D Risk Grade Mitre · worst category: Execute

MITRE TOOLS

39 tools from the Mitre MCP Server, categorised by risk level.

READ 34 tools
Read mitre_attack_path Generate possible attack paths through the kill chain starting from a technique Read mitre_cortex_analyzer_coverage Map Cortex analyzers to ATT&CK data sources and calculate technique detection potential Read mitre_cross_correlate Cross-correlate ATT&CK techniques across Wazuh alerts, TheHive cases, and MISP events to find related activity Read mitre_data_version Get current ATT&CK data version, freshness, and object counts Read mitre_detection_coverage Analyze detection coverage based on available data sources in your environment Read mitre_get_campaign Get details on a known ATT&CK campaign including techniques, software, and attributed groups Read mitre_get_datasource Get details on a data source and its components with detectable techniques Read mitre_get_group Get details on a known threat group/APT including techniques and software used Read mitre_get_mitigation Get details on a mitigation and all techniques it addresses Read mitre_get_software Get details on a known software, malware, or tool including techniques and associated groups Read mitre_get_tactic Get details and all techniques under a specific tactic Read mitre_get_technique Get full details of a specific ATT&CK technique by its ID (e.g., T1059, T1059.001) Read mitre_list_campaigns List all known ATT&CK campaigns with names, dates, and brief descriptions Read mitre_list_groups List all known threat groups with names, aliases, and brief descriptions Read mitre_list_tactics List all ATT&CK tactics in kill-chain order Read mitre_map_alert_to_technique Map a security alert or observable to likely ATT&CK techniques with confidence scoring Read mitre_map_wazuh_alert Map a Wazuh alert (by rule ID, description, or groups) to ATT&CK techniques with confidence scoring Read mitre_misp_event_to_attack Map a MISP event Read mitre_misp_list_events List recent MISP events with ATT&CK technique enrichment Read mitre_misp_search_indicators Search MISP for indicators (IOCs) related to specific ATT&CK techniques or threat groups Read mitre_mitigations_for_technique Get all mitigations applicable to a specific technique Read mitre_navigator_layer Generate an ATT&CK Navigator layer JSON for visualization. Supports coverage heatmaps, group technique over... Read mitre_search_campaigns Search campaigns by keyword or by technique usage Read mitre_search_groups Search threat groups by keyword or by technique usage Read mitre_search_mitigations Search mitigations by keyword Read mitre_search_software Search software/malware by name, keyword, technique, or type Read mitre_search_techniques Search ATT&CK techniques by keyword, tactic, platform, or data source Read mitre_soc_status Get connection status for all configured SOC integrations (Wazuh, TheHive, Cortex, MISP) Read mitre_technique_overlap Find technique overlap between threat groups for attribution assistance Read mitre_thehive_enrich Enrich TheHive case observables with ATT&CK context. Takes a case ID and adds ATT&CK technique tags, sugges... Read mitre_thehive_list_cases List TheHive cases with optional ATT&CK technique filtering Read mitre_wazuh_alerts Fetch recent Wazuh alerts and enrich them with ATT&CK context Read mitre_wazuh_rule_coverage Analyze Wazuh rules and map them to ATT&CK technique coverage. Shows which techniques your Wazuh deployment... Read mitre_wazuh_status Get Wazuh manager status, agent summary, and rule statistics

Route Mitre through PolicyLayer and every one of its 39 tools is checked against your policy before it runs.

CHECK YOUR STACK →

See every tool, the dangerous ones, and the token cost across your stack.

How many tools does the Mitre MCP server have? +

The Mitre MCP server exposes 39 tools across 3 categories: Read, Write, Execute.

How do I enforce policies on Mitre tools? +

Route the Mitre server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Mitre tools fall into? +

Mitre tools are categorised as Read (34), Write (3), Execute (2). Each category has a recommended default policy.

Enforce policy on every Mitre tool call.

Start from Mitre, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.

Instant setup, no code required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.