Unifies 7,283+ detection rules from Sigma, Splunk ESCU, Elastic, and KQL into a single queryable interface via MCP, with a web dashboard and autonomous agent pipeline for detection engineering.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
process.env. You'll be asked to provide them before it can run.ANTHROPIC_API_KEY— Edit .env with your and SIEM_PLATFORMATTACK_DATA_PATHATTACK_RANGE_ENGINEATTACK_RANGE_IP_WHITELISTATTACK_RANGE_KEY_NAMEATTACK_RANGE_PASSWORDATTACK_RANGE_PRIVATE_KEYAWS_REGIONDETECTIONS_DB_PATHDRY_RUNELASTIC_PATHS— "": "./detections/detection-rules/rules",KQL_PATHS— "": "./detections/kql-bertjanp,./detections/kql-jkerai1",MAX_DETECTIONS_PER_RUNOPENAI_API_KEY— OpenAI gpt-4o, gpt-4o-mini, gpt-4-turboOPENAI_BASE_URLSECURITY_CONTENT_PATHSIEM_PLATFORM— Edit .env with your ANTHROPIC_API_KEY andSIGMA_PATHS— "": "./detections/sigma/rules,./detections/sigma/rules-threat-hunting",SLACK_WEBHOOK_URLSPLUNK_MCP_ENABLEDSPLUNK_PATHS— "": "./detections/security_content/detections",STORY_PATHS— "": "./detections/security_content/stories"THREADLINQS_API_KEY— 2. Environment variables (ANTHROPIC_API_KEY, OPENAI_API_KEY, )[](https://m8ven.ai/mcp/threadlinqs-cmd-threadlinqs-security-detection-mcp-8ag5ff)