SuricataMCP

by Medinios
2
  • Linux
  • Apple

Integrations

  • Provides tools for network traffic analysis using Suricata on Linux systems, allowing for retrieving version information, help documentation, and analyzing PCAP files for security alerts.

  • Enables network traffic analysis using Suricata on macOS, offering capabilities to check Suricata version, access help information, and process PCAP files to identify security threats.

  • Includes documentation and guides published on Medium that explain how to install and use SuricataMCP with Cursor for network security analysis.

SuricataMCP 🚀

SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.

📰 Full Guide on Medium

For your convenience, we created a full Medium article that walks you through how to install and use SuricataMCP with Cursor step by step. Supercharging Cursor with SuricataMCP: Network Security at Your Fingertips


📦 Features

  • 🔡 Easily get Suricata version and help info.
  • 📁 Parse .pcap files and retrieve alerts using a simple tool interface.
  • 🧠 Built with the MCP protocol for seamless integration with AI coding tools like Cursor.

⬇️ Downloading Suricata

To use this project, you'll need to download and install Suricata:

Go to the official Suricata site: https://suricata.io/download/

Follow installation instructions for your OS (Linux, macOS, or Windows)

On Linux, you can also install via package manager, e.g.:

bash sudo apt install suricata

After installation, locate the Suricata binary and configuration files so you can set the correct paths in config.py.


⚙️ Installation Guide

Follow these steps to set up SuricataMCP on your system:


1. Clone the Repository

Open your terminal and run:

git clone https://github.com/medinios/SuricataMCP.git cd SuricataMCP

2. Install dependencies (e.g., if using a virtual environment)

pip install -r requirements.txt

3. Edit the config.py file to specify your Suricata installation path:

SURICATA_DIR = "/path/to/suricata" SURICATA_EXE_FILE = "suricata" # or "suricata.exe" on Windows

4. Add SuricataMCP to your AI platform with:

{ "mcpServers": { "SuricataMcp": { "command": "cmd", "args": ["/c", "mcp", "run", "[YourPath]\\SuricataMcp\\suricata-mcp.py"] } } }

🚀 Usage

Run the MCP server locally from your AI platform (like Cursor)

When running, the server exposes the following MCP tools:

  • get_suricata_version(): Returns Suricata's version string.
  • get_suricata_help(): Returns Suricata CLI help output.
  • get_alerts_from_pcap_file(pcap_destination: str, destination_folder_results: str): Runs Suricata on the given .pcap file and returns the content of fast.log.

📄 Adding Custom Rules

To extend Suricata with your own detection rules:

  1. Add your custom rule files (e.g., custom.rules) to the suricata/rules directory.

⚠️ Disclaimer

We are not affiliated with the official Suricata project or the OISF (Open Information Security Foundation). SuricataMCP is an independent integration built for personal use inside Cursor. Example pcap was taken from PCAP-ATTACK


🤝 Contributors

This project was built by two developers passionate about security, context-aware systems, and building useful tools for the community. Every line of code, every CLI command, and every integration was a product of focused collaboration and shared curiosity.

Sam Med, Raz Tel-Vered

🤝 Contributing

PRs and suggestions are welcome! Let's make SuricataMCP more accessible and programmable together.

-
security - not tested
F
license - not found
-
quality - not tested

SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.

  1. 📰 Full Guide on Medium
    1. 📦 Features
      1. ⬇️ Downloading Suricata
        1. ⚙️ Installation Guide
          1. 1. Clone the Repository
          2. 2. Install dependencies (e.g., if using a virtual environment)
          3. 3. Edit the config.py file to specify your Suricata installation path:
          4. 4. Add SuricataMCP to your AI platform with:
        2. 🚀 Usage
          1. 📄 Adding Custom Rules
            1. ⚠️ Disclaimer
              1. 🤝 Contributors
                1. 🤝 Contributing

                  Related MCP Servers

                  • A
                    security
                    F
                    license
                    A
                    quality
                    A Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.
                    Last updated -
                    8
                    84
                    27
                    JavaScript
                  • -
                    security
                    A
                    license
                    -
                    quality
                    A proxy server that converts Model Context Protocol (MCP) messages to Simple Language Open Protocol (SLOP) messages, allowing MCP clients like Claude Desktop to interact with SLOP-compatible servers.
                    Last updated -
                    2
                    10
                    JavaScript
                    MIT License
                    • Apple
                  • A
                    security
                    A
                    license
                    A
                    quality
                    An MCP server that provides a comprehensive interface to Semgrep, enabling users to scan code for security vulnerabilities, create custom rules, and analyze scan results through the Model Context Protocol.
                    Last updated -
                    6
                    140
                    Python
                    MIT License
                    • Linux
                    • Apple
                  • -
                    security
                    F
                    license
                    -
                    quality
                    An MCP server that provides access to Naver OpenAPI services, enabling users to search blogs, news, books, images, and other content through standardized Model Context Protocol interfaces.
                    Last updated -
                    Python

                  View all related MCP servers

                  ID: m32270xo31