Mitre

39 tools. 5 can modify or destroy data without limits.

5 write tools that can modify data. Rate limits recommended.

Last updated:

5 can modify or destroy data
34 read-only
39 tools total

Community server · catalogue entry verified 29/06/2026

How to control Mitre ↓

What Mitre exposes to your agents

Read (34) Write / Execute (5) Destructive / Financial (0)
High Risk

The most dangerous Mitre tools

5 of Mitre's 39 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Mitre

PolicyLayer is an MCP gateway — it sits between your AI agents and Mitre, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "mitre_misp_create_event": {
    "limits": [
      {
        "counter": "mitre_misp_create_event_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "mitre_attack_path": {
    "limits": [
      {
        "counter": "mitre_attack_path_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mitre — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MITRE →

Instant setup, no code required.

All 39 Mitre tools

READ 34 tools
Read mitre_attack_path Generate possible attack paths through the kill chain starting from a technique Read mitre_cortex_analyzer_coverage Map Cortex analyzers to ATT&CK data sources and calculate technique detection potential Read mitre_cross_correlate Cross-correlate ATT&CK techniques across Wazuh alerts, TheHive cases, and MISP events to find related activity Read mitre_data_version Get current ATT&CK data version, freshness, and object counts Read mitre_detection_coverage Analyze detection coverage based on available data sources in your environment Read mitre_get_campaign Get details on a known ATT&CK campaign including techniques, software, and attributed groups Read mitre_get_datasource Get details on a data source and its components with detectable techniques Read mitre_get_group Get details on a known threat group/APT including techniques and software used Read mitre_get_mitigation Get details on a mitigation and all techniques it addresses Read mitre_get_software Get details on a known software, malware, or tool including techniques and associated groups Read mitre_get_tactic Get details and all techniques under a specific tactic Read mitre_get_technique Get full details of a specific ATT&CK technique by its ID (e.g., T1059, T1059.001) Read mitre_list_campaigns List all known ATT&CK campaigns with names, dates, and brief descriptions Read mitre_list_groups List all known threat groups with names, aliases, and brief descriptions Read mitre_list_tactics List all ATT&CK tactics in kill-chain order Read mitre_map_alert_to_technique Map a security alert or observable to likely ATT&CK techniques with confidence scoring Read mitre_map_wazuh_alert Map a Wazuh alert (by rule ID, description, or groups) to ATT&CK techniques with confidence scoring Read mitre_misp_event_to_attack Map a MISP event Read mitre_misp_list_events List recent MISP events with ATT&CK technique enrichment Read mitre_misp_search_indicators Search MISP for indicators (IOCs) related to specific ATT&CK techniques or threat groups Read mitre_mitigations_for_technique Get all mitigations applicable to a specific technique Read mitre_navigator_layer Generate an ATT&CK Navigator layer JSON for visualization. Supports coverage heatmaps, group technique overlay Read mitre_search_campaigns Search campaigns by keyword or by technique usage Read mitre_search_groups Search threat groups by keyword or by technique usage Read mitre_search_mitigations Search mitigations by keyword Read mitre_search_software Search software/malware by name, keyword, technique, or type Read mitre_search_techniques Search ATT&CK techniques by keyword, tactic, platform, or data source Read mitre_soc_status Get connection status for all configured SOC integrations (Wazuh, TheHive, Cortex, MISP) Read mitre_technique_overlap Find technique overlap between threat groups for attribution assistance Read mitre_thehive_enrich Enrich TheHive case observables with ATT&CK context. Takes a case ID and adds ATT&CK technique tags, suggested Read mitre_thehive_list_cases List TheHive cases with optional ATT&CK technique filtering Read mitre_wazuh_alerts Fetch recent Wazuh alerts and enrich them with ATT&CK context Read mitre_wazuh_rule_coverage Analyze Wazuh rules and map them to ATT&CK technique coverage. Shows which techniques your Wazuh deployment ca Read mitre_wazuh_status Get Wazuh manager status, agent summary, and rule statistics

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Mitre

How do I prevent bulk modifications through Mitre? +

The Mitre server has 3 write tools including mitre_misp_create_event, mitre_thehive_create_case, mitre_update_data. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Mitre.

How many tools does the Mitre MCP server expose? +

39 tools across 3 categories: Execute, Read, Write. 34 are read-only. 5 can modify, create, or delete data.

How do I enforce a policy on Mitre? +

Register the Mitre MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mitre tool call.

Deterministic rules across all 39 Mitre tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

39 Mitre tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.