Provides AI-native access to the MITRE ATT&CK threat intelligence framework with over 80 tools for querying techniques, tactics, groups, software, and mitigations across Enterprise, Mobile, and ICS domains.
The MITRE ATT&CK MCP Server transforms the world's leading adversary knowledge base into an AI-native interface, built for the Model Context Protocol. It enables LLMs and agentic systems to query over 200 techniques, 140+ groups, and 700+ software entries, reason over complex threat relationships, visualize coverage gaps with ATT&CK Navigator layers, and scale threat intelligence workflows with structured tools. This self-contained server provides machine-callable access to the official MITRE ATT&CK framework using STIX data, offering LLM-friendly structured outputs for security teams, threat hunters, detection engineers, and AI researchers.
주요 기능
01Over 65 MCP tools for all major ATT&CK entities and relationships across domains
02Automatic STIX data download and caching for up-to-date threat intelligence
03Native generation of ATT&CK Navigator layers for visualization
04Designed for AI-native interfaces, LLMs, and agentic systems
05In-memory caching and type-safe data models for high performance
060 GitHub stars
사용 사례
01Empowering security teams and threat hunters with programmatic access to ATT&CK data
02Assisting detection engineers in mapping and visualizing coverage gaps
03Enabling AI researchers and agentic systems to reason over threat relationships
