Lumu Server
БесплатноНе проверенAn MCP server that integrates Claude Desktop with the Lumu Defender API for AI-powered security incident analysis and management.
Описание
An MCP server that integrates Claude Desktop with the Lumu Defender API for AI-powered security incident analysis and management.
README
Supercharge Claude Desktop with Lumu Defender security incident analysis
An MCP (Model Context Protocol) server that seamlessly integrates Claude Desktop with the Lumu Defender API, enabling AI-powered security incident analysis and management.
PyPI version Python 3.10+ License: MIT
✨ Features
- 🔍 Incident Retrieval: Get security incidents with advanced filtering
- 🎯 Smart Analysis: AI-powered incident analysis through Claude
- 📊 Full Management: Mark as read, mute, unmute, and close incidents
- 🖥️ Endpoint Insights: Analyze affected endpoints and network contacts
- 📈 Real-time Monitoring: Track incident updates and activity
- 🔐 Secure Integration: Environment-based API key management
- ⚡ Easy Setup: One-command installation with pip
🚀 Quick Start
1. Install
pip install lumu-mcp-server
2. Configure Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"lumu-mcp-server": {
"command": "lumu-mcp-server",
"env": {
"LUMU_DEFENDER_API_KEY": "your-api-key-here"
}
}
}
}
3. Start Using
Ask Claude: "Get security incidents from Lumu Defender"
💡 Need help finding your config file? See Configuration Locations below.
🔧 Configuration
Get Your Lumu Defender API Key
- Log in to your Lumu Defender account
- Navigate to Settings → API Keys
- Generate or copy your API key
Configuration File Locations
- 🍎 macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - 🪟 Windows:
%APPDATA%\Claude\claude_desktop_config.json - 🐧 Linux:
~/.config/Claude/claude_desktop_config.json
Configuration Options
Standard Configuration (Recommended)
{
"mcpServers": {
"lumu-mcp-server": {
"command": "lumu-mcp-server",
"env": {
"LUMU_DEFENDER_API_KEY": "your-api-key-here"
}
}
}
}
Alternative Configuration
If the command isn't found, use the Python module directly:
{
"mcpServers": {
"lumu-mcp-server": {
"command": "python",
"args": ["-m", "lumu_mcp_server.server"],
"env": {
"LUMU_DEFENDER_API_KEY": "your-api-key-here"
}
}
}
}
Activate the Integration
- Restart Claude Desktop completely
- Look for the 🔌 MCP icon in Claude Desktop
- Test with: "Check the health of the lumu-mcp-server"
💬 Usage Examples
Once configured, you can interact with Lumu Defender through natural language:
🩺 Health & Status
- "Check the health of the lumu-mcp-server"
- "Is the Lumu integration working?"
🔍 Incident Discovery
- "Get security incidents from Lumu Defender"
- "Show me open security incidents from the last 30 days"
- "Find all C2C and Malware incidents"
- "Get incidents with status 'open' or 'muted'"
📋 Incident Analysis
- "Get details for incident [UUID]"
- "Show me the full information about incident abc-123-def"
- "Get the context for incident [UUID]"
- "Show me related incidents and affected assets"
📝 Incident Management
- "Add a comment to incident [UUID]: 'Investigating with network team'"
- "Mark incident [UUID] as read"
- "Mute incident [UUID] with comment 'False positive'"
- "Close incident [UUID] with comment 'Threat resolved'"
🖥️ Network Analysis
- "Get endpoints for incident [UUID]"
- "Show me which endpoints were affected by this incident"
- "Analyze the network impact of incident abc-123-def"
📊 Real-time Monitoring
- "Get incident updates from the last 10 minutes"
- "Show me what happened in the last hour with incidents"
- "Check for recent incident activity"
🔄 Advanced Workflows
- "Get all open Malware incidents, then show details for the most recent one"
- "Find critical incidents that are still open and summarize their impact"
- "List all muted C2C incidents and help me decide which to unmute"
- "Get incident endpoints and mark the incident as read when done"
Available Tools
1. health_check
Returns the server status and API key configuration status.
2. get_incidents
Retrieves security incidents with optional filters and pagination support.
Parameters:
from_date(optional): Start date in ISO format (default: 7 days ago). Max range: 90 days unlessfetch_allis true.to_date(optional): End date in ISO format (default: now)status(optional): Array of statuses ["open", "muted", "closed"]adversary_types(optional): Array of types ["C2C", "Malware", "DGA", "Mining", "Spam", "Phishing"]labels(optional): Array of label IDspage(optional): Page number for pagination (0-indexed, default: 0)limit(optional): Number of items per page (default: 50, max: 100)fetch_all(optional): If true, automatically fetches ALL incidents with pagination. Handles large date ranges by chunking.
Examples:
# Get incidents with pagination
"Get page 2 of incidents with 20 items per page"
# Get ALL incidents for a date range
"Get all incidents from May 1-31, 2026 with fetch_all=true"
# Get all malware incidents
"Get all Malware incidents with fetch_all=true"
3. get_incident_details
Get detailed information about a specific security incident.
Parameters:
incident_id(required): The UUID of the incident
Returns: Detailed incident information including status, IOCs, recommended actions, and more.
4. get_incident_context
Get context information for a specific security incident.
Parameters:
incident_id(required): The UUID of the incidenthash_type(optional): Hash type for filtering context
Returns: Context including related incidents, affected assets, threat intelligence, and timeline.
