MCP.so
登录
S

Security Infrastructure Mcp Servers

@jmstar85

关于 Security Infrastructure Mcp Servers

Core Features for Security Infrastructure MCP Servers:

基本信息

分类

开发工具

传输方式

stdio

发布者

jmstar85

提交者

Chris Jung

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "splunk-siem": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/splunk_server.py"
      ],
      "env": {
        "SPLUNK_HOST": "your-splunk-host.com",
        "SPLUNK_PORT": "8089",
        "SPLUNK_USERNAME": "admin",
        "SPLUNK_PASSWORD": "your-password",
        "SPLUNK_TOKEN": "your-api-token",
        "SPLUNK_VERIFY_SSL": "true"
      }
    },
    "crowdstrike-edr": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/crowdstrike_server.py"
      ],
      "env": {
        "CROWDSTRIKE_CLIENT_ID": "your-client-id",
        "CROWDSTRIKE_CLIENT_SECRET": "your-client-secret",
        "CROWDSTRIKE_BASE_URL": "https://api.crowdstrike.com"
      }
    },
    "misp-threat-intel": {
      "command": "python",
      "args": [
        "/path/to/SecurityInfrastructure/src/misp_server.py"
      ],
      "env": {
        "MISP_URL": "https://your-misp-instance.com",
        "MISP_KEY": "your-api-key",
        "MISP_VERIFY_CERT": "true"
      }
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Security Infrastructure Mcp Servers?

A collection of Model Context Protocol (MCP) server implementations that integrate with Splunk SIEM, CrowdStrike EDR, and Microsoft MISP threat intelligence platforms. Designed for security analysts and developers to query security data through a unified MCP interface.

How to use Security Infrastructure Mcp Servers?

Clone the repository, install Python dependencies with pip install -r project-requirements.txt, copy .env.example to .env and fill in credentials, then add the server configuration to an MCP client such as Claude Desktop. Alternatively, run individual servers via python src/splunk_server.py (port 8080), python src/crowdstrike_server.py (port 8081), or python src/misp_server.py (port 8082), or deploy all with docker-compose up -d.

Key features of Security Infrastructure Mcp Servers

  • Native MCP Protocol integration for security platforms
  • Multi-platform support for Splunk, CrowdStrike, and MISP
  • Asynchronous operations for non-blocking API calls
  • Flexible query languages: SPL, FQL, and MISP REST
  • OAuth 2.0 and token-based authentication
  • Docker support and structured JSON output

Use cases of Security Infrastructure Mcp Servers

  • Search Splunk for failed login attempts or security alerts
  • Query CrowdStrike for high-severity endpoint detections
  • Look up indicators of compromise in MISP threat intelligence
  • Correlate Splunk events with CrowdStrike detection IDs
  • Automate cross-platform security investigations via MCP

FAQ from Security Infrastructure Mcp Servers

Which security platforms are supported?

Splunk SIEM, CrowdStrike Falcon EDR, and Microsoft MISP (threat intelligence).

What authentication methods are used?

Splunk uses API tokens (or username/password), CrowdStrike uses OAuth 2.0 client credentials, and MISP uses API keys. SSL/TLS verification is configurable.

What are the runtime requirements?

Python 3.11+, platform credentials (API keys/tokens), and an MCP-compatible client (e.g., Claude Desktop). Docker and Docker Compose are optional.

How do I add the server to Claude Desktop?

Copy the configuration from config/mcp-settings.json into ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent Windows path, then update the cwd paths and environment variables with your values.

Where can I find complete documentation and code examples?

Full documentation is available at https://jmstar85.github.io/SecurityInfrastructure, including server implementation code, real-time search, and responsive mobile support.

评论

开发工具 分类下的更多 MCP 服务器