Get the FREE Ultimate OpenClaw Setup Guide →

AI-SOC-Agent

Blackhat 2025 presentation and codebase: AI SOC agent & MCP server for automated security investigation, alert triage, and incident response. Integrates with ELK, IRIS, and other platforms.

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio m507-ai-soc-agent python -m src.mcp.mcp_server

How to use

SamiGPT acts as an MCP server that exposes security investigation and response capabilities as tools for AI agents, LLM tools, and automated workflows. It connects to various security tooling like case management systems (TheHive, IRIS), SIEMs (Elastic), EDR platforms, and threat intelligence sources, enabling automated triage, investigation, and enrichment via the Model Context Protocol. You can run SamiGPT in two modes: as an MCP Server that directly serves MCP-compliant tools, or in conjunction with the AI Controller web interface that uses the cursor-agent binary for command execution. To use the MCP server, configure your MCP-enabled tool to point at the SamiGPT server (e.g., the Python module path when running locally). When connected, you can issue MCP-enabled commands to create and manage cases, fetch SIEM events, enrich indicators with CTI data, and orchestrate multi-step workflows across SOC tiers.

How to install

Prerequisites:

  • Python 3.9 or higher
  • pip (comes with Python)
  • Optional: virtual environment support (venv) for isolation

Setup steps:

  1. Clone the repository:
git clone <repository-url>
cd SamiGPT
  1. Create and activate a virtual environment:
python3 -m venv venv
# macOS/Linux
source venv/bin/activate
# Windows
venv\Scripts\activate
  1. Install dependencies:
pip install --upgrade pip
pip install -r requirements.txt
  1. Run the MCP server:
python -m src.mcp.mcp_server
  1. (Optional) Verify the server is listening and accessible from MCP clients and the web UI if configured.

Configure integrations in config.json or via the web UI as needed.

Additional notes

Tips and common considerations:

  • The MCP server supports connecting to multiple tools (TheHive, IRIS, Elastic, OpenCTI, Claude Desktop, Cursor, etc.). Ensure proper network access and credentials are configured for each integration.
  • If you plan to use the Cursor-based workflow, you may reference the example MCP configuration for Cursor, including cwd and Python module invocation.
  • When running in production, consider containerizing the server or deploying with a process manager to manage restarts and logs.
  • Keep dependencies up to date and monitor the MCP endpoints for changes in vendor APIs.
  • Ensure it is running in a secure environment and limit exposed endpoints to trusted clients only.

Related MCP Servers

activepieces

21.0k

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

google_ads_mcp

115

The Google Ads MCP Server is an implementation of the Model Context Protocol (MCP) that enables Large Language Models (LLMs), such as Gemini, to interact directly with the Google Ads API.

mcp -js

41

MCP server that exposes YepCode processes as callable tools for AI platforms. Securely connect AI assistants to your YepCode workflows, APIs, and automations.

akyn-sdk

12

Turn any data source into an MCP server in 5 minutes. Build AI-agents-ready knowledge bases.

alris

12

Alris is an AI automation tool that transforms natural language commands into task execution.

ultrasync

7

MCP server from darvid/ultrasync

Sponsor this space

Reach thousands of developers