Releases: MISP/misp-workbench
[beta-1.1] mcp server release
MISP Workbench beta-1.1 - MCP Server Release
Expose MISP Workbench's OpenSearch-indexed threat intelligence to LLM-powered clients via the Model Context Protocol. Analysts and AI agents can query indicators, correlations, and feed data using natural language, enabling faster triage and investigation directly from tools like Claude Desktop/Code, Cursor, OpenClaw or others.
Screencast.from.2026-03-20.12-20-08.webm
MCP Server Docs
What's Changed
- add: extend docs by @righel in #222
- build(deps): bump flatted from 3.3.3 to 3.4.1 in /frontend by @dependabot[bot] in #221
- build(deps): bump pyjwt from 2.11.0 to 2.12.0 in /api by @dependabot[bot] in #220
- add: misp-modules diagnostics card by @righel in #223
- chg: refactor misp feed edit and view, unify design by @righel in #224
- add: mcp server by @righel in #225
Full Changelog: beta-1.0...beta-1.1
Contributors
Assets 2
[beta-1.0] first beta release of misp-workbench
MISP Workbench – First Beta Release v1.0
MISP Workbench is a powerful analyst-focused platform designed to tame the challenge of working with large volumes of threat intelligence at scale. It is capable of ingesting data from multiple origins — including MISP instances, external feeds, and other threat intelligence sources — and consolidates them into a unified workspace where analysts can actually get things done.
At its core, MISP Workbench puts the analyst in control: query across your entire data corpus, enrich and process indicators, pivot between related intelligence, and push curated results back to MISP or downstream consumers — all from one place. Whether you're triaging a large batch of incoming indicators, hunting for patterns across feeds, or preparing a finished intelligence product, MISP Workbench is built to cut through the noise and accelerate the workflow from raw data to actionable insight.
This first beta release marks the foundation of that vision — expect rough edges, rapid iteration, and a strong appetite for feedback.
Main features:
| Feature | Description |
|---|---|
| Feed ingestion | Ingest MISP, CSV, JSON, and Freetext feeds on a schedule or on demand |
| Correlations | Batch and incremental correlation scans over indexed attributes |
| Explore | Lucene queries against OpenSearch for fast indicator lookups |
| Enrichments | IOC enrichment powered by misp-modules |
| Hunt | Hunts are saved searches that run periodically and trigger alerts. |
| Notifications | Event-driven notifications processed by Celery workers |
| REST API | FastAPI backend with automatic OpenAPI documentation |
| Storage | Garage (S3-compatible) or local filesystem for attachments |
[alpha] first release of misp-lite
Alpha Release – Not Production Ready
This is an early alpha release of misp-lite.
The project is under active development and not suitable for production use.
Features, APIs, and data models may change without notice.
Feedback, testing, and contributions are welcome.