PyCTI
Consolidates and normalizes OpenCTI threat intelligence data into a structured JSON format for large language models.
About
PyCTI is an MCP (Model Context Protocol) server designed to act as a front-end for OpenCTI, transforming its complex data into a simplified, LLM-consumable JSON format. It aims to improve the interpretability of OpenCTI data for AI models by providing more verbose field names, resolving linked entities for richer context, and minimizing non-informative metadata, thereby optimizing context window usage and enhancing LLM intuition.
Key Features
- Normalizes and condenses OpenCTI data for LLM consumption
- Resolves GraphQL-linked entities for enhanced context
- Reduces non-informative metadata to optimize context window usage
- Integrates seamlessly with mcp-hub for multi-server management
- Supports VSCode Copilot Chat integration
- 11 GitHub stars
Use Cases
- Providing simplified OpenCTI threat intelligence data to large language models
- Integrating OpenCTI data into developer workflows via mcp-hub and VSCode
- Building custom tools for extracting and transforming OpenCTI information