Sentinelone
FreeNot checkedMultitenant Streamable HTTP wrapper for SentinelOne's purple-mcp. Enables MSPs to expose SentinelOne threat detection and response capabilities to AI assistants
About
Multitenant Streamable HTTP wrapper for SentinelOne's purple-mcp. Enables MSPs to expose SentinelOne threat detection and response capabilities to AI assistants across multiple tenants.
README
Multitenant Streamable HTTP wrapper for sentinel-one/purple-mcp, built so the wyre-technology MCP gateway can forward per-tenant SentinelOne credentials as HTTP headers.
Why
purple-mcp is a great first-party MCP server, but it reads its SentinelOne console token + URL from environment variables at process startup, which makes it single-tenant per container. Our gateway is multi-tenant: every request carries the calling org's credentials as HTTP headers, and the vendor container has to translate those headers into something the upstream understands.
This image bundles purple-mcp plus a small Node/Fastify proxy. The proxy:
- Listens on
:8080withPOST /mcpandGET /health. - Reads
x-purplemcp-tokenandx-purplemcp-base-urlfrom each incoming request. - Lazily spawns one
purple-mcp --mode streamable-httpchild per(token, base-url)tenant on a private loopback port, with the right env vars set. - Proxies the request body to that child and streams the response back.
- Evicts idle children after 60 minutes (
IDLE_EVICT_MS).
The result is a single container that the gateway can talk to like any other vendor MCP server.
Configuration
| Env var | Default | Notes |
|---|---|---|
PORT |
8080 |
Public listen port. |
PURPLE_MCP_DIR |
/opt/purple-mcp |
Where purple-mcp source + venv live. |
PURPLE_MCP_PYTHON |
/opt/purple-mcp/.venv/bin/python |
Python interpreter from the upstream venv. |
IDLE_EVICT_MS |
3600000 |
Idle tenant timeout (60 min). Longer keeps children warm and avoids repeated cold starts. |
SPAWN_READY_TIMEOUT_MS |
30000 |
How long to wait for a child to start serving HTTP. |
LOG_LEVEL |
info |
Fastify log level. |
Request headers
The gateway must forward these headers on every /mcp request:
| Header | SentinelOne credential |
|---|---|
x-purplemcp-token |
PURPLEMCP_CONSOLE_TOKEN (Account- or Site-level service user token) |
x-purplemcp-base-url |
PURPLEMCP_CONSOLE_BASE_URL (e.g. https://yourtenant.sentinelone.net) |
Build
docker build -t ghcr.io/wyre-technology/sentinelone-mcp:latest .
License
Apache-2.0. The bundled purple-mcp is MIT-licensed by SentinelOne.
Installing Sentinelone
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/wyre-technology/sentinelone-mcpFAQ
Is Sentinelone MCP free?
Yes, Sentinelone MCP is free — one-click install via Unyly at no cost.
Does Sentinelone need an API key?
No, Sentinelone runs without API keys or environment variables.
Is Sentinelone hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Sentinelone in Claude Desktop, Claude Code or Cursor?
Open Sentinelone on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
by modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
by xuzexin-hzCompare Sentinelone with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All ai MCPs
