eset-protect-mcp
v1.3.2
Published
Model Context Protocol (MCP) server for ESET PROTECT (On-Prem & Cloud) — manage devices, policies, detections, incidents, quarantine, and more via ESET REST API and ESET Connect
Maintainers
fenrindaleReadme
ESET PROTECT MCP Server
A Model Context Protocol (MCP) server for ESET PROTECT — supports both On-Prem and Cloud (ESET Connect).
Manage devices, policies, detections, incidents, quarantine, executables, installers, EDR rules, automation tasks, and more through natural language with GitHub Copilot, Claude Desktop, or any MCP client.
npx -y eset-protect-mcpFeatures
Shared Tools (On-Prem + Cloud) — 16 tools
| Category | Tools |
|---|---|
| Devices | list_devices, get_device, batch_get_devices, move_device, rename_device |
| Device Groups | list_device_groups, list_devices_in_group |
| Policies | list_policies, get_policy, create_policy, delete_policy |
| Policy Assignments | list_policy_assignments, get_policy_assignment, assign_policy, unassign_policy, update_policy_assignment_ranking |
Cloud-Only Tools (ESET Connect) — 59 additional tools
| Category | Tools |
|---|---|
| Devices (extra) | batch_import_devices |
| Asset Management | create_group, delete_group, move_group, rename_group |
| Automation | list_device_tasks, create_device_task, get_device_task, delete_device_task, list_device_task_runs, update_device_task_targets, update_device_task_triggers |
| Identity | list_permissions, list_role_assignments, assign_role, revoke_role, create_role, delete_role |
| Detections | list_detections, list_detections_v2, get_detection, resolve_detection, batch_get_detections |
| Detection Groups | list_detection_groups, get_detection_group, resolve_detection_group, search_detection_groups |
| EDR Rules | list_edr_rules, create_edr_rule, get_edr_rule, delete_edr_rule, enable_edr_rule, disable_edr_rule, update_edr_rule_definition |
| EDR Rule Exclusions | list_edr_rule_exclusions, create_edr_rule_exclusion, get_edr_rule_exclusion, delete_edr_rule_exclusion, update_edr_rule_exclusion_definition |
| Incidents | list_incidents, get_incident, close_incident, reopen_incident, update_incident_attributes |
| Incident Comments | list_incident_comments, create_incident_comment, get_incident_comment, delete_incident_comment, update_incident_comment_text |
| Executables | list_executables, get_executable, block_executable, unblock_executable |
| Quarantine | list_quarantined_objects, get_quarantined_object, get_quarantine_count, batch_delete_quarantined_objects, batch_download_quarantined_objects, batch_restore_quarantined_objects, download_quarantined_object, purge_quarantined_objects, restore_quarantined_object |
| Installers | list_installers, get_installer, create_installer, delete_installer, generate_gpo_sccm_file |
| Mobile Devices | batch_activate_mobile_product, batch_get_enrollment_links |
| Network Access | list_ip_sets, get_ip_set, update_ip_set |
| Users | list_users, get_user, batch_get_users |
| Web Access | list_web_address_rules, update_web_address_rule_domains |
Prerequisites
- Node.js >= 18.0.0
- On-Prem: ESET PROTECT On-Prem 13.0+ with REST API enabled
- Cloud: ESET Business Account / ESET PROTECT Hub with API user (Integrations enabled)
Installation
From npm
npm install -g eset-protect-mcpFrom GitHub
git clone https://github.com/Fenrindale/eset-protect-mcp.git
cd eset-protect-mcp
npm install
npm run buildConfiguration
Environment Variables
| Variable | Required | Description |
|---|---|---|
| ESET_MODE | No | onprem (default) or cloud |
| ESET_USERNAME | Yes | API username / email |
| ESET_PASSWORD | Yes | API password |
| ESET_SERVER_URL | On-Prem only | Server URL (e.g., https://protect-server:9443) |
| ESET_VERIFY_SSL | On-Prem only | false to allow self-signed certs (default: true) |
| ESET_REGION | Cloud only | eu, de, us, jpn, or ca |
Usage with MCP Clients
VS Code / GitHub Copilot — On-Prem
{
"mcp": {
"servers": {
"eset-protect": {
"command": "npx",
"args": ["-y", "eset-protect-mcp"],
"env": {
"ESET_MODE": "onprem",
"ESET_SERVER_URL": "https://your-protect-server:9443",
"ESET_USERNAME": "your-api-user",
"ESET_PASSWORD": "your-api-password",
"ESET_VERIFY_SSL": "false"
}
}
}
}
}VS Code / GitHub Copilot — Cloud
{
"mcp": {
"servers": {
"eset-protect": {
"command": "npx",
"args": ["-y", "eset-protect-mcp"],
"env": {
"ESET_MODE": "cloud",
"ESET_REGION": "eu",
"ESET_USERNAME": "[email protected]",
"ESET_PASSWORD": "your-api-password"
}
}
}
}
}Claude Desktop — On-Prem
{
"mcpServers": {
"eset-protect": {
"command": "npx",
"args": ["-y", "eset-protect-mcp"],
"env": {
"ESET_MODE": "onprem",
"ESET_SERVER_URL": "https://your-protect-server:9443",
"ESET_USERNAME": "your-api-user",
"ESET_PASSWORD": "your-api-password",
"ESET_VERIFY_SSL": "false"
}
}
}
}Claude Desktop — Cloud
{
"mcpServers": {
"eset-protect": {
"command": "npx",
"args": ["-y", "eset-protect-mcp"],
"env": {
"ESET_MODE": "cloud",
"ESET_REGION": "us",
"ESET_USERNAME": "[email protected]",
"ESET_PASSWORD": "your-api-password"
}
}
}
}ESET PROTECT API Setup
On-Prem
- Enable the REST API in More > Settings on your ESET PROTECT Web Console
- Open API ports in your firewall (default: 9443)
- Create an API user with appropriate permission sets
Note: The Administrator account cannot use the API.
Docs: ESET PROTECT On-Prem REST API
Cloud (ESET Connect)
- Log in to ESET Business Account / ESET PROTECT Hub as Superuser
- Create an API user with Integrations enabled under Access Rights
- The user must complete account setup via invitation email
- Use the correct region (
eu,de,us,jpn,ca) matching your ESET PROTECT server location
Docs: ESET Connect
Cloud Regions & Domains
| Region | Auth Domain |
|---|---|
| EU | eu.business-account.iam.eset.systems |
| Germany | de.business-account.iam.eset.systems |
| USA | us.business-account.iam.eset.systems |
| Japan | jpn.business-account.iam.eset.systems |
| Canada | ca.business-account.iam.eset.systems |
Development
git clone https://github.com/Fenrindale/eset-protect-mcp.git
cd eset-protect-mcp
npm install
npm run build
npm startLicense
MIT — see LICENSE for details.