Skip to main content
Glama
Swarsel

crowdsec-mcp

by Swarsel

crowdsec-mcp

A read-only MCP server for CrowdSec, exposing decisions and alerts.

Tools

name

endpoint

required secret

list_decisions

GET /v1/decisions

bouncer key

decisions_stream

GET /v1/decisions/stream

bouncer key

list_alerts

GET /v1/alerts

machine login

get_alert

GET /v1/alerts/{id}

machine login

Related MCP server: enoch-mcp

Credentials

We need two credential types:

  • Decisions need only a bouncer API key (cscli bouncers add <name>), which is inherently read-only. This alone is enough for list_decisions / decisions_stream.

  • Alerts are only reachable with machine credentials (cscli machines add), exchanged for a short-lived JWT. That credential is technically read-write on LAPI, so this server only ever issues GET requests (plus the login POST). The alert tools stay disabled unless machine credentials are configured.

Configuration (environment variables)

name

default

use

CROWDSEC_LAPI_URL

http://localhost:8080

LAPI base URL

CROWDSEC_BOUNCER_KEY

bouncer API key (enables decision tools)

CROWDSEC_MACHINE_ID

machine id (enables alert tools)

CROWDSEC_MACHINE_PASSWORD

machine password

CROWDSEC_VERIFY_TLS

true

set false to skip TLS verification

A
license - permissive license
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Swarsel/crowdsec-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server