Integrations
Provides tools for network traffic analysis using Suricata on Linux systems, allowing for retrieving version information, help documentation, and analyzing PCAP files for security alerts.
Enables network traffic analysis using Suricata on macOS, offering capabilities to check Suricata version, access help information, and process PCAP files to identify security threats.
Includes documentation and guides published on Medium that explain how to install and use SuricataMCP with Cursor for network security analysis.
SuricataMCP 🚀
SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.
📰 Full Guide on Medium
For your convenience, we created a full Medium article that walks you through how to install and use SuricataMCP with Cursor step by step. Supercharging Cursor with SuricataMCP: Network Security at Your Fingertips
📦 Features
- 🔡 Easily get Suricata version and help info.
- 📁 Parse .pcap files and retrieve alerts using a simple tool interface.
- 🧠 Built with the MCP protocol for seamless integration with AI coding tools like Cursor.
⬇️ Downloading Suricata
To use this project, you'll need to download and install Suricata:
Go to the official Suricata site: https://suricata.io/download/
Follow installation instructions for your OS (Linux, macOS, or Windows)
On Linux, you can also install via package manager, e.g.:
bash sudo apt install suricata
After installation, locate the Suricata binary and configuration files so you can set the correct paths in config.py.
⚙️ Installation Guide
Follow these steps to set up SuricataMCP on your system:
1. Clone the Repository
Open your terminal and run:
2. Install dependencies (e.g., if using a virtual environment)
3. Edit the config.py file to specify your Suricata installation path:
4. Add SuricataMCP to your AI platform with:
🚀 Usage
Run the MCP server locally from your AI platform (like Cursor)
When running, the server exposes the following MCP tools:
- get_suricata_version(): Returns Suricata's version string.
- get_suricata_help(): Returns Suricata CLI help output.
- get_alerts_from_pcap_file(pcap_destination: str, destination_folder_results: str): Runs Suricata on the given .pcap file and returns the content of fast.log.
📄 Adding Custom Rules
To extend Suricata with your own detection rules:
- Add your custom rule files (e.g., custom.rules) to the suricata/rules directory.
⚠️ Disclaimer
We are not affiliated with the official Suricata project or the OISF (Open Information Security Foundation). SuricataMCP is an independent integration built for personal use inside Cursor. Example pcap was taken from PCAP-ATTACK
🤝 Contributors
This project was built by two developers passionate about security, context-aware systems, and building useful tools for the community. Every line of code, every CLI command, and every integration was a product of focused collaboration and shared curiosity.
🤝 Contributing
PRs and suggestions are welcome! Let's make SuricataMCP more accessible and programmable together.
This server cannot be installed
SuricataMCP is a Model Context Protocol Server that allows MCP clients to autonomously use suricata for network traffic analysis. It enables programmatic interaction with Suricata through tools like get_suricata_version, get_suricata_help, and get_alerts_from_pcap_file.
Related MCP Servers
- AsecurityFlicenseAqualityA Model Context Protocol (MCP) server that provides programmatic access to the Supabase Management API. This server allows AI models and other clients to manage Supabase projects and organizations through a standardized interface.Last updated -88427JavaScript
- -securityAlicense-qualityA proxy server that converts Model Context Protocol (MCP) messages to Simple Language Open Protocol (SLOP) messages, allowing MCP clients like Claude Desktop to interact with SLOP-compatible servers.Last updated -210JavaScriptMIT License
Semgrep MCP Serverofficial
AsecurityAlicenseAqualityAn MCP server that provides a comprehensive interface to Semgrep, enabling users to scan code for security vulnerabilities, create custom rules, and analyze scan results through the Model Context Protocol.Last updated -6140PythonMIT License- -securityFlicense-qualityAn MCP server that provides access to Naver OpenAPI services, enabling users to search blogs, news, books, images, and other content through standardized Model Context Protocol interfaces.Last updated -Python