GitHunt
AK

akramIOT/MCP_AI_SOC_Sher

AI SOC Security Threat analysis using MCP Server

ai-socmcp-securitymcp-server

MCP AI SOC Sher

A powerful AI-driven Security Operations Center (SOC) Text2SQL framework based MCP Server (Local and Remote) for converting natural language Prompts to SQL queries dynamically, with integrated security threat analysis and monitoring.

Features

  • Text2SQL Conversion: Convert natural language queries to optimized SQL
  • Multiple Interfaces: Support for STDIO, SSE, and REST API
  • Security Threat Analysis: Built-in SQL query security analysis
  • Multiple Database Support: Connect to SQLite or Snowflake databases
  • Streaming Responses: Real-time query processing feedback
  • SOC Monitoring: Security Operations Center monitoring capabilities

Installation

pip install mcp-ai-soc-sher

Quick Start

# Set your OpenAI API key
import os
os.environ["OPENAI_API_KEY"] = "your-api-key-here"

# Use as local server
from mcp_ai_soc_sher.local import LocalMCPServer

server = LocalMCPServer()
server.start()

# Or run from command line
# mcp-ai-soc --type local --stdio --sse

Command Line Usage

# Run local server with STDIO interface
mcp-ai-soc --type local --stdio

# Run local server with SSE interface
mcp-ai-soc --type local --sse

# Run remote server with REST API
mcp-ai-soc --type remote

Configuration

Create a .env file with your configuration:

OPENAI_API_KEY=your_openai_api_key_here
MCP_DB_URI=sqlite:///your_database.db
MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true

See the documentation for all configuration options.

Example

import json
import requests

# Query the server
response = requests.post(
    "http://localhost:8000/api/sql",
    headers={"Content-Type": "application/json", "X-API-Key": "your-api-key"},
    json={
        "query": "Find all suspicious login attempts in the last 24 hours",
        "optimize": True,
        "execute": True
    }
)

# Process the response
result = response.json()
print(f"SQL Query: {result['sql']}")
if result['results']:
    print("Results:")
    for row in result['results']:
        print(row)

Security Features

  • Rule-based and AI-powered SQL query security analysis
  • Detection of potential SQL injection attacks
  • Sensitive table access monitoring
  • Configurable security levels and actions

License

MIT License with Additional Conditions. Copyright (c) 2025 Akram Sheriff.

See LICENSE for details.

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

Languages

Python98.6%Shell1.4%

Contributors

AK

Latest Release

ReleaseApril 30, 2025
Other
Created April 30, 2025
Updated January 23, 2026