5. comment_incident
Add a comment to a specific security incident.
Parameters:
incident_id(required): The UUID of the incidentcomment(required): The comment text to add
Returns: Confirmation of the comment being added.
6. get_open_incidents
Retrieve only open security incidents.
Parameters:
adversary_types(optional): Array of types ["C2C", "Malware", "DGA", "Mining", "Spam", "Phishing"]labels(optional): Array of label IDs
Returns: List of open incidents with filtering options.
7. get_muted_incidents
Retrieve only muted security incidents.
Parameters:
adversary_types(optional): Array of types ["C2C", "Malware", "DGA", "Mining", "Spam", "Phishing"]labels(optional): Array of label IDs
Returns: List of muted incidents with filtering options.
8. get_closed_incidents
Retrieve only closed security incidents.
Parameters:
adversary_types(optional): Array of types ["C2C", "Malware", "DGA", "Mining", "Spam", "Phishing"]labels(optional): Array of label IDs
Returns: List of closed incidents with filtering options.
9. get_incident_endpoints
Retrieve endpoints and contacts for a specific security incident.
Parameters:
incident_id(required): The UUID of the incidentendpoints(optional): Filter by specific endpoint IPs or nameslabels(optional): Array of label IDs
Returns: Detailed endpoint and contact information for the incident.
10. mark_incident_as_read
Mark a security incident as read.
Parameters:
incident_id(required): The UUID of the incident to mark as read
Returns: Confirmation that the incident was marked as read.
11. mute_incident
Mute a security incident.
Parameters:
incident_id(required): The UUID of the incident to mutecomment(optional): Comment explaining why the incident was muted
Returns: Confirmation that the incident was muted.
12. unmute_incident
Unmute a security incident.
Parameters:
incident_id(required): The UUID of the incident to unmutecomment(optional): Comment explaining why the incident was unmuted
Returns: Confirmation that the incident was unmuted.
13. get_incident_updates
Get real-time updates on incident operations (alternative to WebSocket).
Parameters:
offset(optional): Starting offset for pagination (default: 0)items(optional): Number of items to return, 1-100 (default: 50)time(optional): Time window in minutes for updates (default: 5)
Returns: List of incident updates with timestamps in UTC (RFC 3339/ISO 8601 format).
14. close_incident
Close a security incident.
Parameters:
incident_id(required): The UUID of the incident to closecomment(optional): Comment explaining why the incident was closed
Returns: Confirmation that the incident was closed.
🔧 Troubleshooting
Server Not Appearing in Claude Desktop
- Check Claude Desktop logs: Help → Show Logs
- Verify installation:
pip list | grep lumu-mcp-server - Test command: Run
lumu-mcp-server --helpin terminal - Restart Claude Desktop completely
API Key Issues
- ✅ Ensure API key is correctly set in
claude_desktop_config.json - ✅ Verify API key is valid in Lumu Defender portal
- ✅ Check Claude Desktop logs for authentication errors
- ✅ Test with: "Check the health of the lumu-mcp-server"
No Incidents Returned
- 📅 Date Range: Try broader date ranges (e.g., last 30 days)
- 🔍 Filters: Remove status/type filters to see all incidents
- 🔑 Permissions: Ensure API key has proper incident access
- 💡 Tip: Ask Claude "Get incidents from the last 30 days"
Connection Issues
- 🌐 Network: Verify internet connection to
defender.lumu.io - 🔒 Firewall: Ensure HTTPS traffic is allowed
- 🚀 Proxy: Configure proxy settings if needed
Need More Help?
- 📖 Check QUICK_START.md for simplified setup
- 🐛 Report issues on GitHub
- 💬 Ask questions in discussions
🔒 Security & Privacy
- 🔐 API keys stored in environment variables, never in code
- 🌐 HTTPS encryption for all API communications
- 🚫 No data storage - all data fetched in real-time from Lumu
- 🛡️ Error sanitization prevents sensitive information leakage
- 📝 Audit trail through Lumu Defender's native logging
🤝 Contributing
We welcome contributions! Please see our contribution guidelines:
Quick Development Setup
git clone https://github.com/jpyoda/lumu-mcp.git
cd lumu-mcp-server
python -m venv venv
source venv/bin/activate # Windows: venv\Scripts\activate
pip install -e .
Adding New Features
- API Methods: Add to
lumu_mcp_server/lumu_client.py - Tool Registration: Update
handle_list_tools()inserver.py - Handler Implementation: Add to
handle_call_tool()inserver.py - Testing: Ensure functionality works with real API
📄 License
MIT License - see LICENSE file for details.
🆘 Support
Get Help
- 🚀 Quick Setup: QUICK_START.md
- 🐛 Bug Reports: GitHub Issues
- 💬 Questions: GitHub Discussions
- 📧 Lumu API Issues: Contact Lumu Support
Project Stats
Built with ❤️ for the cybersecurity community
Enhance your security operations with AI-powered incident analysis
Установка Lumu Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/lumutech/lumu-mcpFAQ
Lumu Server MCP бесплатный?
Да, Lumu Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Lumu Server?
Нет, Lumu Server работает без API-ключей и переменных окружения.
Lumu Server — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Lumu Server в Claude Desktop, Claude Code или Cursor?
Открой Lumu Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Lumu Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
