panther-labs/mcp-panther
by Various
Write detections, investigate alerts, and query logs from your favorite AI agents
MCP
panther-labs/mcp-panther
Added 1 June 2026
Overview
MCP-Panther is a Python-based tool that lets AI agents write security detections, investigate alerts, and query logs through the Model Context Protocol. It connects to Panther's detection-as-code platform, enabling automated security operations workflows.
Best for
Best for
Security engineers and SOC teams using Panther who want to automate detection writing and alert investigation with AI agents.
Use cases
- Automatically generate and test new security detections from natural language prompts
- Investigate security alerts by querying log data through an AI agent
- Integrate Panther's detection capabilities into AI-driven security pipelines
How to use
Install
docker run -i -e PANTHER_INSTANCE_URL -e PANTHER_API_TOKEN --rm ghcr.io/panther-labs/mcp-panther Tools exposed
add_alert_commentstart_ai_alert_triageget_ai_alert_triage_summaryget_alertget_alert_eventslist_alertsbulk_update_alertsupdate_alert_assigneeupdate_alert_statuslist_alert_commentsquery_data_lakeget_table_schemalist_databaseslist_database_tablesget_alert_event_statslist_scheduled_queriesget_scheduled_querylist_log_sourcesget_http_log_sourcelist_detections
Example client config
{\n "mcpServers": {\n "mcp-panther": {\n "command": "docker",\n "args": [\n "run",\n "-i",\n "-e", "PANTHER_INSTANCE_URL",\n "-e", "PANTHER_API_TOKEN",\n "--rm",\n "ghcr.io/panther-labs/mcp-panther"\n ],\n "env": {\n "PANTHER_INSTANCE_URL": "https://YOUR-PANTHER-INSTANCE.domain",\n "PANTHER_API_TOKEN": "YOUR-API-KEY"\n }\n }\n }\n} Notes
MCP-Panther is a Python-based tool that lets AI agents write security detections, investigate alerts, and query logs through the Model Context Protocol. It connects to Panther’s detection-as-code platform, enabling automated security operations workflows.
44 stars on GitHub. Last updated 2026-05-15. Licensed Apache-2.0.
Use cases
- Automatically generate and test new security detections from natural language prompts
- Investigate security alerts by querying log data through an AI agent
- Integrate Panther’s detection capabilities into AI-driven security pipelines
Pros
- Enables natural language interaction with Panther’s detection platform
- Open source with a permissive license for customization
- Reduces manual effort in writing and testing detections
Cons
- Limited community adoption with only 44 GitHub stars
- Requires Panther platform access and setup
- Dependency on MCP protocol may limit agent compatibility
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Enables natural language interaction with Panther's detection platform
- Open source with a permissive license for customization
- Reduces manual effort in writing and testing detections
Cons
- Limited community adoption with only 44 GitHub stars
- Requires Panther platform access and setup
- Dependency on MCP protocol may limit agent compatibility
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Cline
Cline
Open-source autonomous coding agent that lives inside VS Code. BYO model key, watch it work.
Claude Code
Anthropic
Anthropic's terminal-native coding agent. Reads your repo, edits files, runs tests, ships PRs.
Continue
Continue.dev
Open-source AI code assistant for VS Code and JetBrains. Customisable, BYO model, built for enterprise.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.