mcp-server-secops-soar
Verified Safeby ArthurTcs
Overview
This MCP server enables interaction with Google's Chronicle Security Operations SOAR suite for case management, entity investigation, and dynamic integration with various security tools.
Installation
uv --env-file=/path/to/your/env --directory /path/to/the/repo/server/secops-soar/secops_soar_mcp run server.py --integrations ServiceNow,CSV,SiemplifyEnvironment Variables
- SOAR_URL
- SOAR_APP_KEY
- SOAR_INTEGRATIONS
Security Notes
The server itself primarily acts as a proxy, passing commands and parameters from the MCP client to the backend SOAR platform. It uses standard HTTP libraries (aiohttp, httpx) and JSON serialization. Direct code execution vulnerabilities (like 'eval' or unsafe shell commands) are not apparent within the provided snippets of this server's code. However, the 'script_params' are JSON-dumped and sent to the SOAR's 'EXECUTE_MANUAL_ACTION' endpoint. The overall security depends heavily on the robustness of the downstream SOAR platform's API and its handling of these script parameters. Malicious input crafted for 'script_params' could potentially exploit vulnerabilities in the SOAR if it doesn't adequately sanitize or validate incoming commands/scripts.
Similar Servers
mcp-panther
Panther's MCP server integrates AI agents with the Panther security platform to enable writing/tuning detections, interactively querying security logs, and managing alerts (triage, comment, resolve) using natural language.
mcp-contrast
This server acts as a Microservice Chassis Platform (MCP) host, providing AI agents with a set of tools to interact with the Contrast Security platform. It enables querying and managing application security data, including vulnerabilities, attacks, SAST results, software composition analysis (SCA), and route coverage.
mcp-server-thehive
Provides AI models and automation tools with programmatic access to TheHive incident response platform for security operations and case management.
notebooklm-mcp-secure
Provides programmatic access and management of NotebookLM and Google Gemini for AI agents, offering deep research capabilities, document analysis, and comprehensive compliance and security features.