@sysdig/secure-mcp-server
v0.0.9
Published
Sysdig MCP server wrapping Sysdig Secure REST API endpoints
Readme
Sysdig MCP Server for Secure Product
A Model Context Protocol server that exposes Sysdig Secure API capabilities as agent-callable tools. Used by the Bloom skill plugins.
Tools
Customer & User
| Tool | Endpoint | Description |
|------|----------|-------------|
| get_customer_settings | GET /ui/customerSettings | Fetch all Secure settings for the current customer (which product features are enabled) |
| get_current_user | GET /api/users/me | Fetch the user profile of the currently authenticated principal |
| get_user_permissions | GET /api/users/me/permissions | Fetch the permissions granted to the current principal in their active team (with customer/user/team IDs) |
Threats Engine
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_threats_engine_groups | GET /api/v1/threatsEngine/groups | List threat groups with filters (time, status, type, zones, query expression) |
| get_threats_engine_group | GET /api/v1/threatsEngine/groups/{groupId} | Get a single threat group by ID |
| get_threats_engine_threat | GET /api/v1/threatsEngine/threats/{threatId} | Get a single threat occurrence by ID |
| list_threats_engine_threats_by_group | GET /api/v1/threatsEngine/groups/{groupId}/threats | List the threat occurrences inside a group |
| list_threats_engine_rules_by_group | GET /api/v1/threatsEngine/groups/{groupId}/rules | List the detection rules that triggered within a group |
| list_threats_engine_resources_by_group | GET /api/v1/threatsEngine/groups/{groupId}/resources | List the infrastructure resources involved in a group |
Runtime Security Events
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_runtime_events | GET /secure/events/v1/events | List runtime security events (Falco + ML detections) from the last N hours |
| get_event_info | GET /secure/events/v1/events/{event_id} | Retrieve full details for a specific security event by ID |
| get_event_process_tree | GET /api/process-tree/v1/process-branches/{event_id} + GET /api/process-tree/v1/process-trees/{event_id} | Retrieve the process tree (branches + full tree) for a security event |
| count_runtime_events | GET /api/v1/secureEvents/count | Count runtime security events matching a filter in the last N hours, without paginating event bodies. Returns a 16-category × 8-severity histogram |
| runtime_events_timeseries | GET /api/v1/secureEvents/timeseriesBy | Bucket runtime event counts over time, grouped by a categorical field (default severity); minimum bucket size is 1 minute |
| discover_runtime_event_field_values | GET /secure/events/v2/eventFields/{field} | Discover the distinct values of a runtime-events field in a window. Returns suggested (values active in window) and other (values known to tenant but inactive) — use to learn real cluster / rule / image names before writing a filter |
Threat Intelligence
| Tool | Endpoint | Description |
|------|----------|-------------|
| fetch_threat_intelligence_feed | GET /api/secure/threat-center/v1/articles | Fetch the daily Sysdig threat intelligence feed (CVEs, zero-days, active attacks) |
Vulnerability Scan Results
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_runtime_scan_results | GET /secure/vulnerability/v1/runtime-results | List vulnerability scan results for runtime workloads |
| get_scan_result | GET /secure/vulnerability/v1/results/{resultId} | Retrieve the full vulnerability scan report for a given resultId |
Vulnerability Findings
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_vulnerability_findings | GET /api/secure/analytics/v1/data/vulnerabilities/findings | List vulnerability findings, optionally filtered by zone and severity |
| list_vulnerability_findings_by_image | GET /api/secure/analytics/v1/data/vulnerabilities/findings/by-image | List vulnerability findings for a specific container image |
| list_vulnerability_findings_by_resource | GET /api/secure/analytics/v1/data/vulnerabilities/findings/by-resource | List vulnerability findings affecting a specific resource (host, workload, …) |
Identity Findings
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_identity_findings | POST /api/platform/analytics/v1/data/query (id=110) | List CIEM/identity findings ordered by unused-permissions percentage, severity, and name; optionally filter by severity (Critical/High/Medium/Low/Info), resource display name (substring), Observed90Days flag, and zone IDs |
| list_identity_findings_by_resources | POST /api/platform/analytics/v1/data/query (id=111) | List CIEM/identity findings grouped by resource; same filters and ordering as list_identity_findings |
| list_identity_findings_by_identity_check | POST /api/platform/analytics/v1/data/query (id=112) | List CIEM/identity findings grouped by identity check (e.g. No MFA Enabled, Risky Permissions, Administrative Permissions, Inactive Identity); same filters and ordering as list_identity_findings |
Posture
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_posture_resource_kinds | GET /api/cspm/v1/policy/controls/resource-template/kinds | List the resource kinds supported by Posture custom controls |
| get_posture_resource_template | GET /api/cspm/v1/policy/controls/resource-template/view/{resource_kind} | Fetch the sample input fixture for a resource kind |
| test_posture_rego | POST /api/cspm/v1/policy/controls/test-rego | Compile and evaluate a Rego rule against the sample fixture |
| list_posture_controls | GET /api/cspm/v1/policy/controls/search | List Posture controls (custom by default; built-in via is_custom: false) |
| list_posture_policies | GET /api/cspm/v1/policy/policies/list | List Posture policies (custom by default; built-in via is_custom: false) |
