bryangwj/arkime-mcp-server
If you are the rightful owner of arkime-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
This server connects AI agents to your Arkime instance using the Model Context Protocol, enabling interaction with Arkime data through natural language conversations.
arkime-mcp-server
This server connects AI agents to your Arkime instance using the Model Context Protocol. It allows you to interact with your Arkime data through natural language conversations.
Available Tools
connections: Retrieve list of nodes and links based on query parameters.es_health: Get OpenSearch/Elasticsearch health and stats.fields: Get database field objects related to sessions.files: Get Arkime PCAP files.reverse_dns: Get domain names associated with an IP address.sessions: Retrieve all session data based on query parameters.session_packets: Get packets for a session.
Prerequisites
- Arkime instance (i.e. Capture and Viewer)
- OpenSearch/Elasticsearch instance connected to Arkime
- An MCP Client
Supported Arkime versions
Arkime Viewer v3.x to v5.x are supported. Earlier versions may work, but no guarantees.
Installation & Setup
To set up and run this project, follow these steps:
-
Install uv: The simplest way to install uv:
pipx install uv -
Clone this repository:
git clone https://github.com/bryangwj/arkime-mcp-server.git cd arkime-mcp-server -
Setup project dependencies and environment:
uv sync
Running arkime-mcp-server
Fill in the config.env file with your ARKIME_URL, ARKIME_USER and ARKIME_PASSWORD, and the server will automatically load the configuration from this file.
To start the arkime-mcp-server, simply run:
uv run -m src.server
Debugging
The MCP inspector to debug the server, by running the command:
npx @modelcontextprotocol/inspector uv run -m src.server