74
/ 100
1 month ago
glama

Security Detections MCP

Unifies 7,283+ detection rules from Sigma, Splunk ESCU, Elastic, and KQL into a single queryable interface via MCP, with a web dashboard and autonomous agent pipeline for detection engineering.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Known vulnerabilities in dependencies: 1 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
⚠️
Tests do not pass
Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
🔐
You'll be asked for 5 credentials: ANTHROPIC_API_KEY, ATTACK_RANGE_PASSWORD, ATTACK_RANGE_PRIVATE_KEY, OPENAI_API_KEY, THREADLINQS_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 high1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

high@modelcontextprotocol/sdk@1.25.3GHSA-345p-7cg4-v4c7

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

lowyaml@2.4.0GHSA-48c2-rrv3-qjmp

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretANTHROPIC_API_KEYEdit .env with your and SIEM_PLATFORM
configATTACK_DATA_PATH
configATTACK_RANGE_ENGINE
configATTACK_RANGE_IP_WHITELIST
configATTACK_RANGE_KEY_NAME
🔐 secretATTACK_RANGE_PASSWORD
🔐 secretATTACK_RANGE_PRIVATE_KEY
configAWS_REGION
configDETECTIONS_DB_PATH
configDRY_RUN
configELASTIC_PATHS"": "./detections/detection-rules/rules",
configKQL_PATHS"": "./detections/kql-bertjanp,./detections/kql-jkerai1",
configMAX_DETECTIONS_PER_RUN
🔐 secretOPENAI_API_KEYOpenAI gpt-4o, gpt-4o-mini, gpt-4-turbo
configOPENAI_BASE_URL
configSECURITY_CONTENT_PATH
configSIEM_PLATFORMEdit .env with your ANTHROPIC_API_KEY and
configSIGMA_PATHS"": "./detections/sigma/rules,./detections/sigma/rules-threat-hunting",
configSLACK_WEBHOOK_URL
configSPLUNK_MCP_ENABLED
configSPLUNK_PATHS"": "./detections/security_content/detections",
configSTORY_PATHS"": "./detections/security_content/stories"
🔐 secretTHREADLINQS_API_KEY2. Environment variables (ANTHROPIC_API_KEY, OPENAI_API_KEY, )
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/threadlinqs-cmd-threadlinqs-security-detection-mcp-8ag5ff)](https://m8ven.ai/mcp/threadlinqs-cmd-threadlinqs-security-detection-mcp-8ag5ff)
commit: a32972b3ed022b342965adc753efbf90a22ba8f0
code hash: 326050aac2fbb85588d808f15f747ce4f301a0d4e7b0b493f4975f7ede6ae717
verified: 6/12/2026, 10:44:51 AM
view raw JSON →