sentinelone-mcp
Multitenant Streamable HTTP wrapper for SentinelOne's purple-mcp. Enables MSPs to expose SentinelOne threat detection and response capabilities to AI assistants across multiple tenants.
README
sentinelone-mcp
Multitenant Streamable HTTP wrapper for sentinel-one/purple-mcp, built so the wyre-technology MCP gateway can forward per-tenant SentinelOne credentials as HTTP headers.
Why
purple-mcp is a great first-party MCP server, but it reads its SentinelOne console token + URL from environment variables at process startup, which makes it single-tenant per container. Our gateway is multi-tenant: every request carries the calling org's credentials as HTTP headers, and the vendor container has to translate those headers into something the upstream understands.
This image bundles purple-mcp plus a small Node/Fastify proxy. The proxy:
- Listens on
:8080withPOST /mcpandGET /health. - Reads
x-purplemcp-tokenandx-purplemcp-base-urlfrom each incoming request. - Lazily spawns one
purple-mcp --mode streamable-httpchild per(token, base-url)tenant on a private loopback port, with the right env vars set. - Proxies the request body to that child and streams the response back.
- Evicts idle children after 15 minutes (
IDLE_EVICT_MS).
The result is a single container that the gateway can talk to like any other vendor MCP server.
Configuration
| Env var | Default | Notes |
|---|---|---|
PORT |
8080 |
Public listen port. |
PURPLE_MCP_DIR |
/opt/purple-mcp |
Where purple-mcp source + venv live. |
PURPLE_MCP_PYTHON |
/opt/purple-mcp/.venv/bin/python |
Python interpreter from the upstream venv. |
IDLE_EVICT_MS |
900000 |
Idle tenant timeout. |
SPAWN_READY_TIMEOUT_MS |
30000 |
How long to wait for a child to start serving HTTP. |
LOG_LEVEL |
info |
Fastify log level. |
Request headers
The gateway must forward these headers on every /mcp request:
| Header | SentinelOne credential |
|---|---|
x-purplemcp-token |
PURPLEMCP_CONSOLE_TOKEN (Account- or Site-level service user token) |
x-purplemcp-base-url |
PURPLEMCP_CONSOLE_BASE_URL (e.g. https://yourtenant.sentinelone.net) |
Build
docker build -t ghcr.io/wyre-technology/sentinelone-mcp:latest .
License
Apache-2.0. The bundled purple-mcp is MIT-licensed by SentinelOne.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.