splunk-soar-mcp-connector

shanto12/splunk-soar-mcp-connector

3.2

If you are the rightful owner of splunk-soar-mcp-connector and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

MCP Server for Splunk SOAR enables seamless integration of AI assistants with Splunk SOAR instances through configurable connections and secure authentication.

Tools
9
Resources
0
Prompts
0

Splunk SOAR MCP Server

MCP (Model Context Protocol) Server for Splunk SOAR - Connect AI assistants to any Splunk SOAR instance with configurable base URL and authentication token.

Features

  • Configurable Connection: Connect to any Splunk SOAR instance by setting environment variables
    • Multi-tenant Support: Different users can connect to different SOAR instances using the same server code
      • Secure Authentication: Uses Splunk SOAR API tokens for authentication

        • Comprehensive Tools: List containers, playbooks, actions, assets, and more

        • Available Tools

        • | Tool | Description |

        • |------|-------------|

        • | test_connection | Test connectivity to your SOAR instance |

        • | list_containers | List incidents/cases in SOAR |

        • | get_container | Get details of a specific container |

        • | list_playbooks | List available playbooks |

        • | run_playbook | Execute a playbook on a container |

        • | list_actions | List available actions |

        • | get_action_run | Get status of an action run |

        • | list_assets | List configured assets |

        • | get_system_info | Get SOAR system information |

        • Installation

          1. Clone this repository:

          2. git clone https://github.com/shanto12/splunk-soar-mcp-connector.git
cd splunk-soar-mcp-connector

            1. Install dependencies:

            2. pip install -r requirements.txt

              Configuration

              Set the following environment variables before running:

              export SPLUNK_SOAR_URL="https://your-soar-instance.example.com"
export SPLUNK_SOAR_TOKEN="your-api-token-here"

              Getting Your API Token

              1. Log into your Splunk SOAR instance
                1. Navigate to Administration > User Management
                  1. Select your user and generate an API token

                    1. Copy the token value

                    2. Usage with Claude Desktop

                    3. Add to your Claude Desktop MCP configuration (claude_desktop_config.json):

                    4. {
  "mcpServers": {
    "splunk-soar": {
      "command": "python",
      "args": ["/path/to/splunk-soar-mcp-connector/mcp_server.py"],
      "env": {
        "SPLUNK_SOAR_URL": "https://your-soar-instance.example.com",
        "SPLUNK_SOAR_TOKEN": "your-api-token"
      }
    }
  }
}

                      Usage with Other MCP Clients

                      The server uses stdio transport. Configure your MCP client to:

                      • Run: python mcp_server.py

                        • Set environment variables for SPLUNK_SOAR_URL and SPLUNK_SOAR_TOKEN

                        • License

                        • MIT License - See LICENSE file for details.