the MISP (Malware Information Sharing Platform) to provide threat intelligence capabilities to Large Language Models.
claude mcp add --transport stdio bornpresident-misp-mcp-server python /path/to/misp_server.py \ --env MISP_URL="https://your-misp-instance.com" \ --env MISP_API_KEY="your-api-key" \ --env MISP_VERIFY_SSL="True"
How to use
This MCP server integrates MISP threat intelligence into your Model Context workflow. The server exposes tools to fetch recent macOS malware samples, query threat data across platforms, perform advanced searches by attribute, tag, threat actor, or TLP, and submit new indicators of compromise (IoCs) to your MISP instance. You can interact with these capabilities through MCP-enabled clients (like MCP Inspector) or via Claude/Claude Desktop configurations. Typical use includes querying for the latest Mac malware using get_mac_malware, retrieving platform-specific samples with get_platform_malware, performing targeted searches with advanced_search, and contributing IoCs with submit_ioc. For reporting and insights, you can generate threat intelligence reports or pull MISP statistics with generate_threat_report and get_misp_stats respectively.
How to install
Prerequisites: - Python 3.10 or higher - Access to a MISP instance with API access and an API key - Internet access to install dependencies
-
Clone the repository and navigate to it: git clone https://github.com/yourusername/misp-mcp-server.git cd misp-mcp-server
-
Create a virtual environment and activate it: python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
-
Install dependencies (including MCP CLI and pymisp): pip install "mcp[cli]" pymisp
-
Configure environment variables (examples shown in README):
- MISP_URL=https://your-misp-instance.com
- MISP_API_KEY=your-api-key
- MISP_VERIFY_SSL=True/False
-
Run the server locally (development): python misp_server.py
-
Optional: test with MCP Inspector: mcp dev misp_server.py
-
For Claude Desktop integration, update your Claude configuration with the provided mcpServers entry and environment variables as needed.
Additional notes
Notes and tips:
- Ensure MISP_VERIFY_SSL reflects your SSL setup (True for valid certs, False if using self-signed certs with proper handling).
- Use the MCP CLI to install or configure misp_server.py within Claude Desktop or other MCP clients as shown in the README examples.
- If running behind proxies or firewalls, verify that outgoing connections to MISP are allowed on the necessary ports.
- When updating misp_server.py or dependencies, re-create the virtual environment if compatibility issues arise.
- The MCP server name is misp-intelligence; you can rename it in your MCP configuration if desired, but keep the function bindings (command, args, env) aligned.
Related MCP Servers
mcp-vegalite
MCP server from isaacwasserman/mcp-vegalite-server
github-chat
A Model Context Protocol (MCP) for analyzing and querying GitHub repositories using the GitHub Chat API.
nautex
MCP server for guiding Coding Agents via end-to-end requirements to implementation plan pipeline
pagerduty
PagerDuty's official local MCP (Model Context Protocol) server which provides tools to interact with your PagerDuty account directly from your MCP-enabled client.
futu-stock
mcp server for futuniuniu stock
mcp -boilerplate
Boilerplate using one of the 'better' ways to build MCP Servers. Written using FastMCP
