MCP.so
Sign In

MCP AI SOC Sher

@akramIOT

About MCP AI SOC Sher

AI SOC Security Threat analysis using MCP Server

Basic information

Category

Other

License

View license

Runtime

python

Transports

stdio

Publisher

akramIOT

Config

No standard config provided

This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.

Repository

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is MCP AI SOC Sher?

MCP AI SOC Sher is an AI-driven Security Operations Center (SOC) Text2SQL framework based on the Model Context Protocol (MCP). It converts natural language prompts into optimized SQL queries while integrating built-in security threat analysis and monitoring. It is intended for security analysts, developers, and SOC teams who need to query databases using plain English and assess the security of the resulting SQL.

How to use MCP AI SOC Sher?

Install via pip install mcp-ai-soc-sher, set the OPENAI_API_KEY environment variable (or configure it in a .env file), then run the server from the command line using mcp-ai-soc --type local --stdio (for STDIO) or --sse (for SSE) or --type remote (for REST API). You can also use the Python API by importing LocalMCPServer from mcp_ai_soc_sher.local. Send queries via HTTP POST to /api/sql with an X-API-Key header for the REST interface.

Key features of MCP AI SOC Sher

  • Convert natural language to optimized SQL queries
  • Support STDIO, SSE, and REST API interfaces
  • Built-in rule-based and AI-powered security threat analysis
  • Connect to SQLite or Snowflake databases
  • Real-time streaming query processing feedback
  • Security Operations Center monitoring capabilities

Use cases of MCP AI SOC Sher

  • Security analysts querying databases for suspicious activities in natural language
  • Automating threat hunting by converting incident descriptions to SQL
  • Monitoring sensitive table access with integrated security checks
  • Enabling non-technical SOC staff to run ad‑hoc database queries safely
  • Building custom security dashboards that require dynamic SQL generation

FAQ from MCP AI SOC Sher

What databases does MCP AI SOC Sher support?

It supports SQLite and Snowflake databases. The database URI is configured via the MCP_DB_URI environment variable (e.g., sqlite:///your_database.db).

What interfaces are available to interact with the server?

The server supports three interfaces: STDIO (standard input/output), SSE (Server-Sent Events), and a REST API. Use the --stdio, --sse, or --type remote command-line flags accordingly.

What security features are included?

It provides rule-based and AI-powered SQL query security analysis, including detection of potential SQL injection attacks, monitoring of sensitive table access, and configurable security levels and actions. You can enable this by setting MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true.

How do I configure MCP AI SOC Sher?

Configuration is done through environment variables or a .env file. Required: OPENAI_API_KEY. Optional: MCP_DB_URI (database connection string) and MCP_SECURITY_ENABLE_THREAT_ANALYSIS (boolean to enable threat analysis). See the full documentation for all options.

Does the server require an API key for the REST interface?

Yes, when using the REST API, requests must include an X-API-Key header with your API key. Local STDIO and SSE interfaces do not require this header.

Comments

More Other MCP servers