Home / AI/LLM / sift-mcp

sift-mcp

mowen628/sift-mcp
★ 0 stars Python AI/LLM Updated today
Autonomous IR MCP server for SANS SIFT — live network triage + deep forensics pipeline. Find Evil! hackathon 2026.
View on GitHub → Try with Claude — $10 free →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "sift-mcp": {
      "command": "uvx",
      "args": [
        "sift-mcp"
      ]
    }
  }
}

Or install with pip: pip install sift-mcp

README Excerpt

Autonomous incident response agent built on the [SANS SIFT Workstation](https://www.sans.org/tools/sift-workstation/) and [Protocol SIFT](https://github.com/teamdfir/protocol-sift). Submitted to the **Find Evil! hackathon (Apr 15 – Jun 15, 2026)**. `sift-mcp` is a custom MCP server that gives Claude Code autonomous IR capabilities across two layers:

Tools (12)

case_add_findingcase_createcase_reportioc_hashioc_yara_scanlogs_containermemory_malfindmemory_netscanmemory_pslistnetwork_device_scannetwork_dns_querytimeline_create

Related AI/LLM Servers

gemini-cli ★ 97.7K
An open-source AI agent that brings the power of Gemini directly into your terminal.
AI/LLM TypeScript
context7 ★ 49.0K
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
AI/LLM TypeScript
litellm ★ 43.7K
Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs in OpenAI (or native) format, with cost tracking,...
AI/LLM Python
LocalAI ★ 43.6K
The free, Open Source alternative to OpenAI, Claude and others. Self-hosted and local-first. Drop-in replacement, ...
AI/LLM Go