MCP Hub
Back to servers

rocketcyber-mcp

An MCP server for the RocketCyber Managed SOC platform that provides read-only access to security data including incidents, agents, and events. It enables users to monitor and query security information through 10 specialized tools and resources.

glama
AI & MLData & AnalyticsDevelopment Tools
Updated
Feb 24, 2026
View Source
Claim this server

rocketcyber-mcp

MCP (Model Context Protocol) server for the RocketCyber Managed SOC platform. Provides read-only access to RocketCyber security data through 10 tools and 3 resources.

Features

  • 10 read-only tools covering all RocketCyber API resources
  • 3 MCP resources for quick data access
  • Dual transport: stdio (default) and HTTP Streamable
  • Lazy SDK initialization on first tool call
  • Winston logger with all output routed to stderr
  • Connection test tool for validating credentials

Installation

npm install
npm run build

Configuration

Environment VariableRequiredDefaultDescription
ROCKETCYBER_API_KEYYes-RocketCyber API key
ROCKETCYBER_REGIONNousAPI region: us or eu
MCP_TRANSPORTNostdioTransport type: stdio or http
MCP_HTTP_PORTNo8080HTTP port (when using http transport)
MCP_HTTP_HOSTNo0.0.0.0HTTP host (when using http transport)
LOG_LEVELNoinfoLog level: error, warn, info, debug
LOG_FORMATNosimpleLog format: json or simple

Usage

Claude Desktop (stdio)

Add to your Claude Desktop configuration (claude_desktop_config.json):

{
  "mcpServers": {
    "rocketcyber": {
      "command": "node",
      "args": ["/path/to/rocketcyber-mcp/dist/entry.js"],
      "env": {
        "ROCKETCYBER_API_KEY": "your-api-key"
      }
    }
  }
}

HTTP Transport

ROCKETCYBER_API_KEY=your-api-key MCP_TRANSPORT=http npm start

Tools

ToolDescription
rocketcyber_test_connectionTest the connection to RocketCyber API
rocketcyber_get_accountGet account information
rocketcyber_list_agentsList monitored agents/endpoints
rocketcyber_list_incidentsList security incidents
rocketcyber_list_eventsList security events
rocketcyber_get_event_summaryGet event summary/statistics
rocketcyber_list_firewallsList firewall devices
rocketcyber_list_appsList managed apps
rocketcyber_get_defenderGet Windows Defender status
rocketcyber_get_officeGet Office 365 status

Resources

URIDescription
rocketcyber://accountAccount information
rocketcyber://incidentsSecurity incidents
rocketcyber://agentsMonitored agents/endpoints

Development

# Install dependencies
npm install

# Run in development mode
npm run dev

# Build
npm run build

# Start production server
npm start

License

Apache-2.0

Reviews

No reviews yet

Sign in to write a review