mcp-panther
Verified Safeby panther-labs
Overview
Panther's Model Context Protocol (MCP) server enables developers to write and tune security detections from their IDE, interactively query security logs using natural language, and triage, comment, and resolve alerts within the Panther platform.
Installation
docker run -e PANTHER_INSTANCE_URL -e PANTHER_API_TOKEN -e MCP_TRANSPORT=streamable-http -e MCP_HOST=0.0.0.0 -e MCP_PORT=8000 --rm -i -p 8000:8000 ghcr.io/panther-labs/mcp-pantherEnvironment Variables
- PANTHER_API_TOKEN
- PANTHER_INSTANCE_URL
- LOG_LEVEL
- MCP_LOG_FILE
- MCP_TRANSPORT
- MCP_PORT
- MCP_HOST
- PANTHER_ALLOW_INSECURE_INSTANCE
- MCP_PANTHER_DOCKER_RUNTIME
Security Notes
The project demonstrates robust security practices: API tokens are loaded from environment variables (PANTHER_API_TOKEN) rather than being hardcoded. Input validation is performed using Pydantic Field annotations and custom validators, including specific SQL parsing and sanitization in `query_data_lake` to mitigate injection risks. Permissions are explicitly checked and annotated for each tool, indicating proper authorization enforcement. The `PANTHER_ALLOW_INSECURE_INSTANCE` environment variable exists to bypass SSL verification, which could be a risk if misused, but it requires an explicit override. Overall, the design prioritizes secure access and data handling.
Similar Servers
mcp-scanner
A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings, combining Cisco AI Defense inspect API, YARA rules, and LLM-as-a-judge to detect malicious MCP tools.
sentry-mcp
Sentry's MCP service acts as middleware to the upstream Sentry API, primarily designed for human-in-the-loop coding agents to assist with developer workflows and debugging use cases.
mcp-server-wazuh
This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).
mcp-server-cortex
This server acts as a bridge, exposing Cortex threat intelligence analysis capabilities as tools consumable by Model Context Protocol (MCP) clients, such as large language models (LLMs).