mcp-server-thehive
Verified Safeby gbrigandi
Overview
Provides AI models and automation tools with programmatic access to TheHive incident response platform for security operations and case management.
Installation
./target/release/mcp-server-thehiveEnvironment Variables
- THEHIVE_URL
- THEHIVE_API_TOKEN
- VERIFY_SSL
- RUST_LOG
Security Notes
The server uses environment variables for sensitive API tokens (`THEHIVE_API_TOKEN`), which is good practice. It communicates with TheHive via HTTP(S) requests. A notable security concern is the default `VERIFY_SSL=false` setting for API connections; this should be explicitly set to `true` in production environments to prevent Man-in-the-Middle attacks. There are no `eval` or similar dynamic code execution functions from untrusted input. Test files contain a hardcoded `test_token`, but this is isolated to the testing environment.
Similar Servers
falcon-mcp
An MCP server providing AI agents programmatic access to CrowdStrike Falcon platform capabilities for intelligent security analysis and automation, integrating threat detection, incident response, and vulnerability management into agentic workflows.
mcp-zap-server
Orchestrates OWASP ZAP security scanning actions (spider, active scan, OpenAPI import, reporting) via the Model Context Protocol, enabling AI agents like Claude Desktop or Cursor to perform security testing.
mcp-optimizer
Acts as an intelligent intermediary MCP server, providing semantic tool discovery, caching, and unified access to multiple MCP servers for AI clients.
ai-soc-agent
AI-powered Security Operations Center (SOC) agent for incident response, case management, SIEM, EDR, CTI, and engineering task orchestration.