| list_posture_findings | POST /api/platform/analytics/v1/data/query (id=211) | List posture/CSPM findings ordered by resource first-seen (DESC); optionally filter by severity (Critical/High/Medium), control name (substring), whether accepted findings are included, and zone IDs |
| list_posture_findings_by_resource | POST /api/platform/analytics/v1/data/query (id=215) | List posture/CSPM findings grouped by resource; same filters and ordering as list_posture_findings |
CloudAuth
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_cloud_accounts | GET /api/cloudauth/v1/accounts | List onboarded cloud accounts (AWS / Azure / GCP / Okta / GitHub / IBM Cloud / Oracle Cloud), with provider/organization/feature filters |
| get_cloud_account | GET /api/cloudauth/v1/accounts/{accountId} | Get a single cloud account by UUID (optionally with decrypted credentials) |
| get_cloud_account_feature | GET /api/cloudauth/v1/accounts/{accountId}/feature/{featureType} | Get the configuration of a specific feature on an account |
| validate_cloud_account | POST /api/cloudauth/v1/accounts/{accountId}/validate | Trigger a fresh validation of the account (bypasses cache) and persist the result |
Response Actions
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_response_actions | GET /secure/response-actions/v1alpha1/actions | List the Response Actions available in the tenant, with their parameter schemas and responder type (HOST / CLUSTER / CLOUD). Pass context_event_id to scope the catalog to a single event's responder context |
| submit_response_action | POST /secure/response-actions/v1alpha1/action-executions | Submit a Response Action for asynchronous execution against the live environment. Some actions are irreversible (e.g. KILL_PROCESS); others are reversible via undo_response_action (e.g. ISOLATE_NETWORK). Marked destructive |
| get_response_action_status | GET /secure/response-actions/v1alpha1/action-executions/{id} | Get the status and result of a Response Action execution by its execution ID |
| list_response_action_executions | GET /secure/response-actions/v1alpha1/action-executions | List recent Response Action executions in the tenant (most recent first), with their type, status and timestamps |
| undo_response_action | DELETE /secure/response-actions/v1alpha1/action-executions/{id} | Undo a previously executed, reversible Response Action (e.g. remove the NetworkPolicy created by ISOLATE_NETWORK). Marked destructive |
| get_capture_storage | GET /platform/v1/configuration/capture-storage | Get the tenant's capture storage configuration. Use as a precheck before proposing artifact-producing actions (GET_LOGS, CAPTURE, FILE_ACQUIRE) — if not configured, those actions fail with HTTP 412 |
Remediation Jobs
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_remediation_jobs | GET /api/next/cp/jobs | List existing remediation jobs |
| get_remediation_job | GET /api/next/cp/jobs/{job_id} | Retrieve a single remediation job by ID |
| update_remediation_job | PUT /api/next/cp/jobs/{job_id} | Update a remediation job (status, assignee, notes) |
| list_candidate_remediation_jobs | GET /api/next/cp/candidate_jobs | List candidate jobs that could be added to a remediation plan |
Remediation Plans
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_plans | GET /api/next/cp/plans | List remediation plans |
| get_plan | GET /api/next/cp/plans/{plan_id} | Retrieve a single remediation plan by ID |
| create_plan | POST /api/next/cp/plans | Create a new remediation plan |
| update_plan | PUT /api/next/cp/plans/{plan_id} | Update an existing remediation plan |
| delete_plan | DELETE /api/next/cp/plans/{plan_id} | Delete a remediation plan |
| duplicate_plan | POST /api/next/cp/plans/{plan_id}/duplicate | Duplicate an existing remediation plan |
| list_plan_remediation_jobs | GET /api/next/cp/plans/{plan_id}/jobs | List the remediation jobs attached to a plan |
| get_plan_target_measure | GET /api/next/cp/plans/{plan_id}/target_measure | Get the target-measure time series for a plan |
| batch_plan_target_measures | POST /api/next/cp/plans/target_measures | Batch-fetch target measures across multiple plans |
| list_scope_labels | GET /api/next/cp/scope/labels | List the scope label keys available for plan targeting |
Zones
| Tool | Endpoint | Description |
|------|----------|-------------|
| list_zones | GET /api/v2/zones | List the zones configured for the current customer |
SysQL
| Tool | Endpoint | Description |
|------|----------|-------------|
| run_sysql | GET /api/sysql/v2/query | Execute a SysQL query against the Sysdig API |
| generate_sysql | GET /api/sage/sysql/generate | Translate a natural-language question into a SysQL query |
Bloom Skill State
| Tool | Endpoint | Description |
|------|----------|-------------|
| get_skill_state | GET /api/bloom/{skill_state} | Read the persisted state of a Bloom skill |
| save_skill_state | POST /api/bloom/{skill_state} | Persist the state of a Bloom skill |
| delete_skill_state | DELETE /api/bloom/{skill_state} | Delete the persisted state of a Bloom skill |
Transports
The server supports two transport modes, selected via SYSDIG_MCP_TRANSPORT:
| Mode | Value | How credentials are passed |
|------|-------|---------------------------|
| stdio (default) | stdio | SYSDIG_SECURE_API_TOKEN and SYSDIG_SECURE_URL env vars (or the MCP-specific overrides — see Environment Variables) |
| HTTP | http | Authorization: Bearer <token> request header (required); X-Sysdig-Host: <url> (optional, falls back to the server's SYSDIG_MCP_API_HOST / SYSDIG_SECURE_URL env) |
In HTTP mode the server listens on port 8808 by default (override with SYSDIG_MCP_PORT).
