Suricata MCP

Suricata MCP

An MCP server for validating Suricata rule syntax and testing rules against pcap files to verify alert matching. It automates the testing process by running Suricata and parsing generated alert logs to confirm signature IDs.

Category
Visit Server

README

Suricata MCP

MCP service for validating Suricata rules against pcap files.

Installation

# 安装依赖
source /path/to/venv/bin/activate
pip install -e .

Usage

运行 MCP Server

suricata-mcp

或在 Claude Desktop 配置中添加:

{
  "mcpServers": {
    "suricata": {
      "command": "python",
      "args": ["-m", "suricata_mcp.server"],
      "env": {
        "SURICATA_PATH": "/usr/local/bin/suricata"
      }
    }
  }
}

Tools

validate_suricata_rule

验证 Suricata 规则语法是否正确。

参数:

  • rule_content (string, 必需): Suricata 规则内容

validate_suricata_rule_file

验证 Suricata 规则文件语法是否正确。

参数:

  • rule_path (string, 必需): 规则文件路径

示例:

{
  "rule_path": "/path/to/rules.rules"
}

test_suricata_rule

测试 Suricata 规则对 pcap 文件是否生效,验证规则是否能匹配到预期告警。

参数:

  • rule_content (string, 必需): Suricata 规则内容
  • pcap_path (string, 必需): pcap 文件路径
  • expected_sid (integer, 可选): 预期匹配的 signature ID,不提供则从规则中提取

test_suricata_rule_file

测试 Suricata 规则文件对 pcap 文件是否生效。

参数:

  • rule_path (string, 必需): 规则文件路径
  • pcap_path (string, 必需): pcap 文件路径
  • expected_sids (array of integers, 可选): 预期匹配的 signature IDs

工作流程

  1. 规则语法验证: 使用 suricata -S <rule_path> -T 验证规则语法
  2. pcap 测试: 使用 suricata -r <pcap_path> -S <rule_path> -l <log_path> 运行测试
  3. 告警解析: 解析 eve.jsonevent_typealert 的记录
  4. sid 匹配: 验证规则的 sid 与告警日志中的 signature_id 是否一致

自动编写规则

配合: https://github.com/fairyming/tshark_mcp, 可以实现自动分析,编写规则并验证

image.png image.png image.png

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured