mcp-panther
Verified Safeby panther-labs
Overview
Panther's MCP server integrates AI agents with the Panther security platform to enable writing/tuning detections, interactively querying security logs, and managing alerts (triage, comment, resolve) using natural language.
Installation
docker run -d --name panther-mcp-server -p 8000:8000 -e PANTHER_INSTANCE_URL=https://YOUR-PANTHER-INSTANCE.domain -e PANTHER_API_TOKEN=YOUR-API-TOKEN -e MCP_TRANSPORT=streamable-http -e MCP_HOST=0.0.0.0 -e MCP_PORT=8000 -e LOG_LEVEL=INFO --restart unless-stopped ghcr.io/panther-labs/mcp-panther:latestEnvironment Variables
- PANTHER_API_TOKEN
- PANTHER_INSTANCE_URL
- LOG_LEVEL
- MCP_LOG_FILE
- MCP_TRANSPORT
- MCP_PORT
- MCP_HOST
- PANTHER_ALLOW_INSECURE_INSTANCE
Security Notes
The server uses environment variables for API tokens and instance URLs, which is good practice. It explicitly enables SSL for API communication. The `query_data_lake` tool directly executes SQL, which inherently carries a risk of SQL injection if user inputs are not carefully managed by the AI agent; however, the `wrap_reserved_words` function helps mitigate some specific identifier-related risks. The documentation also explicitly calls for time filters in queries for performance and partitioning. `PANTHER_ALLOW_INSECURE_INSTANCE` is an opt-in environment variable that can disable SSL verification, which should be used with caution. Overall, the implementation shows good security awareness, but the nature of a SQL execution tool requires vigilance.
Similar Servers
sentry-mcp
A middleware server designed to optimize Sentry API access for human-in-the-loop coding agents, focusing on developer workflows and debugging use cases.
mcp-server-wazuh
This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).
mcp-server-cortex
This server acts as a bridge, exposing Cortex threat intelligence analysis capabilities as tools consumable by Model Context Protocol (MCP) clients, such as large language models (LLMs).
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.