MITRE ATT&CK

Provides MCP access to the MITRE ATT&CK knowledge base with tools for querying, attribution, and navigator-layer generation.
  • other

33

GitHub Stars

other

Language

2 months ago

First Indexed

3 weeks ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "stoyky-mitre-attack-mcp": {
      "command": "mitre-attack-mcp",
      "args": []
    }
  }
}

You can run a Model-Context Protocol (MCP) server that provides access to the MITRE ATT&CK knowledge base. This server lets you query techniques, actors, malware, and relationships, and it can generate visual Navigator layers for analysis. It’s designed to be used by MCP clients to retrieve structured ATT&CK data and perform attribution, overlap analysis, and more.

How to use

Use an MCP client to connect to the MITRE ATT&CK MCP Server through a local or remote endpoint. You will configure the client to load the MCP server as a data source, then run queries or requests to retrieve ATT&CK data, generate visual layers, or explore relationships between threat actors, tools, and techniques. The server can be configured via a client-side MCP configuration entry that points to the server’s command or URL.

Configure the MCP server in your client settings to point to the MITRE ATT&CK MCP Server. You can run it as a local process using the following command variant, or connect to a remote MCP endpoint if provided in your setup.

How to install

Prerequisites you need before installation:

  • Git

  • Python and PipX (for managing the MCP server installation)

Install the MCP Server using PipX with this command:

pipx install git+https://github.com/stoyky/mitre-attack-mcp

Additional sections

Configuration for the MCP client can be added to the MCP configuration file used by your client app. If your client follows the supported MCP format, you should add an entry that loads the MITRE ATT&CK MCP Server as a data source.

Example configuration for the MCP client to load the MITRE ATT&CK MCP Server as a local stdio server (no data directory) and with an optional data directory parameter if you want to customize where data is cached.

{
  "mcpServers": {
    "mitre-attack": {
      "command": "mitre-attack-mcp",
      "args": [
      ]
    }
  }
}

If you want to specify a custom data directory for MITRE ATT&CK data, include the data path in the arguments.

{
  "mcpServers": {
    "mitre-attack": {
      "command": "mitre-attack-mcp",
      "args": [
        "--data-dir",
        "<path-to-data-dir>"
      ]
    }
  }
}
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational