README
ΒΆ
π‘οΈ Cyware MCP Server
A powerful Model Context Protocol (MCP) server for seamless AI integration with Cyware Products
π Overview
Cyware MCP Server is a high-performance Model Context Protocol (MCP) server built in Go, designed to provide AI agents and large language models with secure, standardized access to Cyware's cybersecurity products. This server enables seamless integration between AI systems and various Cyware applications through the standardized MCP protocol.
β¨ Features
- π MCP Protocol Compliance: Full implementation based on the Model Context Protocol specification
- π― Multi-Application Support: Integrated access to Cyware Intel Exchange (CTIX) and Cyware Orchestrate (CO)
- π Secure AI Integration: Robust authentication and authorization using
config.yamlfile - π οΈ Tool Definitions: Structured tools for AI agents to interact with Cyware services
- βοΈ Configurable: Easy configuration via YAML files
- π High Performance: Built with Go for optimal speed and reliability
π Directory Structure
cyware-mcpserver/
βββ π applications/
β βββ π ctix/ # Cyware Intel Exchange (CTIX) MCP resources and tools
β βββ π co/ # Cyware Orchestrate (CO) MCP resources and tools
β βββ π general/ # General MCP capabilities
βββ π cmd/
β βββ π main.go # MCP server entry point
β βββ π config.yaml # MCP server and application configuration
βββ π common/ # Shared MCP utilities (client, config, response)
βββ π go.mod # Go module definition
βββ π go.sum # Go module dependencies
βββ π LICENSE # License file
βββ π README.md # Project documentation
π Getting Started
π Prerequisites
Ensure you have the following installed:
- Go 1.24.2 or higher (To install Go, see https://go.dev/doc/install)
- Access to Cyware applications (CTIX and CO)
- MCP-compatible AI client (for example, Claude, Cursor, or more) or language model integration
π¦ Installation
-
Clone the repository:
git clone https://github.com/cyware-labs/cyware-mcpserver.git cd cyware-mcpserver -
Install dependencies:
go mod tidy
βοΈ Configuration
In cmd/config.yaml, update the following details::
- Cyware application credentials
- MCP server transport settings β Choose either stdio or sse (with specified port)
π Running the MCP Server
-
Build the server:
cd cmd go build . -
Configure Claude Desktop:
- Quick Guide for setting up MCP on Claude: modelcontextprotocol.io/quickstart/user
- After building the server, configure the binary path and config path in the
claude_desktop_config.jsonfile of Claude Desktop:
{
"mcpServers": {
"cywaremcp": {
"command": "path/to/your/binary/cmd",
"args": [
"-config_path",
"path/to/your/config.yaml"
]
}
}
}
- Restart Claude Desktop to complete the setup and view the available Cyware MCP server tools.
π οΈ Available MCP Tools
Cyware Intel Exchange (CTIX)
Authentication & User Management
login-to-ctix- Login to CTIX and generate authentication tokenlogged-in-user-details- Get details of currently logged in user
CQL Query & Search
cql-ctix-grammar-rules- Get CTIX CQL grammar rulesget-cql-query-search-result- Run CQL query and return results
Threat Data Management
get-threat-data-object-details- Get Threat Data Object detailsget-threat-data-object-relations- Get Threat Data Object relationsget-available-relation-type- Get available relation types
Threat Data Bulk Actions
threat-data-list-bulk-action-add-tag- Bulk add tags to threat data objectsthreat-data-list-bulk-mark-indicator-allowed- Bulk mark indicators as indicator allowedthreat-data-list-bulk-unmark-indicator-allowed- Bulk remove indicators from indicator allowed listthreat-data-list-bulk-manual-review- Bulk add threat data objects for manual reviewthreat-data-list-bulk-mark-false-positive- Bulk mark indicators as false positivethreat-data-list-bulk-unmark-false-positive- Bulk unmark indicators marked as false positivesthreat-data-list-bulk-update-analyst-tlp- Bulk update analyst TLP of threat data objectsthreat-data-list-bulk-update-analyst-score- Bulk update analyst scores of threat data objectsthreat-data-list-bulk-deprecate- Bulk deprecate indicatorsthreat-data-list-bulk-undeprecate- Bulk undeprecate indicatorsthreat-data-list-bulk-add-watchlist- Bulk add threat data objects to watchlistthreat-data-list-bulk-remove-watchlist- Bulk remove threat data objects from watchlistthreat-data-list-bulk-add-relation- Bulk add relation to threat data objects
Tag Management
create-tag-in-ctix- Create new tags in CTIXget-ctix-tags-list- Get list of available tags
Enrichment Tools and Actions
get-enrichment-tools-list- Get list of all enrichment toolsget-enrichment-tool-details- Get details of an enrichment toolget-enrichment-tool-action-configs- Get action configuration details of enrichment toolenrichment-tool-supported-for-threat-data-object- Get supported enrichment tools for specific threat data typesenrich-threat-data-object- Enrich threat data objects using configured tools
Intel Creation
quick-add-intel-create- Create intel in CTIX using Quick Add Intel
Cyware Orchestrate (CO)
Authentication & User Management
login-to-co- Login to CO and generate the authentication token
Playbooks Details & Execution
get-co-playbooks-list- Get the list of playbooks created in COget-co-playbook-details- Get details of a playbookexecute-playbook-in-co- Run CO playbook
CO Apps & Actions
get-co-apps-list- Get the list of apps present in COget-co-app-details_ Get the details of a specific appget-co-actions-of-app- Get list of actions supported by the appget-co-app-action-details- Get the details of an actionget-instances-of-co-app- Get the instances configured in the appexecute-action-of-co-app- Run action of an app
π License
This project is licensed under the terms specified in the LICENSE file.
Directories
Click to show internal directories.
Click to hide internal directories.