Misp

36 tools. 15 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated:

15 can modify or destroy data
21 read-only
36 tools total

Community server · catalogue entry verified 03/07/2026

How to control Misp ↓

What Misp exposes to your agents

Read (21) Write / Execute (11) Destructive / Financial (4)
Critical Risk

The most dangerous Misp tools

15 of Misp's 36 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Misp

PolicyLayer is an MCP gateway — it sits between your AI agents and Misp, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "misp_delete_attribute": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "misp_add_attribute": {
    "limits": [
      {
        "counter": "misp_add_attribute_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "misp_check_warninglists": {
    "limits": [
      {
        "counter": "misp_check_warninglists_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Misp — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MISP →

Instant setup, no code required.

All 36 Misp tools

READ 21 tools
Read misp_check_warninglists Check if an observable value appears on any MISP warninglists (known benign/false positive lists) Read misp_correlate Find correlations for a specific observable value across all MISP events Read misp_describe_types Get all available MISP attribute types and categories with their mappings Read misp_export_hashes Export file hashes from MISP for HIDS integration Read misp_export_iocs Export IOCs from MISP in various formats (CSV, STIX, Suricata, Snort, text, RPZ) Read misp_get_event Get full details of a specific MISP event including all attributes, objects, tags, and related events Read misp_get_galaxy Get a specific galaxy with its clusters (e.g., MITRE ATT&CK techniques, threat actor profiles) Read misp_get_object_template Get details of a specific MISP object template including required and optional attributes Read misp_get_organisation Get details of a specific MISP organisation Read misp_get_related_events Get events related to a specific event through shared attributes and correlations Read misp_list_feeds List configured MISP feeds (threat intel sources, IOC feeds, etc.) Read misp_list_galaxies List available MISP galaxies (MITRE ATT&CK, threat actors, malware families, tools, etc.) Read misp_list_object_templates List available MISP object templates (file, domain-ip, email, network-connection, etc.) Read misp_list_organisations List MISP organisations (local and remote sharing partners) Read misp_list_sharing_groups List MISP sharing groups for controlled event distribution Read misp_list_tags List available MISP tags with usage statistics Read misp_search_attributes Search for specific attributes (IOCs) across all MISP events Read misp_search_by_tag Search MISP events or attributes by tag (MITRE ATT&CK, TLP, custom tags) Read misp_search_events Search MISP events by IOC value, type, tags, date range, or organization Read misp_search_galaxy_clusters Search galaxy clusters by keyword (find specific MITRE ATT&CK techniques, threat actors, malware, etc.) Read misp_server_status Get MISP server version, status, and diagnostic information

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Misp

Can an AI agent delete data through the Misp MCP server? +

Yes. The Misp server exposes 4 destructive tools including misp_delete_attribute, misp_delete_event, misp_delete_object. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Misp? +

The Misp server has 8 write tools including misp_add_attribute, misp_add_attributes_bulk, misp_add_object. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Misp.

How many tools does the Misp MCP server expose? +

36 tools across 3 categories: Destructive, Read, Write. 21 are read-only. 15 can modify, create, or delete data.

How do I enforce a policy on Misp? +

Register the Misp MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Misp tool call.

Deterministic rules across all 36 Misp tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

36 Misp tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.