By default HTTP mode is session-tracked: the first request creates a session id (returned in the Mcp-Session-Id response header) and subsequent requests with the same id reuse the same McpServer instance. Set SYSDIG_MCP_STATELESS=true to disable this — a fresh McpServer is created per request and discarded when the response ends. Stateless mode is useful behind a load balancer that doesn't pin clients to a pod; the tradeoff is that long-lived server→client features (notifications, SSE streams across requests) are not available.
Running
Via npx (no clone needed)
The easiest way to use the server locally — npx downloads and builds it on first run:
SYSDIG_SECURE_API_TOKEN=<your-token> \
SYSDIG_SECURE_URL=https://us2.app.sysdig.com \
npx -y @sysdig/secure-mcp-serverFrom source
npm install
npm run buildstdio:
SYSDIG_SECURE_API_TOKEN=<your-token> \
SYSDIG_SECURE_URL=https://us2.app.sysdig.com \
node dist/index.jsHTTP:
SYSDIG_MCP_TRANSPORT=http SYSDIG_MCP_PORT=8808 node dist/index.jsHealth check: GET /health · MCP endpoint: POST /mcp
Claude Code Configuration
One-liner via claude mcp add (stdio)
claude mcp add secure-mcp-server \
--transport stdio \
--env SYSDIG_SECURE_API_TOKEN=<your-token> \
--env SYSDIG_SECURE_URL=https://us2.app.sysdig.com \
-- npx -y @sysdig/secure-mcp-serverPin a tag/branch with @sysdig/secure-mcp-server#<ref>.
stdio via npx (manual .mcp.json)
{
"mcpServers": {
"secure-mcp-server": {
"command": "npx",
"args": ["@sysdig/secure-mcp-server"],
"env": {
"SYSDIG_SECURE_API_TOKEN": "${SYSDIG_SECURE_API_TOKEN}",
"SYSDIG_SECURE_URL": "${SYSDIG_SECURE_URL}"
}
}
}
}stdio from local clone
{
"mcpServers": {
"secure-mcp-server": {
"command": "node",
"args": ["/path/to/secure-mcp-server/dist/index.js"],
"env": {
"SYSDIG_SECURE_API_TOKEN": "${SYSDIG_SECURE_API_TOKEN}",
"SYSDIG_SECURE_URL": "${SYSDIG_SECURE_URL}"
}
}
}
}HTTP (hosted instance)
{
"mcpServers": {
"secure-mcp-server": {
"type": "http",
"url": "http://<host>:8808/mcp",
"headers": {
"Authorization": "Bearer ${SYSDIG_SECURE_API_TOKEN}",
"X-Sysdig-Host": "${SYSDIG_SECURE_URL}"
}
}
}
}X-Sysdig-Host is optional — omit it if the server is already configured for a single Sysdig region via SYSDIG_MCP_API_HOST / SYSDIG_SECURE_URL. Set it when one MCP deployment needs to proxy clients targeting different Sysdig regions.
Environment Variables
| Variable | Required | Default | Description |
|----------|----------|---------|-------------|
| SYSDIG_SECURE_API_TOKEN | Yes (stdio)¹ | — | Sysdig API token (standard generic name, shared with the Sysdig CLI / Terraform provider) |
| SYSDIG_SECURE_URL | No | https://app.sysdigcloud.com | Sysdig instance URL (standard generic name) |
| SYSDIG_MCP_API_TOKEN | No | — | MCP-specific override for the API token. Wins over SYSDIG_SECURE_API_TOKEN when both are set |
| SYSDIG_MCP_API_HOST | No | — | MCP-specific override for the instance URL. Wins over SYSDIG_SECURE_URL when both are set |
| SYSDIG_MCP_TRANSPORT | No | stdio | Transport mode: stdio or http |
| SYSDIG_MCP_PORT | No | 8808 | HTTP listen port (HTTP mode only) |
| SYSDIG_MCP_STATELESS | No | false | When true/1/yes, HTTP mode creates a fresh McpServer per request instead of tracking sessions (HTTP mode only) |
| SYSDIG_MCP_BASE_PATH | No | — | Base path prefix when mounting the HTTP server behind a reverse proxy |
| SYSDIG_AUTH_SERVER | No | http://localhost:9000 | OAuth2 authorization server URL (HTTP mode only) |
¹ Either SYSDIG_SECURE_API_TOKEN or SYSDIG_MCP_API_TOKEN must be set in stdio mode. The same applies to the host: either SYSDIG_SECURE_URL or SYSDIG_MCP_API_HOST.
