// SCAN REPORT

MITRE ATT&CK MCP Server

55 tools. 1 can modify or destroy data without limits.

1 write tool that can modify data. Rate limits recommended.

Last updated:

1 can modify or destroy data
54 read-only
55 tools total

Community server · catalogue entry verified 11/06/2026

How to control MITRE ATT&CK MCP Server ↓

TOOL MAP

Read (54) Write / Execute (1) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Write · Low generate_layer Based on context from the server description, this tool appears to generate ATT&CK Navigator visualization layers, which are data artifacts created from threat analysis.

1 of MITRE ATT&CK MCP Server's 55 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL MITRE ATT&CK MCP SERVER

PolicyLayer is an MCP gateway — it sits between your AI agents and MITRE ATT&CK MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "generate_layer": {
    "limits": [
      {
        "counter": "generate_layer_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_all_assets": {
    "limits": [
      {
        "counter": "get_all_assets_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MITRE ATT&CK MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MITRE ATT&CK →

Free to start. No card required.

ALL 55 MITRE ATT&CK MCP SERVER TOOLS

WRITE 1 tools
Write generate_layer generate_layer
READ 54 tools
Read get_all_assets Get all assets in the MITRE ATT&CK framework (ICS domain only) Read get_all_campaigns Get all campaigns in the MITRE ATT&CK framework Read get_all_datacomponents Get all data components in the MITRE ATT&CK framework Read get_all_datasources Get all data sources in the MITRE ATT&CK framework Read get_all_groups Get all threat actor groups in the MITRE ATT&CK framework Read get_all_matrices Get all matrices in the MITRE ATT&CK framework Read get_all_mitigations Get all mitigations in the MITRE ATT&CK framework Read get_all_parent_techniques Get all parent techniques in the MITRE ATT&CK framework Read get_all_software Get all software in the MITRE ATT&CK framework Read get_all_subtechniques Get all subtechniques in the MITRE ATT&CK framework Read get_all_tactics Get all tactics in the MITRE ATT&CK framework Read get_all_techniques Get all techniques in the MITRE ATT&CK framework Read get_assets_targeted_by_technique get_assets_targeted_by_technique Read get_attack_id Get attack ID for given stix ID Read get_campaigns_attributed_to_group get_campaigns_attributed_to_group Read get_campaigns_by_alias Get campaigns by their alias Read get_campaigns_using_software Get all campaigns that use software Read get_campaigns_using_technique get_campaigns_using_technique Read get_datacomponents_detecting_technique get_datacomponents_detecting_technique Read get_groups_attributing_to_campaign Get groups attributing to campaign Read get_groups_by_alias Get MITRE ATT&CK group ID and description by their alias Read get_groups_using_software get_groups_using_software Read get_groups_using_technique get_groups_using_technique Read get_layer_metadata get_layer_metadata Read get_mitigations_mitigating_technique get_mitigations_mitigating_technique Read get_name Get name for given stix ID Read get_object_by_attack_id get_object_by_attack_id Read get_object_by_stix_id Get object by STIX ID (case-sensitive) Read get_objects_by_content get_objects_by_content Read get_objects_by_name get_objects_by_name Read get_objects_by_type get_objects_by_type Read get_objects_created_after Get objects created after a specific timestamp Read get_objects_modified_after Get objects modified after a specific timestamp Read get_parent_technique_of_subtechnique Get parent technique of subtechnique Read get_procedure_examples_by_tactic get_procedure_examples_by_tactic Read get_procedure_examples_by_technique get_procedure_examples_by_technique Read get_revoked_techniques Get all revoked techniques in the MITRE ATT&CK framework Read get_software_by_alias Get software by it's alias Read get_software_used_by_campaign Get software used by campaign Read get_software_used_by_group Get software used by MITRE ATT&CK group STIX id Read get_software_using_technique Get software using technique Read get_stix_type Get object type by stix ID Read get_subtechniques_of_technique Get subtechniques of technique Read get_tactics_by_matrix Get tactics by matrix Read get_tactics_by_technique Get tactics associated with a technique Read get_techniques_by_platform get_techniques_by_platform Read get_techniques_by_tactic Get all techniques of the given tactic Read get_techniques_detected_by_datacomponent get_techniques_detected_by_datacomponent Read get_techniques_mitigated_by_mitigation get_techniques_mitigated_by_mitigation Read get_techniques_targeting_asset Get techniques targeting a specific asset (ICS domain only) Read get_techniques_used_by_campaign Get techniques used by campaign Read get_techniques_used_by_group get_techniques_used_by_group Read get_techniques_used_by_group_software get_techniques_used_by_group_software Read get_techniques_used_by_software Get techniques used by software

FAQ

How do I prevent bulk modifications through MITRE ATT&CK MCP Server? +

The MITRE ATT&CK MCP Server server has 1 write tools including generate_layer. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MITRE ATT&CK MCP Server.

How many tools does the MITRE ATT&CK MCP Server MCP server expose? +

55 tools across 2 categories: Read, Write. 54 are read-only. 1 can modify, create, or delete data.

How do I enforce a policy on MITRE ATT&CK MCP Server? +

Register the MITRE ATT&CK MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MITRE ATT&CK MCP Server tool call.

Deterministic rules across all 55 MITRE ATT&CK MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MITRE ATT&CK →

Free to start. No card required.

55 MITRE ATT&CK MCP Server tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.