MCP.so
登录

MCP AI SOC Sher

@akramIOT

关于 MCP AI SOC Sher

AI SOC Security Threat analysis using MCP Server

基本信息

分类

其他

许可证

View license

运行时

python

传输方式

stdio

发布者

akramIOT

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP AI SOC Sher?

MCP AI SOC Sher is an AI-driven Security Operations Center (SOC) Text2SQL framework based on the Model Context Protocol (MCP). It converts natural language prompts into optimized SQL queries while integrating built-in security threat analysis and monitoring. It is intended for security analysts, developers, and SOC teams who need to query databases using plain English and assess the security of the resulting SQL.

How to use MCP AI SOC Sher?

Install via pip install mcp-ai-soc-sher, set the OPENAI_API_KEY environment variable (or configure it in a .env file), then run the server from the command line using mcp-ai-soc --type local --stdio (for STDIO) or --sse (for SSE) or --type remote (for REST API). You can also use the Python API by importing LocalMCPServer from mcp_ai_soc_sher.local. Send queries via HTTP POST to /api/sql with an X-API-Key header for the REST interface.

Key features of MCP AI SOC Sher

  • Convert natural language to optimized SQL queries
  • Support STDIO, SSE, and REST API interfaces
  • Built-in rule-based and AI-powered security threat analysis
  • Connect to SQLite or Snowflake databases
  • Real-time streaming query processing feedback
  • Security Operations Center monitoring capabilities

Use cases of MCP AI SOC Sher

  • Security analysts querying databases for suspicious activities in natural language
  • Automating threat hunting by converting incident descriptions to SQL
  • Monitoring sensitive table access with integrated security checks
  • Enabling non-technical SOC staff to run ad‑hoc database queries safely
  • Building custom security dashboards that require dynamic SQL generation

FAQ from MCP AI SOC Sher

What databases does MCP AI SOC Sher support?

It supports SQLite and Snowflake databases. The database URI is configured via the MCP_DB_URI environment variable (e.g., sqlite:///your_database.db).

What interfaces are available to interact with the server?

The server supports three interfaces: STDIO (standard input/output), SSE (Server-Sent Events), and a REST API. Use the --stdio, --sse, or --type remote command-line flags accordingly.

What security features are included?

It provides rule-based and AI-powered SQL query security analysis, including detection of potential SQL injection attacks, monitoring of sensitive table access, and configurable security levels and actions. You can enable this by setting MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true.

How do I configure MCP AI SOC Sher?

Configuration is done through environment variables or a .env file. Required: OPENAI_API_KEY. Optional: MCP_DB_URI (database connection string) and MCP_SECURITY_ENABLE_THREAT_ANALYSIS (boolean to enable threat analysis). See the full documentation for all options.

Does the server require an API key for the REST interface?

Yes, when using the REST API, requests must include an X-API-Key header with your API key. Local STDIO and SSE interfaces do not require this header.

评论

其他 分类下的更多 MCP 服务器