SOAR

SOAR MCP Server 是一个创新的安全编排平台集成解决方案,通过 Model Context Protocol 将 SOAR (Security Orchestration, Automation and Response) 能力直接集成到各种 AI 客户端中,包括 Claude Desktop、Cherry Studio、Cursor、Trae 等。它提供了完整的安全事件管理、剧本执行、威胁情报查询等功能,让 AI 助手具备专业的网络安全响应能力。
  • python

16

GitHub Stars

python

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

You can deploy the SOAR MCP Server to securely orchestrate, automate, and respond to security events by connecting OctoMation SOAR with AI clients through the Model Context Protocol. This server provides centralized security workflows, script execution, and threat intelligence access, enabling AI assistants to perform professional cybersecurity responses with ease.

How to use

You will connect one or more MCP clients to the server to discover and run security playbooks. Start by ensuring the MCP server is running, then configure your MCP clients to point to the server URL and authentication method. Once connected, you can list available playbooks, check required execution parameters, execute playbooks with parameters, and monitor execution status and results across asynchronous operations.

How to install

Prerequisites: install Python 3.9 or newer, ensure you have at least 4 GB of memory, and have network access to reach your SOAR API.

Step 1: Set up the project directory by cloning the repository or obtaining the release package.

# Clone the project
git clone https://github.com/flagify-com/soar-mcp.git
cd soar-mcp

# Or download the release package and extract
# (instructions may vary by release source)

Step 2: Create a Python virtual environment and install dependencies.

python3 -m venv venv

# Activate the virtual environment
# Linux/macOS:
source venv/bin/activate
# Windows:
venv\Scripts\activate

# Upgrade pip and install dependencies
pip install --upgrade pip
pip install -r requirements.txt

Step 3: Start the MCP server for the first time.

python3 soar_mcp_server.py

First run will initialize the database, create an administrator account, generate a persistent JWT key, and start both the MCP service and the web management interface. Take note of the initial administrator password printed in the console and save it securely.

Additional sections

Configuration and security are built into the server. You can customize how the server authenticates clients, adjust ports and bind addresses, enable or disable SSL validation, and control synchronization behavior from the web management interface under System Settings.

Security considerations include using Bearer tokens for API authentication, persisting JWT keys, desensitizing logs, and binding the service locally by default to minimize accidental exposure. Regularly rotate admin passwords and review audit logs for all MCP tool calls.

If you need to run the server as a background service, you can create a systemd service on Linux that starts the server and keeps it running across reboots. See the system service example in the configuration notes for reference.

For client usage, you can connect clients such as Cherry Studio and Claude Desktop by configuring the MCP server entry with either a URL parameter or a Bearer token in the request headers. Follow the client-specific configuration examples to ensure secure and reliable communication.

Notes

The server exposes two main access methods: HTTP-based API access for remote clients and a local, stdio-based startup command when running the server directly. Use the HTTP URL when your client supports remote HTTP calls, or use the stdio command when you operate the MCP server within a local process.

Available tools

list_playbooks_quick

Fetch a concise list of available playbooks with IDs and display names for quick understanding by AI clients.

query_playbook_execution_params

Retrieve the parameter definitions required to execute a specific playbook by its ID.

execute_playbook

Trigger execution of a specified playbook with provided parameters; supports asynchronous operation.

query_playbook_execution_status_by_activity_id

Query the status of a running or completed playbook execution using the activity ID.

query_playbook_execution_result_by_activity_id

Fetch the detailed results of a playbook execution by activity ID, asynchronously.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational