提交

Security Infrastructure Mcp Servers

@jmstar85

访问 MCP Server
a year ago
Core Features for Security Infrastructure MCP Servers: * Real-time Security Data Integration - Unified access to Splunk SIEM events, CrowdStrike endpoint detections, and MISP threat intelligence through natural language queries via MCP protocol. * Multi-Platform Query Engine - Execute SPL searches across Splunk indexes, FQL-based detection filtering in CrowdStrike Falcon, and IOC attribute searches in MISP instances with consistent JSON responses. * Automated Threat Correlation - Cross-reference security events between platforms using AI-driven analysis to identify related indicators, detections, and threat intelligence in real-time. * Secure Authentication Framework - Support for multiple authentication methods including OAuth 2.0 (CrowdStrike), API tokens (Splunk), and key-based access (MISP) with automatic session management. * Asynchronous Security Operations - Non-blocking search job management for large-scale security data queries with configurable time ranges and result pagination. * Enterprise Security Workflow - Streamline SOC analyst workflows by enabling natural language security investigations across multiple security platforms through a single MCP interface. This implementation enables security teams to leverage AI assistants for comprehensive threat hunting, incident response, and security analysis across their entire security infrastructure stack.
概览工具评论

工具

在 Playground 中尝试

服务器配置

{
  "mcpServers": {
    "splunk-siem": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/splunk_server.py"
      ],
      "env": {
        "SPLUNK_HOST": "your-splunk-host.com",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "admin",
        "SPLUNK_PASSWORD": "your-password",
        "SPLUNK_TOKEN": "your-api-token",
        "SPLUNK_VERIFY_SSL": "true"
      }
    },
    "crowdstrike-edr": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/crowdstrike_server.py"
      ],
      "env": {
        "CROWDSTRIKE_CLIENT_ID": "your-client-id",
        "CROWDSTRIKE_CLIENT_SECRET": "your-client-secret",
        "CROWDSTRIKE_BASE_URL": "https://api.crowdstrike.com"
      }
    },
    "misp-threat-intel": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/misp_server.py"
      ],
      "env": {
        "MISP_URL": "https://your-misp-instance.com",
        "MISP_KEY": "your-api-key",
        "MISP_VERIFY_CERT": "true"
      }
    }
  }
}
© 2025 MCP.so. All rights reserved.

Build with ShipAny.