playbooks

home / mcp / cyber sentinel mcp server

Cyber Sentinel MCP Server

๐Ÿ›ก๏ธ Comprehensive threat intelligence aggregation MCP server

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "jx888-max-cyber-sentinel-mcp": {
      "command": "python",
      "args": [
        "-m",
        "cyber_sentinel.server"
      ],
      "env": {
        "SHODAN_API_KEY": "YOUR_SHODAN_API_KEY",
        "ABUSEIPDB_API_KEY": "YOUR_ABUSEIPDB_API_KEY",
        "VIRUSTOTAL_API_KEY": "YOUR_VIRUSTOTAL_API_KEY"
      }
    }
  }
}

Cyber Sentinel MCP Server provides a unified interface to analyze threat indicators and security data from multiple sources. You deploy a local MCP server and connect it with your MCP client to run threat intelligence queries, code security analysis, dependency security checks, and infrastructure security assessments all in one place. The server coordinates multiple data sources, performs intelligent aggregation, and returns structured results with confidence scoring for faster, centralized security analysis.

How to use

You connect to Cyber Sentinel using an MCP client and configure it to run the local server as a standard MCP endpoint. Once configured, you can ask it to analyze indicators such as IPs, domains, file hashes, and URLs across all supported sources, request code and dependency security analyses, and generate comprehensive security reports. Use natural language prompts to trigger multi-source lookups, risk scoring, and visualizations.

How to install

Prerequisites: Python 3.8 or higher. A Python environment with access to install packages.

# Step 1: Clone the project repository
git clone https://github.com/jx888-max/cyber-sentinel-mcp.git
cd cyber-sentinel-mcp

# Step 2: Install dependencies
pip install -e .

Step 3: Set up API keys and environment variables. You can run the setup wizard or set keys directly in your environment. The following keys are used by the server: VIRUSTOTAL_API_KEY, ABUSEIPDB_API_KEY, SHODAN_API_KEY.

# Run setup wizard
python -m cyber_sentinel.setup_wizard

# Or export keys directly
export VIRUSTOTAL_API_KEY=your_virustotal_api_key_here
export ABUSEIPDB_API_KEY=your_abuseipdb_api_key_here
export SHODAN_API_KEY=your_shodan_key_here

Step 4: Verify the installation by running the server module directly from Python. This confirms the server starts correctly and is ready to accept MCP client connections.

python -c "from cyber_sentinel.server import app; print('โœ… Installation successful!')"

Additional configuration notes

The server is designed to work with an MCP client such as Claude Desktop or Cursor. You provide your API keys via environment variables or a local configuration. The server concentrates data from VirusTotal, AbuseIPDB, URLhaus, Shodan, ThreatFox, and MalwareBazaar and returns aggregated results with confidence scores.

Available tools

analyze_indicator

Analyzes security indicators across multiple threat intelligence sources and returns overall reputation, confidence, per-source results, and supplemental data like country/ISP mappings for IPs.

check_api_status

Checks configuration and status of all threat intelligence sources, including API key validation, capabilities, rate limits, and system health.

analyze_code_security

Performs security analysis on source code to identify vulnerabilities, hardcoded secrets, network indicators, secure recommendations, and a risk score.

scan_project_dependencies

Scans project dependencies for known vulnerabilities, outdated packages, and security recommendations with a risk assessment.

analyze_docker_security

Analyzes Dockerfile configurations for security best practices and hardening recommendations.

scan_kubernetes_config

Examines Kubernetes manifests for security misconfigurations, privilege risks, and network policy issues.

generate_security_report

Generates comprehensive security reports with visualizations and an remediation roadmap.