timesketch-mcp-server
Verified Safeby timesketch
Overview
Provides an API server with a set of tools for programmatic interaction and analysis of data within a Timesketch digital forensics platform.
Installation
docker compose up -dEnvironment Variables
- TIMESKETCH_HOST
- TIMESKETCH_PORT
- TIMESKETCH_USER
- TIMESKETCH_PASSWORD
Security Notes
The server uses environment variables for Timesketch credentials, which is good practice. Input sanitization for `search_timesketch_events_substrings` handles Lucene reserved characters for non-regex searches. However, tools like `search_timesketch_events_advanced` allow direct Lucene/OpenSearch query strings, meaning the security against query injection or resource exhaustion largely depends on the robustness of the underlying `timesketch-api-client` and the Timesketch backend itself. The server binds to `0.0.0.0` by default when run via `uv`, making it accessible externally, requiring proper network isolation in production.
Similar Servers
mcp_massive
An AI agent orchestration server, likely interacting with LLMs and managing multi-agent workflows.
touchdesigner-mcp
Enables AI agents to control and operate TouchDesigner projects programmatically, allowing for node manipulation, Python script execution, and project querying.
tiger-gh-mcp-server
Provides a set of focused tools to Large Language Models (LLMs) for interacting with the GitHub API, enabling capabilities like fetching issues, pull requests, commits, releases, and searching code within a specified organization.
lex
Provides a UK legal research API for AI agents, offering capabilities to search legislation, caselaw, amendments, and explanatory notes using semantic and keyword search, and includes a Micro-Copilot (MCP) server for integration with AI assistants.