Purple AI Server

БесплатноHosted

Enables read-only access to SentinelOne's platform through MCP, allowing security investigations, threat hunting, and asset inventory queries via natural langua

автор: wojtekkura

GitHub

Описание

Enables read-only access to SentinelOne's platform through MCP, allowing security investigations, threat hunting, and asset inventory queries via natural language.

README

Fork of Sentinel-One/purple-mcp with added support for storing the API token in the OS credential store (Windows Credential Manager) instead of plaintext configuration files.

What is Purple AI MCP?

Purple AI MCP is a Model Context Protocol server that connects AI clients (Claude Desktop, Cursor, etc.) to SentinelOne's security platform. It gives AI assistants direct access to:

Purple AI — natural language queries against your security data
Singularity Data Lake — run and retrieve SDL queries
Alerts — list, search, and inspect security alerts
Vulnerabilities — query vulnerability findings
Misconfigurations — review cloud and Kubernetes misconfigurations
Asset Inventory — search and explore your asset inventory

Purple AI MCP is read-only — it cannot make changes to your SentinelOne account.

Quick Start

Install uv

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

Requirements

uv installed
A SentinelOne Console API token with Account or Site level permissions (not Global)
Your SentinelOne console base URL (e.g. https://usea1-008.sentinelone.net)

1. Store your token in Windows Credential Manager

Run this once in PowerShell:

cmdkey /generic:"purple-mcp" /user:"PURPLEMCP_CONSOLE_TOKEN" /pass:"your-token-here"

To verify:

cmdkey /list:"purple-mcp"

To remove:

cmdkey /delete:"purple-mcp"

2. Configure Claude Desktop

Edit %APPDATA%\Claude\claude_desktop_config.json:

{
  "mcpServers": {
    "purple-mcp": {
      "command": "uvx",
      "args": [
        "--from",
        "purple-mcp @ https://github.com/wojtekkura/purple-mcp/archive/refs/heads/main.tar.gz",
        "purple-mcp",
        "--mode",
        "stdio"
      ],
      "env": {
        "PURPLEMCP_CONSOLE_BASE_URL": "https://your-console.sentinelone.net"
      }
    }
  }
}

Replace https://your-console.sentinelone.net with your actual console URL. The token is read automatically from Windows Credential Manager at startup — no token in the config file.

Restart Claude Desktop after saving the file.

License

MIT — see LICENSE

Как установить

Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.

{
  "mcpServers": {
    "purple-ai-mcp-server": {
      "command": "npx",
      "args": []
    }
  }
}

Purple AI Server

Описание

README

What is Purple AI MCP?

Quick Start

Install uv

Requirements

1. Store your token in Windows Credential Manager

2. Configure Claude Desktop

License

Как установить

Похожие MCP

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant

Command Palette

Purple AI Server

Описание

README

What is Purple AI MCP?

Quick Start

Install uv

Requirements

1. Store your token in Windows Credential Manager

2. Configure Claude Desktop

License

Как установить

Похожие MCP

Fetch

AWS KB Retrieval

Spring AI MCP Server

llm-analysis-assistant