Server data from the Official MCP Registry
MCP server for Sophos Central — endpoint security, XDR/MDR, and MSSP multi-tenant ops
MCP server for Sophos Central — endpoint security, XDR/MDR, and MSSP multi-tenant ops
The Sophos Central MCP server is a well-designed, feature-rich security tool with comprehensive API coverage and thoughtful security controls. Authentication is properly required via OAuth2, destructive operations are gated behind explicit environment variable configuration, and read-only mode is available. However, the server inherits significant permissions from its Partner Super Admin credential requirement, and there are some operational security considerations around credential storage in configuration files that users should be aware of. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
3 files analyzed · 11 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-rijul170-sophos-central-mcp": {
"args": [
"-y",
"@rijul170/sophos-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
For MSP/MSSP teams: Manage endpoint security, email threats, and firewall policy across all your Sophos tenants through natural language. Ask Claude to investigate an alert, isolate a host, run Live Discover queries, and correlate with XDR data — without leaving your AI workflow.
A Model Context Protocol (MCP) server for the Sophos Central API, enabling AI-powered security operations through Claude and other MCP-compatible clients. Designed for MSP/MSSP environments with Partner Super Admin credentials, it provides multi-tenant management across all customer tenants from a single server instance — covering endpoint protection, threat detection, Live Discover forensics, XDR hunting, email security, firewall management, and more.
sophos_playbook_* tools for guided IR and threat hunting workflowsfetch support required)git clone https://github.com/rijul170/sophos-central-mcp.git
cd sophos-central-mcp
npm install
npm run build
.env filecp .env.example .env
Edit .env with your credentials:
# Required
SOPHOS_CLIENT_ID=your-client-id-here
SOPHOS_CLIENT_SECRET=your-client-secret-here
# Optional — transport mode: stdio | sse | streamable-http (default: stdio)
MCP_TRANSPORT=stdio
# Optional — host for HTTP transports (default: 127.0.0.1)
MCP_HOST=127.0.0.1
# Optional — port for HTTP transports (default: 3001)
MCP_PORT=3001
| Variable | Required | Description |
|---|---|---|
SOPHOS_CLIENT_ID | Yes | Partner Super Admin Client ID from Sophos Central |
SOPHOS_CLIENT_SECRET | Yes | Corresponding client secret |
MCP_TRANSPORT | No | Transport mode: stdio, sse, or streamable-http (default: stdio) |
MCP_HOST | No | Bind host for HTTP transports (default: 127.0.0.1) |
MCP_PORT | No | Port for HTTP transports (default: 3001) |
SOPHOS_MCP_READONLY | No | Set to true to register only read tools — write and destructive tools are never exposed to the AI client |
SOPHOS_MCP_ALLOW_DESTRUCTIVE | No | Destructive tools (deletes, endpoint isolation, Live Discover execution, clawback, ...) are suppressed by default. Set to true to arm all of them, or a comma-separated list of tool names to arm selectively |
HTTP mode is recommended for Claude Code — it supports concurrent sessions and does not require restarting the server between conversations.
Start the server:
MCP_TRANSPORT=streamable-http MCP_PORT=3001 node build/index.js
Or set MCP_TRANSPORT=streamable-http in your .env and run:
node build/index.js
Add to your Claude Code MCP configuration (.claude/settings.json or global settings):
{
"mcpServers": {
"sophos-mcp": {
"type": "http",
"url": "http://localhost:3001/mcp"
}
}
}
A /health endpoint is available at http://localhost:3001/health for liveness checks.
stdio mode is the standard transport for Claude Desktop. The server process is managed by Claude Desktop directly.
Add to your Claude Desktop MCP configuration (claude_desktop_config.json):
{
"mcpServers": {
"sophos-mcp": {
"command": "node",
"args": ["/path/to/sophos-central-mcp/build/index.js"],
"env": {
"SOPHOS_CLIENT_ID": "your-client-id",
"SOPHOS_CLIENT_SECRET": "your-client-secret"
}
}
}
}
Replace /path/to/sophos-central-mcp with the absolute path to your cloned repository.
SSE (Server-Sent Events) mode is available for legacy MCP clients that do not support Streamable HTTP.
MCP_TRANSPORT=sse MCP_PORT=3001 node build/index.js
The SSE endpoint is available at http://localhost:3001/sse.
| Domain | Tools | Description |
|---|---|---|
| Alerts | 5 | List, get, acknowledge, and action Sophos alerts |
| Endpoint | 26 | Isolation, tamper protection, scans, migrations, bulk operations |
| Detections | 7 | Query-based behavioral detection search, grouping, and counts |
| Live Discover | 11 | Real-time forensic SQL queries on managed endpoints |
| XDR | 10 | Historical SQL hunting against the Sophos XDR Data Lake |
| Cases | 9 | Investigation case create, read, update, close, and evidence management |
| Partner | 23 | Tenant enumeration, admins, roles, billing, permission sets |
| Organization | 2 | Tenant listing for organization-type accounts |
| Policy | 7 | Full CRUD for all Sophos policy types |
| Group | 8 | Endpoint group CRUD and member management |
| SIEM | 2 | Events and alerts export for SIEM integration |
| Firewall | 20 | Firewall CRUD, group management, firmware upgrades |
| DNS Protection | 15 | Locations, policies, custom domain allow/block lists |
| 31 | Quarantine management, mailboxes, post-delivery message clawback | |
| Directory | 15 | User and user group full CRUD |
| