MCP AI SOC Sher
AI-driven SOC Text2SQL framework with security threat analysis
Key Features
Use Cases
README
MCP AI SOC Sher
A powerful AI-driven Security Operations Center (SOC) Text2SQL framework based MCP Server (Local and Remote) for converting natural language Prompts to SQL queries dynamically, with integrated security threat analysis and monitoring.
Features
- Text2SQL Conversion: Convert natural language queries to optimized SQL
- Multiple Interfaces: Support for STDIO, SSE, and REST API
- Security Threat Analysis: Built-in SQL query security analysis
- Multiple Database Support: Connect to SQLite or Snowflake databases
- Streaming Responses: Real-time query processing feedback
- SOC Monitoring: Security Operations Center monitoring capabilities
Installation
pip install mcp-ai-soc-sher
Quick Start
# Set your OpenAI API key
import os
os.environ["OPENAI_API_KEY"] = "your-api-key-here"
# Use as local server
from mcp_ai_soc_sher.local import LocalMCPServer
server = LocalMCPServer()
server.start()
# Or run from command line
# mcp-ai-soc --type local --stdio --sse
Command Line Usage
# Run local server with STDIO interface
mcp-ai-soc --type local --stdio
# Run local server with SSE interface
mcp-ai-soc --type local --sse
# Run remote server with REST API
mcp-ai-soc --type remote
Configuration
Create a .env file with your configuration:
OPENAI_API_KEY=your_openai_api_key_here
MCP_DB_URI=sqlite:///your_database.db
MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true
See the documentation for all configuration options.
Example
import json
import requests
# Query the server
response = requests.post(
"http://localhost:8000/api/sql",
headers={"Content-Type": "application/json", "X-API-Key": "your-api-key"},
json={
"query": "Find all suspicious login attempts in the last 24 hours",
"optimize": True,
"execute": True
}
)
# Process the response
result = response.json()
print(f"SQL Query: {result['sql']}")
if result['results']:
print("Results:")
for row in result['results']:
print(row)
Security Features
- Rule-based and AI-powered SQL query security analysis
- Detection of potential SQL injection attacks
- Sensitive table access monitoring
- Configurable security levels and actions
License
MIT License with Additional Conditions. Copyright (c) 2025 Akram Sheriff.
See LICENSE for details.
Contributing
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
Star History
Repository Owner
User
Repository Details
Programming Languages
Tags
Topics
Join Our Newsletter
Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.
Related MCPs
Discover similar Model Context Protocol servers
Panther MCP Server
Natural language and IDE-powered server for detection, alert triage, and data lake querying in Panther.
Panther MCP Server enables interactive management of security alerts, data lake queries, and scheduled reporting using natural language and integrated tools. It allows users to write and tune detections from an IDE, triage and comment on alerts, and execute advanced queries against security logs. The system provides a wide range of operations including alert investigation, bulk updates, AI-powered triage insight generation, and data lake schema exploration. Integration with the Model Context Protocol ensures standardized and extensible interactions for security operations.
- ⭐ 32
- MCP
- panther-labs/mcp-panther
MXCP
Enterprise-Grade Model Context Protocol Framework for AI Applications
MXCP is an enterprise-ready framework that implements the Model Context Protocol (MCP) for building secure, production-grade AI application servers. It introduces a structured methodology focused on data modeling, robust service design, policy enforcement, and comprehensive testing, integrated with strong security and audit capabilities. The framework enables rapid development and deployment of AI tools, supporting both SQL and Python environments, with built-in telemetry and drift detection for reliability and compliance.
- ⭐ 49
- MCP
- raw-labs/mxcp
mcp-server-sql-analyzer
MCP server for SQL analysis, linting, and dialect conversion.
Provides standardized MCP server capabilities for analyzing, linting, and converting SQL queries across multiple dialects using SQLGlot. Supports syntactic validation, dialect transpilation, extraction of table and column references, and offers tools for understanding query structures. Facilitates seamless workflow integration with AI assistants through a set of MCP tools.
- ⭐ 26
- MCP
- j4c0bs/mcp-server-sql-analyzer
AIM Guard MCP
AI-powered security and safety server for Model Context Protocol environments.
AIM Guard MCP is a server implementing the Model Context Protocol (MCP), providing AI-powered security analysis and safety instruction tools tailored for AI agents. It offers features such as contextual security instructions, harmful content detection, API key scanning, and prompt injection detection, all designed to guard and protect interactions with various MCPs and external services. Built for fast integration, it connects with the AIM Intelligence API and is compatible with any MCP-compliant AI assistant.
- ⭐ 13
- MCP
- AIM-Intelligence/AIM-MCP
TeslaMate MCP Server
Query your TeslaMate data using the Model Context Protocol
TeslaMate MCP Server implements the Model Context Protocol to enable AI assistants and clients to securely access and query Tesla vehicle data, statistics, and analytics from a TeslaMate PostgreSQL database. The server exposes a suite of tools for retrieving vehicle status, driving history, charging sessions, battery health, and more using standardized MCP endpoints. It supports local and Docker deployments, includes bearer token authentication, and is intended for integration with MCP-compatible AI systems like Claude Desktop.
- ⭐ 106
- MCP
- cobanov/teslamate-mcp
MCP 数据库工具 (MCP Database Utilities)
A secure bridge enabling AI systems safe, read-only access to multiple databases via unified configuration.
MCP Database Utilities provides a secure, standardized service for AI systems to access and analyze databases like SQLite, MySQL, and PostgreSQL using a unified YAML-based configuration. It enforces strict read-only operations, local processing, and credential protection to ensure data privacy and integrity. The tool is suitable for entities focused on data privacy and minimizes risks by isolating database connections and masking sensitive data. Designed for easy integration, it supports multiple installation options and advanced capabilities such as schema analysis and table browsing.
- ⭐ 85
- MCP
- donghao1393/mcp-dbutils
Didn't find tool you were looking for?