panther-labs/mcp-panther

Overview

MCP-Panther is a Python-based tool that lets AI agents write security detections, investigate alerts, and query logs through the Model Context Protocol. It connects to Panther's detection-as-code platform, enabling automated security operations workflows.

Best for

Best for
Security engineers and SOC teams using Panther who want to automate detection writing and alert investigation with AI agents.

Use cases

• Automatically generate and test new security detections from natural language prompts
• Investigate security alerts by querying log data through an AI agent
• Integrate Panther's detection capabilities into AI-driven security pipelines

Notes

MCP-Panther is a Python-based tool that lets AI agents write security detections, investigate alerts, and query logs through the Model Context Protocol. It connects to Panther’s detection-as-code platform, enabling automated security operations workflows.

44 stars on GitHub. Last updated 2026-05-15. Licensed Apache-2.0.

Use cases

• Automatically generate and test new security detections from natural language prompts
• Investigate security alerts by querying log data through an AI agent
• Integrate Panther’s detection capabilities into AI-driven security pipelines

Pros

• Enables natural language interaction with Panther’s detection platform
• Open source with a permissive license for customization
• Reduces manual effort in writing and testing detections

Cons

• Limited community adoption with only 44 GitHub stars
• Requires Panther platform access and setup
• Dependency on MCP protocol may limit agent compatibility

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.