MCP.so
ログイン
S

Security Infrastructure Mcp Servers

@jmstar85

Security Infrastructure Mcp Servers について

Core Features for Security Infrastructure MCP Servers:

基本情報

カテゴリ

開発者ツール

トランスポート

stdio

公開者

jmstar85

投稿者

Chris Jung

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "splunk-siem": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/splunk_server.py"
      ],
      "env": {
        "SPLUNK_HOST": "your-splunk-host.com",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "admin",
        "SPLUNK_PASSWORD": "your-password",
        "SPLUNK_TOKEN": "your-api-token",
        "SPLUNK_VERIFY_SSL": "true"
      }
    },
    "crowdstrike-edr": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/crowdstrike_server.py"
      ],
      "env": {
        "CROWDSTRIKE_CLIENT_ID": "your-client-id",
        "CROWDSTRIKE_CLIENT_SECRET": "your-client-secret",
        "CROWDSTRIKE_BASE_URL": "https://api.crowdstrike.com"
      }
    },
    "misp-threat-intel": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/misp_server.py"
      ],
      "env": {
        "MISP_URL": "https://your-misp-instance.com",
        "MISP_KEY": "your-api-key",
        "MISP_VERIFY_CERT": "true"
      }
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Security Infrastructure Mcp Servers?

A collection of Model Context Protocol (MCP) server implementations that integrate with Splunk SIEM, CrowdStrike EDR, and Microsoft MISP threat intelligence platforms. Designed for security analysts and developers to query security data through a unified MCP interface.

How to use Security Infrastructure Mcp Servers?

Clone the repository, install Python dependencies with pip install -r project-requirements.txt, copy .env.example to .env and fill in credentials, then add the server configuration to an MCP client such as Claude Desktop. Alternatively, run individual servers via python src/splunk_server.py (port 8080), python src/crowdstrike_server.py (port 8081), or python src/misp_server.py (port 8082), or deploy all with docker-compose up -d.

Key features of Security Infrastructure Mcp Servers

  • Native MCP Protocol integration for security platforms
  • Multi-platform support for Splunk, CrowdStrike, and MISP
  • Asynchronous operations for non-blocking API calls
  • Flexible query languages: SPL, FQL, and MISP REST
  • OAuth 2.0 and token-based authentication
  • Docker support and structured JSON output

Use cases of Security Infrastructure Mcp Servers

  • Search Splunk for failed login attempts or security alerts
  • Query CrowdStrike for high-severity endpoint detections
  • Look up indicators of compromise in MISP threat intelligence
  • Correlate Splunk events with CrowdStrike detection IDs
  • Automate cross-platform security investigations via MCP

FAQ from Security Infrastructure Mcp Servers

Which security platforms are supported?

Splunk SIEM, CrowdStrike Falcon EDR, and Microsoft MISP (threat intelligence).

What authentication methods are used?

Splunk uses API tokens (or username/password), CrowdStrike uses OAuth 2.0 client credentials, and MISP uses API keys. SSL/TLS verification is configurable.

What are the runtime requirements?

Python 3.11+, platform credentials (API keys/tokens), and an MCP-compatible client (e.g., Claude Desktop). Docker and Docker Compose are optional.

How do I add the server to Claude Desktop?

Copy the configuration from config/mcp-settings.json into ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent Windows path, then update the cwd paths and environment variables with your values.

Where can I find complete documentation and code examples?

Full documentation is available at https://jmstar85.github.io/SecurityInfrastructure, including server implementation code, real-time search, and responsive mobile support.

コメント

「開発者ツール」の他のコンテンツ