MCP_AI_SOC_Sher

MCP_AI_SOC_Sher is a Python-based MCP server that provides an AI-driven Security Operations Center (SOC) interface for converting natural language prompts into SQL queries with built-in security analysis. It supports multiple interfaces, including STDIO, SSE, and REST API, allowing you to interact with the server programmatically, via streaming responses, or through HTTP endpoints. The server can connect to SQLite (local file-based) or Snowflake databases, enabling secure query execution and real-time threat monitoring. Use it to translate conversational prompts into optimized SQL, while leveraging rule-based and AI-powered security checks to detect potential SQL injection and sensitive data access patterns. You can run the server locally with a CLI or embed it in your Python application using the LocalMCPServer class.

Prerequisites:

• Python 3.8+ (recommended 3.9+)
• Internet access to install dependencies

1. Create and activate a virtual environment (recommended): python -m venv venv source venv/bin/activate # on Unix/macOS .\venv\Scripts\activate # on Windows

2. Install the MCP server package: pip install mcp-ai-soc-sher

3. Prepare environment variables (example):

   • OPENAI_API_KEY=your_openai_api_key
   • MCP_DB_URI=sqlite:///your_database.db
   • MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true

4. Run the server (CLI or module):

   • CLI (example): mcp-ai-soc --type local --stdio Note: This requires the package’s console script to be available in PATH.
   • Module (recommended for embedding): python -m mcp_ai_soc_sher

5. Optional: run a quick local test after startup by sending a REST or SSE request to verify responses.

Tips and common considerations:

• Ensure OPENAI_API_KEY is set in the environment or provided via code before starting the server.
• If using MCP_DB_URI, ensure the target database is accessible from the host where the server runs. For SQLite, a local file path is typically sufficient.
• Security: Enable threat analysis to catch potential SQL injection or sensitive data access patterns. Adjust MCP_SECURITY_ENABLE_THREAT_ANALYSIS as needed for your environment.
• Interfaces: STDIO is useful for local development and scripting, SSE supports streaming results, and REST API enables integration with frontends and other services.
• Documentation: Refer to docs/configuration.md (as mentioned in the README) for full configuration options and advanced usage.
• If you encounter port or binding issues when using REST API, check for conflicting services and verify server startup logs for the listening address.