- Home
- MCP servers
- SOAR
SOAR
- python
16
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
You can deploy the SOAR MCP Server to securely orchestrate, automate, and respond to security events by connecting OctoMation SOAR with AI clients through the Model Context Protocol. This server provides centralized security workflows, script execution, and threat intelligence access, enabling AI assistants to perform professional cybersecurity responses with ease.
How to use
You will connect one or more MCP clients to the server to discover and run security playbooks. Start by ensuring the MCP server is running, then configure your MCP clients to point to the server URL and authentication method. Once connected, you can list available playbooks, check required execution parameters, execute playbooks with parameters, and monitor execution status and results across asynchronous operations.
How to install
Prerequisites: install Python 3.9 or newer, ensure you have at least 4 GB of memory, and have network access to reach your SOAR API.
Step 1: Set up the project directory by cloning the repository or obtaining the release package.
# Clone the project
git clone https://github.com/flagify-com/soar-mcp.git
cd soar-mcp
# Or download the release package and extract
# (instructions may vary by release source)
Step 2: Create a Python virtual environment and install dependencies.
python3 -m venv venv
# Activate the virtual environment
# Linux/macOS:
source venv/bin/activate
# Windows:
venv\Scripts\activate
# Upgrade pip and install dependencies
pip install --upgrade pip
pip install -r requirements.txt
Step 3: Start the MCP server for the first time.
python3 soar_mcp_server.py
First run will initialize the database, create an administrator account, generate a persistent JWT key, and start both the MCP service and the web management interface. Take note of the initial administrator password printed in the console and save it securely.
Additional sections
Configuration and security are built into the server. You can customize how the server authenticates clients, adjust ports and bind addresses, enable or disable SSL validation, and control synchronization behavior from the web management interface under System Settings.
Security considerations include using Bearer tokens for API authentication, persisting JWT keys, desensitizing logs, and binding the service locally by default to minimize accidental exposure. Regularly rotate admin passwords and review audit logs for all MCP tool calls.
If you need to run the server as a background service, you can create a systemd service on Linux that starts the server and keeps it running across reboots. See the system service example in the configuration notes for reference.
For client usage, you can connect clients such as Cherry Studio and Claude Desktop by configuring the MCP server entry with either a URL parameter or a Bearer token in the request headers. Follow the client-specific configuration examples to ensure secure and reliable communication.
Notes
The server exposes two main access methods: HTTP-based API access for remote clients and a local, stdio-based startup command when running the server directly. Use the HTTP URL when your client supports remote HTTP calls, or use the stdio command when you operate the MCP server within a local process.
Available tools
list_playbooks_quick
Fetch a concise list of available playbooks with IDs and display names for quick understanding by AI clients.
query_playbook_execution_params
Retrieve the parameter definitions required to execute a specific playbook by its ID.
execute_playbook
Trigger execution of a specified playbook with provided parameters; supports asynchronous operation.
query_playbook_execution_status_by_activity_id
Query the status of a running or completed playbook execution using the activity ID.
query_playbook_execution_result_by_activity_id
Fetch the detailed results of a playbook execution by activity ID, asynchronously.