loading…
Spring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
автор: Community
0.00
Search for a command to run...
loading…
An MCP server that provides Sigma rule validation and configuration capabilities for AI assistants. It enables users to validate Sigma detection rules against v
An MCP server that provides Sigma rule validation and configuration capabilities for AI assistants. It enables users to validate Sigma detection rules against various validators and manage validator configurations through MCP tools and resources.
An MCP server that exposes pySigma functionality to AI assistants and other MCP clients.
| Capability | Details |
|---|---|
Tool validate_rule |
Validate a Sigma rule (YAML) against all configured validators |
Tool configure_validators |
Persist a custom validator allow-list / exclusion-list for the current MCP session |
Resource sigma://validators |
JSON dict of available validator identifiers → descriptions |
Resource sigma://modifiers |
JSON list of available Sigma value modifier names |
git clone <repo-url>
cd sigma-mcp-server
poetry install
poetry run sigma-mcp-server
# or, after installation:
sigma-mcp-server
The server listens on stdio by default (standard MCP transport).
Add the following entry to your MCP client configuration (e.g.
~/.config/claude/claude_desktop_config.json):
{
"mcpServers": {
"sigma": {
"command": "sigma-mcp-server"
}
}
}
Adjust the command path to the installed binary if it is not on PATH.
validate_ruleValidate a single Sigma rule.
Arguments
| Name | Type | Description |
|---|---|---|
rule_yaml |
string |
Complete Sigma rule in YAML format |
Returns
A JSON array of validation issue objects. Each object contains:
| Key | Type | Description |
|---|---|---|
validator |
string |
Validator identifier that produced the issue |
type |
string |
Issue class name (e.g. IdentifierExistenceIssue) |
severity |
string |
low, medium, or high |
description |
string |
Human-readable description of the issue class |
rules |
array[string] |
Rule IDs / titles affected by the issue |
Additional subclass-specific fields (e.g. identifier) may also be present.
An empty array means the rule passed all active validators.
configure_validatorsPersist a custom validator configuration for the current MCP session.
All subsequent validate_rule calls within the same session will use this
configuration.
Arguments
| Name | Type | Default | Description |
|---|---|---|---|
validator_names |
array[string] | null |
null |
Explicit allow-list of validator identifiers. null = use all. |
exclusions |
array[string] | null |
null (= []) |
Validator identifiers to exclude after the allow-list is applied. |
Returns
On success: {"validator_names": ..., "exclusions": [...]} confirming the stored config.
On error: {"error": "<description>"} when an unknown identifier is supplied.
Example – exclude a single validator:
{"exclusions": ["identifier_existence"]}
Example – use only two validators:
{"validator_names": ["identifier_existence", "identifier_uniqueness"]}
sigma://validatorsReturns a JSON object mapping validator identifier strings to their
human-readable descriptions. Validator identifiers are used with
configure_validators.
Example response (truncated):
{
"identifier_existence": "Checks if rule has identifier.",
"identifier_uniqueness": "Check rule UUID uniqueness.",
...
}
sigma://modifiersReturns a sorted JSON array of Sigma value modifier names that can be used in
detection conditions (e.g. contains, startswith, re, base64).
# Install dev dependencies
poetry install
# Run tests
poetry run pytest
# Run tests with coverage report
poetry run pytest --cov=sigma/mcp --cov-report=term-missing
# Type checking
poetry run mypy sigma/mcp/ tests/
# Code formatting
poetry run black sigma/ tests/ conftest.py
Test coverage must remain ≥ 95 %. All code must pass mypy --strict and be
formatted with black in its default configuration.
MIT
Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.
{
"mcpServers": {
"sigma-mcp-server": {
"command": "npx",
"args": []
}
}
}