Model Context Protocol moderate risk

Thehive

TheHive MCP server facilitates interaction with TheHive incident response platform, enabling AI models to retrieve alerts, cases, and perform incident management tasks.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwrite

Quickstart

Config

{
  "mcpServers": {
    "thehive": {
      "command": "/path/to/mcp-server-thehive",
      "env": {
        "THEHIVE_URL": "https://your-thehive-instance.com:9000/api",
        "THEHIVE_API_TOKEN": "your-api-token-here"
      }
    }
  }
}

Exposed MCP Tools (6)

safe

get_thehive_alerts

Retrieves a list of alerts from TheHive.

Read-only operation, no data modification.

safe

get_thehive_alert_by_id

Retrieves detailed information about a specific alert.

Read-only operation, no data modification.

safe

get_thehive_cases

Retrieves a list of cases from TheHive.

Read-only operation, no data modification.

safe

get_thehive_case_by_id

Retrieves detailed information about a specific case.

Read-only operation, no data modification.

moderate

promote_alert_to_case

Promotes an existing alert to a new case.

Creates a new case based on an alert, modifying data.

moderate

create_thehive_case

Creates a new case in TheHive.

Creates new data in TheHive.

Safety Assessment

This server provides a mix of read and write operations on TheHive. It's relatively safe for read-only operations, but promoting alerts or creating cases introduces risk. Secure storage and management of the API token are crucial.

API token authentication required
Clear separation of concerns via MCP protocol
SSL verification option
Well-defined tool set with specific functions

Requires API token with potentially broad permissions
Promote alert to case and create case tools can modify data
No built-in rate limiting
Environment variables used for secrets management