sysdig-mcp-server

sysdiglabs/sysdig-mcp-server

3.3

If you are the rightful owner of sysdig-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

This document provides a structured overview of the Model Context Protocol (MCP) Server designed for querying information from the Sysdig Secure platform using LLMs.

Tools

Functions exposed to the LLM to take actions

get_event_info

Retrieve detailed information for a specific security event by its ID.

list_runtime_events

List runtime security events with optional filters.

get_event_process_tree

Retrieve the process tree for a specific event (if available).

list_resources

List inventory resources using filters (e.g., platform or category).

get_resource

Get detailed information about an inventory resource by its hash.

list_runtime_vulnerabilities

List runtime vulnerability scan results with filtering.

list_accepted_risks

List all accepted vulnerability risks.

get_accepted_risk

Retrieve a specific accepted risk by ID.

list_registry_scan_results

List scan results for container registries.

get_vulnerability_policy_by_id

Get a specific vulnerability policy by ID.

list_vulnerability_policies

List all vulnerability policies.

list_pipeline_scan_results

List CI pipeline scan results.

get_scan_result

Retrieve detailed scan results by scan ID.

sysdig_sysql_sage_query

Generate and run a SysQL query using natural language.

Prompts

Interactive templates invoked by user choice

No prompts

Resources

Contextual data attached and managed by the client

No resources