MISP MCP connector
MISP is an open source threat intelligence platform for sharing, storing, and correlating indicators of compromise of targeted attacks and threat intelligence. The MISP MCP connector allows AI agents to manage attributes and events, search for threat indicators, and correlate security intelligence across your environment. It also supports querying compromised data, organizing threat information by tags and categories, and synchronizing intelligence feeds with external sources.
Authentication type
- API Key - Requires a static API key to be configured before the agent can connect to the service.
Uses
Use the MISP MCP connector to perform the following actions:
- Centralize threat intelligence indicators from multiple sources into a single repository
- Automate detection and correlation of indicators of compromise across events
- Tag and categorize security events for faster incident response and investigation
- Distribute curated threat feeds to security teams and external partners
- Track and manage galaxy clusters to organize threat actor profiles and tactics
- Publish threat events to stakeholders while maintaining operational security controls
Example prompts
Use the following example prompts to invoke MISP MCP connector tools from your AI assistant or Boomi Connect workflow:
Show me all threat events created in MISP in the last 30 days.Create a new security event in MISP for a detected malware campaign.Search MISP for all indicators associated with domain names.Add the 'ransomware' tag to this event in MISP.List all active threat feeds currently enabled in MISP.Get details on the APT28 galaxy cluster from MISP.Publish this event to MISP so our partners can see the threat intelligence.Find all attributes in MISP related to a specific IP address.Update the description of this MISP event with new findings.Remove outdated indicators from this MISP event.
MISP MCP connector tools
The MISP MCP connector provides the following tools. Each tool maps to a specific action you can invoke from your AI agent or automation.
| Tool | Description |
|---|---|
| getAllAttributes | Retrieves a complete list of all attributes stored in the system. |
| createAttribute | Creates a new attribute with the specified properties and values. |
| getAttribute | Retrieves detailed information for a specific attribute. |
| updateAttribute | Modifies an existing attribute with new or changed values. |
| deleteAttribute | Removes an attribute from the system permanently. |
| searchAttributes | Finds attributes matching specified criteria or filters. |
| getAllEvents | Retrieves a complete list of all events in the system. |
| createEvent | Creates a new event with the specified details. |
| getEvent | Retrieves detailed information for a specific event. |
| updateEvent | Modifies an existing event with new or changed details. |
| deleteEvent | Removes an event from the system permanently. |
| publishEvent | Makes an event visible and available to other users. |
| unpublishEvent | Restricts an event from being visible to other users. |
| searchEvents | Finds events matching specified criteria or filters. |
| addEventTag | Assigns a tag label to an event for categorization. |
| removeEventTag | Removes a tag label from an event. |
| getAllFeeds | Retrieves a complete list of all feeds in the system. |
| createFeed | Creates a new feed source with the specified configuration. |
| getFeed | Retrieves detailed information for a specific feed. |
| updateFeed | Modifies an existing feed with new or changed settings. |
| enableFeed | Activates a feed to start receiving or processing data. |
| disableFeed | Deactivates a feed to stop receiving or processing data. |
| getAllGalaxies | Retrieves a complete list of all galaxy clusters available. |
| getGalaxy | Retrieves detailed information for a specific galaxy. |
| deleteGalaxy | Removes a galaxy from the system permanently. |
| getAllNoticelists | Retrieves a complete list of all noticelists in the system. |
| getNoticelist | Retrieves detailed information for a specific noticelist. |
| searchObjects | Finds objects matching specified criteria or filters. |
| getAllOrganisations | Retrieves a complete list of all organizations in the system. |
| getOrganisation | Retrieves detailed information for a specific organization. |
| createOrganisation | Create an organisation. |
| updateOrganisation | Update an organisation. |
| deleteOrganisation | Delete an organisation. |
| getAllTags | List all tags. |
| createTag | Create a tag. |
| updateTag | Update a tag. |
| deleteTag | Delete a tag. |
| getAllUsers | List all users. |
| createUser | Create a user. |
| getUser | Get a user. |
| updateUser | Update a user. |
| deleteUser | Delete a user. |
| getAllWarninglists | List all warninglists. |
| getWarninglist | Get a warninglist. |
| getSharingGroups | List sharing groups. |
