ProcmonMCP
0
ProcmonMCP is designed to assist LLMs in the analysis of Procmon XML log files, offering optimized data handling and querying tools. It features memory-efficient operations and supports various protocols for easy integration with MCP clients.
ProcmonMCP
ProcmonMCP is a Model Context Protocol server that enables autonomous analysis of Procmon XML log files by Large Language Models (LLMs). The server provides tools for LLMs to load and optimize Procmon XML logs, query events, inspect processes, view metadata, export results, and perform basic analysis on logs. The server uses string interning to reduce memory footprint and improve querying speed. It supports various transport protocols and provides memory usage reporting with optional tools.
Features
- Load specific Procmon XML files for in-memory optimization.
- Query tools for event summaries, process details, and stack traces.
- Export capabilities for filtered event data to CSV or JSON.
- Supports
stdioandssetransport protocols. - Optional flags for memory optimization and detailed debugging.
- Example prompts for malware analysis using loaded XML data.
Installation
- Requires Python 3.x,
modelcontextprotocol,lxml, andpsutil(optional).
Usage
- Run with command-line arguments like
--input-fileto specify XML files and options.