scm-mcp-server
Provides tools to manage Palo Alto Networks Strata Cloud Manager (SCM) objects such as addresses, address groups, services, tags, security rules, and incidents through the SCM REST API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@scm-mcp-serverlist my security rules"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
scm-mcp-server
Palo Alto Networks Strata Cloud Manager (SCM) 的 MCP server,通过 stdio 将 SCM REST API 暴露给 Claude、Cursor 等 AI 助手。
Prerequisites
Python 3.11+
SCM 租户凭据:Client ID、Client Secret、TSG ID (在 SCM 控制台 → Identity → Service Accounts 创建)
Related MCP server: Firewall Governance MCP Server
Install
git clone <this-repo>
cd scm-mcp-server
pip install -e ".[dev]"配置环境变量
cp .env.example .env
# 编辑 .env,填入真实凭据.env 内容:
SCM_CLIENT_ID=your-client-id
SCM_CLIENT_SECRET=your-client-secret
SCM_TSG_ID=your-tsg-id
SCM_BASE_URL=https://api.strata.paloaltonetworks.com # 可选,此为默认值运行
# 直接运行
python -m scm_mcp_server
# 用 MCP Inspector 调试
mcp dev scm_mcp_server/server.py在 Claude Desktop 注册
编辑 ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"scm": {
"command": "python",
"args": ["-m", "scm_mcp_server"],
"cwd": "/path/to/scm-mcp-server",
"env": {
"SCM_CLIENT_ID": "your-client-id",
"SCM_CLIENT_SECRET": "your-client-secret",
"SCM_TSG_ID": "your-tsg-id"
}
}
}
}重启 Claude Desktop,在对话框输入 /tools 确认 scm_* 系列工具已加载。
在 Cursor 注册
创建或编辑项目根目录 .cursor/mcp.json:
{
"mcpServers": {
"scm": {
"command": "python",
"args": ["-m", "scm_mcp_server"],
"cwd": "/path/to/scm-mcp-server",
"env": {
"SCM_CLIENT_ID": "your-client-id",
"SCM_CLIENT_SECRET": "your-client-secret",
"SCM_TSG_ID": "your-tsg-id"
}
}
}
}重启 Cursor,在 Composer 中输入 @scm 确认工具可用。
可用 Tool 列表(共 16 个)
Tool | 说明 |
| 列出地址对象(支持分页/过滤) |
| 按 ID 获取单个地址对象 |
| 创建地址对象 |
| 更新地址对象 |
| 删除地址对象 |
| 列出地址组 |
| 列出服务对象 |
| 列出标签 |
| 列出安全策略规则 |
| 按 ID 获取安全规则 |
| 创建安全规则 |
| 更新安全规则 |
| 删除安全规则 |
| 调整规则顺序(top/bottom/before/after) |
| 搜索安全告警(支持过滤/分页) |
| 按 ID 获取告警详情 |
完整入参/出参说明见 DESIGN.md。
开发与测试
# 运行全部测试
pytest -v
# 单独运行各模块测试
pytest tests/test_auth.py -v
pytest tests/test_client.py -v
pytest tests/test_tools.py -v开发阶段协议见 WORKFLOW.md。
OpenAPI 规范
tool 的 schema 来源为 ../pan.dev/openapi-specs/scm/(相对本仓库父目录):
openapi-specs/scm/
auth/AuthService.yaml
config/
sase/objects/objects-june.yaml
sase/security/security-services-R2-2026.yaml
incidents/Unified_SCM_Incident.yaml
iam/
...禁止修改规范文件;如需更新请从上游 pan.dev 仓库同步。
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/zm1990s/vibe-coding-scm-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server