MCP_AI_SOC_Sher

MCP_AI_SOC_Sher

0
securitydatabases

MCP AI SOC Sher is an AI-driven Security Operations Center framework that converts natural language prompts into SQL queries dynamically while integrating security threat analysis and monitoring. It supports multiple interfaces and databases, providing security-focused query and operations management.

MCP AI SOC Sher

A powerful AI-driven Security Operations Center (SOC) Text2SQL framework based MCP Server (Local and Remote) for converting natural language Prompts to SQL queries dynamically, with integrated security threat analysis and monitoring.

Features

  • Text2SQL Conversion: Convert natural language queries to optimized SQL
  • Multiple Interfaces: Support for STDIO, SSE, and REST API
  • Security Threat Analysis: Built-in SQL query security analysis
  • Multiple Database Support: Connect to SQLite or Snowflake databases
  • Streaming Responses: Real-time query processing feedback
  • SOC Monitoring: Security Operations Center monitoring capabilities

Installation

pip install mcp-ai-soc-sher

Quick Start

# Set your OpenAI API key
import os
os.environ["OPENAI_API_KEY"] = "your-api-key-here"

# Use as local server
from mcp_ai_soc_sher.local import LocalMCPServer

server = LocalMCPServer()
server.start()

# Or run from command line
# mcp-ai-soc --type local --stdio --sse

Command Line Usage

# Run local server with STDIO interface
mcp-ai-soc --type local --stdio

# Run local server with SSE interface
mcp-ai-soc --type local --sse

# Run remote server with REST API
mcp-ai-soc --type remote

Configuration

Create a .env file with your configuration:

OPENAI_API_KEY=your_openai_api_key_here
MCP_DB_URI=sqlite:///your_database.db
MCP_SECURITY_ENABLE_THREAT_ANALYSIS=true

See the for all configuration options.

Example

import json
import requests

# Query the server
response = requests.post(
    "http://localhost:8000/api/sql",
    headers={"Content-Type": "application/json", "X-API-Key": "your-api-key"},
    json={
        "query": "Find all suspicious login attempts in the last 24 hours",
        "optimize": True,
        "execute": True
    }
)

# Process the response
result = response.json()
print(f"SQL Query: {result['sql']}")
if result['results']:
    print("Results:")
    for row in result['results']:
        print(row)

Security Features

  • Rule-based and AI-powered SQL query security analysis
  • Detection of potential SQL injection attacks
  • Sensitive table access monitoring
  • Configurable security levels and actions

License

MIT License with Additional Conditions. Copyright (c) 2025 Akram Sheriff.

See for details.

Contributing

Contributions are welcome! Please see for guidelines.