MCP AI SOC Sher
@akramIOT
MCP AI SOC Sher について
AI SOC Security Threat analysis using MCP Server
基本情報
設定
ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is MCP AI SOC Sher?
MCP AI SOC Sher is an AI-driven Security Operations Center (SOC) Text2SQL framework based on the Model Context Protocol (MCP). It converts natural language prompts into optimized SQL queries while integrating built-in security threat analysis and monitoring. It is intended for security analysts, developers, and SOC teams who need to query databases using plain English and assess the security of the resulting SQL.
How to use MCP AI SOC Sher?
Install via pip install mcp-ai-soc-sher, set the OPENAI_API_KEY environment variable (or configure it in a .env file), then run the server from the command line using mcp-ai-soc --type local --stdio (for STDIO) or --sse (for SSE) or --type remote (for REST API). You can also use the Python API by importing LocalMCPServer from mcp_ai_soc_sher.local. Send queries via HTTP POST to /api/sql with an X-API-Key header for the REST interface.
Key features of MCP AI SOC Sher
- Convert natural language to optimized SQL queries
- Support STDIO, SSE, and REST API interfaces
- Built-in rule-based and AI-powered security threat analysis
- Connect to SQLite or Snowflake databases
- Real-time streaming query processing feedback
- Security Operations Center monitoring capabilities
Use cases of MCP AI SOC Sher
- Security analysts querying databases for suspicious activities in natural language
- Automating threat hunting by converting incident descriptions to SQL
- Monitoring sensitive table access with integrated security checks
- Enabling non-technical SOC staff to run ad‑hoc database queries safely
- Building custom security dashboards that require dynamic SQL generation
FAQ from MCP AI SOC Sher
What databases does MCP AI SOC Sher support?
It supports SQLite and Snowflake databases. The database URI is configured via the MCP_DB_URI environment variable (e.g., sqlite:///your_database.db).
What interfaces are available to interact with the server?
The server supports three interfaces: STDIO (standard input/output), SSE (Server-Sent Events), and a REST API. Use the --stdio, --sse, or --type remote command-line flags accordingly.
What security features are included?
It provides rule-based and AI-powered SQL query security analysis, including detection of potential SQL injection attacks, monitoring of sensitive table access, and configurable security levels and actions. You can enable this by setting MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true.
How do I configure MCP AI SOC Sher?
Configuration is done through environment variables or a .env file. Required: OPENAI_API_KEY. Optional: MCP_DB_URI (database connection string) and MCP_SECURITY_ENABLE_THREAT_ANALYSIS (boolean to enable threat analysis). See the full documentation for all options.
Does the server require an API key for the REST interface?
Yes, when using the REST API, requests must include an X-API-Key header with your API key. Local STDIO and SSE interfaces do not require this header.
「その他」の他のコンテンツ
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
Awesome Mlops
visengerA curated list of references for MLOps
Codelf
unbugA search tool helps dev to solve the naming things problem.
ICSS
chokcoco不止于 CSS
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
コメント