Provides tools for network traffic analysis using Suricata on Linux systems, allowing for retrieving version information, help documentation, and analyzing PCAP files for security alerts.
Enables network traffic analysis using Suricata on macOS, offering capabilities to check Suricata version, access help information, and process PCAP files to identify security threats.
Includes documentation and guides published on Medium that explain how to install and use SuricataMCP with Cursor for network security analysis.
Features a demonstration video hosted on YouTube showing how to use SuricataMCP for network traffic analysis.
SuricataMCP 🚀
SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.
📰 Full Guide on Medium
For your convenience, we created a full Medium article that walks you through how to install and use SuricataMCP with Cursor step by step. Supercharging Cursor with SuricataMCP: Network Security at Your Fingertips
📦 Features
- 🔡 Easily get Suricata version and help info.
- 📁 Parse .pcap files and retrieve alerts using a simple tool interface.
- 🧠 Built with the MCP protocol for seamless integration with AI coding tools like Cursor.
⬇️ Downloading Suricata
To use this project, you'll need to download and install Suricata:
Go to the official Suricata site: https://suricata.io/download/
Follow installation instructions for your OS (Linux, macOS, or Windows)
On Linux, you can also install via package manager, e.g.:
bash sudo apt install suricata
After installation, locate the Suricata binary and configuration files so you can set the correct paths in config.py.
⚙️ Installation Guide
Follow these steps to set up SuricataMCP on your system:
1. Clone the Repository
Open your terminal and run:
2. Install dependencies (e.g., if using a virtual environment)
3. Edit the config.py file to specify your Suricata installation path:
4. Add SuricataMCP to your AI platform with:
🚀 Usage
Run the MCP server locally from your AI platform (like Cursor)
When running, the server exposes the following MCP tools:
- get_suricata_version(): Returns Suricata's version string.
- get_suricata_help(): Returns Suricata CLI help output.
- get_alerts_from_pcap_file(pcap_destination: str, destination_folder_results: str): Runs Suricata on the given .pcap file and returns the content of fast.log.
📄 Adding Custom Rules
To extend Suricata with your own detection rules:
- Add your custom rule files (e.g., custom.rules) to the suricata/rules directory.
⚠️ Disclaimer
We are not affiliated with the official Suricata project or the OISF (Open Information Security Foundation). SuricataMCP is an independent integration built for personal use inside Cursor. Example pcap was taken from PCAP-ATTACK
🤝 Contributors
This project was built by two developers passionate about security, context-aware systems, and building useful tools for the community. Every line of code, every CLI command, and every integration was a product of focused collaboration and shared curiosity.
🤝 Contributing
PRs and suggestions are welcome! Let's make SuricataMCP more accessible and programmable together.
This server cannot be installed
local-only server
The server can only run on the client's local machine because it depends on local resources.
SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.Last updated -88427JavaScript
- AsecurityAlicenseAqualityAn MCP server that provides tools for interacting with Supabase databases, storage, and edge functions.Last updated -1441JavaScriptMIT License
- -securityAlicense-qualityMCP Server simplifies the implementation of the Model Context Protocol by providing a user-friendly API to create custom tools and manage server workflows efficiently.Last updated -43TypeScriptMIT License
- -securityAlicense-qualityMCP Server provides a simpler API to interact with the Model Context Protocol by allowing users to define custom tools and services to streamline workflows and processes.Last updated -132TypeScriptMIT License