Illumio MCP Server
@alexgoller
Illumio MCP Server について
The first MCP server for cybersecurity
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"illumio-mcp-server": {
"command": "uv",
"args": [
"sync"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is Illumio MCP Server?
A Model Context Protocol server that provides an interface to interact with Illumio PCE (Policy Compute Engine), enabling programmatic access to workload management, label operations, traffic flow analysis, automated ringfencing, and infrastructure service identification.
How to use Illumio MCP Server?
Clone the repository, install dependencies with uv sync, and configure environment variables for PCE host, port, org ID, API key, and secret. Run via uv command in Claude Desktop config or start the HTTP server with optional OAuth authentication and role-based authorization.
Key features of Illumio MCP Server
- Full CRUD on workloads, labels, IP lists, services, and rulesets
- Traffic flow analysis with filtering by policy decision
- Automated ringfencing — app-to-app segmentation policies in one command
- Selective enforcement with configurable consumer flavors
- Infrastructure service identification via graph centrality analysis
- Deny rule management including override deny for emergencies
- Event monitoring with severity and type filters
- PCE health checks for connectivity and credentials verification
Use cases of Illumio MCP Server
- Automate workload onboarding and label assignment in Illumio PCE
- Query and analyze traffic flows to understand application communication patterns
- Implement ringfencing policies to secure application segments
- Manage IP lists, rulesets, and deny rules across multiple environments
- Enable conversational AI assistants to manage Illumio PCE interactively
FAQ from Illumio MCP Server
What prerequisites are needed?
Python 3.8+, access to an Illumio PCE instance, and valid API credentials for the PCE.
What are the two PCE modes for the HTTP server?
Per-user mode stores one PCE API key per authenticated user (encrypted in a keystore) for PCE-side audit attribution; shared mode uses a single service-account key from environment variables, providing zero-friction onboarding.
How does authentication and authorization work in HTTP mode?
The server validates OAuth 2.1 bearer tokens from an IdP and maps user groups to roles (reader, operator, admin). Unauthenticated requests receive a 401 with a Bearer challenge that clients can automatically follow for PKCE auth code flow.
What are confirm tokens and which tools require them?
Tools marked requires_confirm=True (currently provision-policy, ringfence-batch, register-pce-credentials, delete-pce-credentials) require a server-issued single-use confirm token when called over HTTP. Stdio mode is unaffected.
Where is the audit log stored and what does it contain?
The audit log is a SQLite database (default audit.db) with rows including timestamp, subject, issuer, tool name, decision, reason, role, and request ID. Tool arguments are never logged.
「その他」の他のコンテンツ
Core Philosophy: Connect, Unify, Respond
mindsdbDelegate anything. It comes back done.
FastMCP v2 🚀
jlowin🚀 The fast, Pythonic way to build MCP servers and clients.
Codelf
unbugA search tool helps dev to solve the naming things problem.

Sequential Thinking
modelcontextprotocolModel Context Protocol Servers
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
コメント