How do I use Purple AI MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Purple AI MCP Server show me critical alerts from the last 24 hours" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

Purple AI MCP Server

by wojtekkura

Overview Schema Related Servers Score Discussions

Python

Remote

Purple AI MCP Server

Fork of Sentinel-One/purple-mcp with added support for storing the API token in the OS credential store (Windows Credential Manager) instead of plaintext configuration files.

What is Purple AI MCP?

Purple AI MCP is a Model Context Protocol server that connects AI clients (Claude Desktop, Cursor, etc.) to SentinelOne's security platform. It gives AI assistants direct access to:

Purple AI — natural language queries against your security data
Singularity Data Lake — run and retrieve SDL queries
Alerts — list, search, and inspect security alerts
Vulnerabilities — query vulnerability findings
Misconfigurations — review cloud and Kubernetes misconfigurations
Asset Inventory — search and explore your asset inventory

Purple AI MCP is read-only — it cannot make changes to your SentinelOne account.

Quick Start

Install uv

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

Requirements

uv installed
A SentinelOne Console API token with Account or Site level permissions (not Global)
Your SentinelOne console base URL (e.g. https://usea1-008.sentinelone.net)

1. Store your token in Windows Credential Manager

Run this once in PowerShell:

cmdkey /generic:"purple-mcp" /user:"PURPLEMCP_CONSOLE_TOKEN" /pass:"your-token-here"

To verify:

cmdkey /list:"purple-mcp"

To remove:

cmdkey /delete:"purple-mcp"

2. Configure Claude Desktop

Edit %APPDATA%\Claude\claude_desktop_config.json:

{
  "mcpServers": {
    "purple-mcp": {
      "command": "uvx",
      "args": [
        "--from",
        "purple-mcp @ https://github.com/wojtekkura/purple-mcp/archive/refs/heads/main.tar.gz",
        "purple-mcp",
        "--mode",
        "stdio"
      ],
      "env": {
        "PURPLEMCP_CONSOLE_BASE_URL": "https://your-console.sentinelone.net"
      }
    }
  }
}

Replace https://your-console.sentinelone.net with your actual console URL. The token is read automatically from Windows Credential Manager at startup — no token in the config file.

Restart Claude Desktop after saving the file.

License

MIT — see LICENSE

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/wojtekkura/purple-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server