saas-alerts-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@saas-alerts-mcpshow me critical security events from the last 24 hours"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
saas-alerts-mcp
Model Context Protocol server for Kaseya SaaS Alerts — a SaaS security monitoring platform for M365 and Google Workspace events.
Part of the WYRE Technology MCP fleet.
Features
Exposes the full SaaS Alerts External Partner API (v0.20.0) through 30 MCP tools organized by domain:
Domain | Tools |
events | Query/count security events by severity, customer, user, event type; advanced Elasticsearch queries; scroll pagination; recommended actions |
customers | List, get, create, update, delete customers; set IP/country and account whitelists |
users | MSP user info, partner users, customer users |
devices | Unify mapped/unmapped/ignored devices, device organizations |
billing | Billing details by date, billing date history |
reports | List/get/create/delete scheduled reports |
partner | Partner profile, branding settings |
Write/destructive tools require user confirmation via MCP elicitation (fail-open: proceeds if client doesn't support elicitation).
Related MCP server: sherweb-mcp
Authentication
SaaS Alerts uses an API key sent as the api_key HTTP header.
Generate your API key in the SaaS Alerts UI under Settings → API Keys.
Local / stdio mode
export SAAS_ALERTS_API_KEY=your-api-key
node dist/index.jsHTTP mode
export SAAS_ALERTS_API_KEY=your-api-key
export MCP_TRANSPORT=http
export MCP_HTTP_PORT=8080
node dist/http.jsWYRE Gateway mode
When running behind the WYRE MCP Gateway, set AUTH_MODE=gateway. The gateway injects the API key per-request via the X-SaaS-Alerts-API-Key header — no env var needed.
Running with Docker
docker compose upOr pull from GHCR:
docker run -e SAAS_ALERTS_API_KEY=your-key \
-e MCP_TRANSPORT=http \
-p 8080:8080 \
ghcr.io/wyre-technology/saas-alerts-mcp:latestDevelopment
npm install
npm run build
npm test
npm run lint
node scripts/lint-destructive-warnings.mjs srcDestructive tool confirmation
Tools that permanently delete data (customer delete, scheduled report delete) carry:
⚠ DESTRUCTIVE — IRREVERSIBLEdescription prefixannotations.destructiveHint: trueElicitation confirmation guard (additive — proceeds if client doesn't support elicitation)
Always confirm with the user before invoking these tools.
License
Apache-2.0 — see LICENSE.
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/wyre-technology/saas-alerts-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server