Is Purple Mcp safe to use?

Purple Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Purple Mcp?

Purple Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Purple Mcp?

Purple Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Purple Mcp actively maintained?

Purple Mcp is actively maintained — last commit was 9 days ago. It has 71 GitHub stars.

Purple AI MCP Server

Purple AI MCP Server allows you to access SentinelOne Services with any MCP client.

Features

This server exposes SentinelOne's platform through the Model Context Protocol:

Purple AI: Ask security questions, investigate threats
Events: Run PowerQueries on events in your SentinelOne data lake
Alerts: Query, search, and investigate alerts
Vulnerabilities: Track CVEs and security findings
Misconfigurations: Analyze security posture issues
Inventory: Ask questions about endpoints, cloud resources, identities, and network devices

Purple AI MCP is a read-only service - you cannot make changes to your account or any objects within your account from this MCP.

Quick Start

Using uv (Recommended for Local Development or Deployment)

# Install uv if you don't have it
curl -LsSf https://astral.sh/uv/install.sh | sh

# Set credentials
export PURPLEMCP_CONSOLE_TOKEN="your_token"
export PURPLEMCP_CONSOLE_BASE_URL="https://your-console.sentinelone.net"

# Run
uvx --from git+https://github.com/Sentinel-One/purple-mcp.git purple-mcp --mode=stdio

⚠️ Security note ⚠️

For production or security-sensitive environments, pin to a specific commit hash instead of using the default branch to reduce supply chain risk from the our releases or our verified commits in main branch.

# Run with pinned hash
uvx --from git+https://github.com/Sentinel-One/purple-mcp.git@<commit-hash> purple-mcp --mode=stdio

Using Docker

# Build the image
docker build -t purple-mcp:latest .

# Run with your credentials
export PURPLEMCP_CONSOLE_TOKEN="your_token"
export PURPLEMCP_CONSOLE_BASE_URL="https://your-console.sentinelone.net"

docker run -p 8000:8000 \
  -e PURPLEMCP_CONSOLE_TOKEN \
  -e PURPLEMCP_CONSOLE_BASE_URL \
  -e MCP_MODE=streamable-http \
  purple-mcp:latest

Using Amazon Bedrock AgentCore

# Subscribe to Purple AI MCP Server via AWS Marketplace

#Prepare Environment Variables
PURPLEMCP_CONSOLE_BASE_URL=https://your-console.sentinelone.net
PURPLEMCP_CONSOLE_TOKEN=your-token
MCP_MODE=streamable-http 
PURPLEMCP_STATELESS_HTTP=True

Follow instructions for Amazon Bedrock AgentCore Deployment here

Using Amazon Elastic Container Service (ECS)

# Subscribe to Purple AI MCP Server via AWS Marketplace

#Prepare Environment Variables
PURPLEMCP_CONSOLE_BASE_URL=https://your-console.sentinelone.net
PURPLEMCP_CONSOLE_TOKEN=your-token
MCP_MODE=streamable-http 
PURPLEMCP_STATELESS_HTTP=True

Follow instructions for Amazon Elastic Container Service Deployment here

For production deployments, see Deployment Guide.

Note: Purple AI MCP does not include built-in authentication. For network-exposed deployments, place it behind a reverse proxy or load balancer. See Production Setup for cloud load balancer configurations (AWS ALB, GCP Cloud Load Balancing, Azure Application Gateway) or nginx examples for self-hosted deployments.

Your token needs Account or Site level permissions (not Global). Get one from Policy & Settings → User Management → Service Users in your console. Currently, this server only supports tokens that have access to a single Account or Site. If you need to access multiple sites, you will need to run multiple MCP servers wi

... View full README on GitHub

Purple Mcp

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Sequential Thinking MCP Server

Arxiv Mcp Server

Gemini Cli

Python Sdk

Discussion