Skip to main content
Glama
deenesjakoruzh

Zeek-MCP

by Gabbo01
GitHub
Python
Apache 2.0
3
  • Linux
  • Apple
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Logo

Zeek-MCP

This repository provides a set of utilities to build an MCP server (Model Context Protocol) that you can integrate with your conversational AI client.

Table of Contents

Prerequisites

  • Python 3.7+
  • Zeek installed and available in your PATH (for the execzeek tool)
  • pip (for installing Python dependencies)

Installation

1. Clone the repository

git clone https://github.com/Gabbo01/Zeek-MCP cd Zeek-MCP

2. Install dependencies

It's recommended to use a virtual environment:

python -m venv venv source venv/bin/activate # Linux/macOS venv\Scripts\activate # Windows pip install -r requirements.txt

Note: If you don’t have a requirements.txt, install directly:

pip install pandas mcp

Usage

The repository exposes two main MCP tools and a command-line entry point:

3. Run the MCP server

python Bridge_Zeek_MCP.py --mcp-host 127.0.0.1 --mcp-port 8081 --transport sse
  • --mcp-host: Host for the MCP server (default: 127.0.0.1).
  • --mcp-port: Port for the MCP server (default: 8081).
  • --transport: Transport protocol, either sse (Server-Sent Events) or stdio.

start

4. Use the MCP tools

You need to use an LLM that can support the MCP tools usage by calling the following tools:

  1. execzeek(pcap_path: str) -> str
    • Description: Runs Zeek on the given PCAP file after deleting existing .log files in the working directory.
    • Returns: A string listing generated .log filenames or "1" on error.
  2. parselogs(logfile: str) -> DataFrame
    • Description: Parses a single Zeek .log file and returns the parsed content.

You can interact with these endpoints via HTTP (if using SSE transport) or by embedding in LLM client (eg: Claude Desktop):

Claude Desktop integration:

To set up Claude Desktop as a Zeek MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:

{ "mcpServers": { "Zeek-mcp": { "command": "python", "args": [ "/ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py", ] } } }

Alternatively, edit this file directly:

/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json
5ire Integration:

Another MCP client that supports multiple models on the backend is 5ire. To set up Zeek-MCP, open 5ire and go to Tools -> New and set the following configurations:

  1. Tool Key: ZeekMCP
  2. Name: Zeek-MCP
  3. Command: python /ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py
Alternatively you can use Chainlit framework and follow the documentation to integrate the MCP server.

Examples

An example of MCP tools usage from a chainlit chatbot client, it was used an example pcap file (you can find fews in pcaps folder)

In that case the used model was claude-3.7-sonnet-reasoning-gemma3-12b

example1

example2

example3

License

See LICENSE for more information.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

A Model Context Protocol server that integrates Zeek network analysis capabilities with LLM chatbots, allowing them to analyze PCAP files and parse network logs through natural language interactions.

  1. Table of Contents
    1. Prerequisites
      1. Installation
        1. 1. Clone the repository
        2. 2. Install dependencies
      2. Usage
        1. 3. Run the MCP server
        2. 4. Use the MCP tools
      3. Examples
        1. License

          Related MCP Servers

          • Toolkit MCP Server

            cyanheads
            A
            security
            A
            license
            A
            quality
            A Model Context Protocol server that provides LLM Agents with a comprehensive toolset for IP geolocation, network diagnostics, system monitoring, cryptographic operations, and QR code generation.
            Last updated -
            16
            566
            10
            TypeScript
            Apache 2.0

          • ZenML MCP Serverofficial

            zenml-io
            -
            security
            A
            license
            -
            quality
            A server implementing Model Context Protocol that enables LLMs to interact with the ZenML platform, providing access to pipeline data, stack information, and the ability to trigger new pipeline runs.
            Last updated -
            23
            Python
            MIT License

          • WireMCP

            0xKoda
            A
            security
            A
            license
            A
            quality
            A Model Context Protocol server that provides LLMs with real-time network traffic analysis capabilities, enabling tasks like threat hunting, network diagnostics, and anomaly detection through Wireshark's tshark.
            Last updated -
            7
            171
            JavaScript
            MIT License
            • Apple
            • Linux

          • JMeter MCP Server

            QAInsights
            A
            security
            F
            license
            A
            quality
            A Model Context Protocol server that allows AI assistants to execute and manage JMeter performance tests through natural language commands.
            Last updated -
            2
            36
            Python

          View all related MCP servers

          New MCP Servers

          MCP directory API

          We provide all the information about MCP servers via our MCP API.

          curl -X GET 'https://glama.ai/api/mcp/v1/servers/Gabbo01/Zeek-MCP'

          If you have feedback or need assistance with the MCP directory API, please join our Discord server