ProcmonMCP
If you are the rightful owner of ProcmonMCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
ProcmonMCP is a Model Context Protocol server designed to allow LLMs to autonomously analyze Procmon XML log files.
ProcmonMCP is a Model Context Protocol (MCP) server that enables Large Language Models (LLMs) to analyze Process Monitor (Procmon) XML log files. It supports various file formats including `.xml`, `.xml.gz`, `.xml.bz2`, and `.xml.xz`. The server pre-loads a specified Procmon XML file for in-memory analysis, optimizing data using string interning. It provides tools for querying events, inspecting process details, viewing metadata, exporting results, and performing basic analysis. Inspired by the GhidraMCP project, ProcmonMCP is designed with security considerations, warning users about the sensitive nature of Procmon logs. It supports `stdio` and `sse` MCP transport protocols and offers optional flags for memory optimization.
Features
- Load and analyze Procmon XML files with support for compressed formats.
- Optimize data using in-memory string interning for efficient querying.
- Provide progress reporting during the loading phase.
- Offer MCP tools for querying events, retrieving process details, and exporting results.
- Support `stdio` and `sse` MCP transport protocols with optional memory-saving flags.
Tools
get_loaded_file_summary
Returns the basic summary of the loaded file
query_events
Query events (support multiple filtering conditions)
get_event_details
Get detailed information about a specific event
get_event_stack_trace
Get stack trace information for a specific event
list_processes
List unique processes in the log
get_process_details
Get detailed information about a specific process
count_events_by_process
Count events by process
summary_operations_by_process
Summary operations by process
get_timing_statistics
Calculate event time statistics
