SuricataMCP

SuricataMCP

SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get\_suricata\_version, get\_suricata\_help, and get\_alerts\_from\_pcap\_file.

Category
Visit Server

README

Logo

SuricataMCP 🚀

SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.

Watch the demo

📰 Full Guide on Medium

For your convenience, we created a full Medium article that walks you through how to install and use SuricataMCP with Cursor step by step. Supercharging Cursor with SuricataMCP: Network Security at Your Fingertips

📦 Features

  • 🔡 Easily get Suricata version and help info.
  • 📁 Parse .pcap files and retrieve alerts using a simple tool interface.
  • 🧠 Built with the MCP protocol for seamless integration with AI coding tools like Cursor.

⬇️ Downloading Suricata

To use this project, you'll need to download and install Suricata:

Go to the official Suricata site: https://suricata.io/download/

Follow installation instructions for your OS (Linux, macOS, or Windows)

On Linux, you can also install via package manager, e.g.:

bash sudo apt install suricata

After installation, locate the Suricata binary and configuration files so you can set the correct paths in config.py.

⚙️ Installation Guide

Follow these steps to set up SuricataMCP on your system:

1. Clone the Repository

Open your terminal and run:

git clone https://github.com/medinios/SuricataMCP.git
cd SuricataMCP

2. Install dependencies (e.g., if using a virtual environment)

pip install -r requirements.txt

3. Edit the config.py file to specify your Suricata installation path:

SURICATA_DIR = "/path/to/suricata"
SURICATA_EXE_FILE = "suricata"  # or "suricata.exe" on Windows

4. Add SuricataMCP to your AI platform with:

  {
    "mcpServers": {
      "SuricataMcp": {
        "command": "cmd",
        "args": ["/c", "mcp", "run", "[YourPath]\\SuricataMcp\\suricata-mcp.py"]
      }
    }
  }

🚀 Usage

Run the MCP server locally from your AI platform (like Cursor)

When running, the server exposes the following MCP tools:

  • get_suricata_version(): Returns Suricata's version string.
  • get_suricata_help(): Returns Suricata CLI help output.
  • get_alerts_from_pcap_file(pcap_destination: str, destination_folder_results: str): Runs Suricata on the given .pcap file and returns the content of fast.log.

📄 Adding Custom Rules

To extend Suricata with your own detection rules:

  1. Add your custom rule files (e.g., custom.rules) to the suricata/rules directory.

⚠️ Disclaimer

We are not affiliated with the official Suricata project or the OISF (Open Information Security Foundation). SuricataMCP is an independent integration built for personal use inside Cursor. Example pcap was taken from PCAP-ATTACK

🤝 Contributors

This project was built by two developers passionate about security, context-aware systems, and building useful tools for the community. Every line of code, every CLI command, and every integration was a product of focused collaboration and shared curiosity.

Sam Med, Raz Tel-Vered

🤝 Contributing

PRs and suggestions are welcome! Let's make SuricataMCP more accessible and programmable together.

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured