Illumio MCP Server
@alexgoller
关于 Illumio MCP Server
The first MCP server for cybersecurity
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"illumio-mcp-server": {
"command": "uv",
"args": [
"sync"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Illumio MCP Server?
A Model Context Protocol server that provides an interface to interact with Illumio PCE (Policy Compute Engine), enabling programmatic access to workload management, label operations, traffic flow analysis, automated ringfencing, and infrastructure service identification.
How to use Illumio MCP Server?
Clone the repository, install dependencies with uv sync, and configure environment variables for PCE host, port, org ID, API key, and secret. Run via uv command in Claude Desktop config or start the HTTP server with optional OAuth authentication and role-based authorization.
Key features of Illumio MCP Server
- Full CRUD on workloads, labels, IP lists, services, and rulesets
- Traffic flow analysis with filtering by policy decision
- Automated ringfencing — app-to-app segmentation policies in one command
- Selective enforcement with configurable consumer flavors
- Infrastructure service identification via graph centrality analysis
- Deny rule management including override deny for emergencies
- Event monitoring with severity and type filters
- PCE health checks for connectivity and credentials verification
Use cases of Illumio MCP Server
- Automate workload onboarding and label assignment in Illumio PCE
- Query and analyze traffic flows to understand application communication patterns
- Implement ringfencing policies to secure application segments
- Manage IP lists, rulesets, and deny rules across multiple environments
- Enable conversational AI assistants to manage Illumio PCE interactively
FAQ from Illumio MCP Server
What prerequisites are needed?
Python 3.8+, access to an Illumio PCE instance, and valid API credentials for the PCE.
What are the two PCE modes for the HTTP server?
Per-user mode stores one PCE API key per authenticated user (encrypted in a keystore) for PCE-side audit attribution; shared mode uses a single service-account key from environment variables, providing zero-friction onboarding.
How does authentication and authorization work in HTTP mode?
The server validates OAuth 2.1 bearer tokens from an IdP and maps user groups to roles (reader, operator, admin). Unauthenticated requests receive a 401 with a Bearer challenge that clients can automatically follow for PKCE auth code flow.
What are confirm tokens and which tools require them?
Tools marked requires_confirm=True (currently provision-policy, ringfence-batch, register-pce-credentials, delete-pce-credentials) require a server-issued single-use confirm token when called over HTTP. Stdio mode is unaffected.
Where is the audit log stored and what does it contain?
The audit log is a SQLite database (default audit.db) with rows including timestamp, subject, issuer, tool name, decision, reason, role, and request ID. Tool arguments are never logged.
其他 分类下的更多 MCP 服务器
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
🚀 Model Context Protocol (MCP) Curriculum for Beginners
microsoftThis open-source curriculum introduces the fundamentals of Model Context Protocol (MCP) through real-world, cross-language examples in .NET, Java, TypeScript, JavaScript, Rust and Python. Designed for developers, it focuses on practical techniques for building modular, scalable,
MCP Registry
modelcontextprotocolA community driven registry service for Model Context Protocol (MCP) servers.

Sequential Thinking
modelcontextprotocolModel Context Protocol Servers
Inbox Zero AI MCP
elie222The world's best AI personal assistant for email. Open source app to help you reach inbox zero fast.
评论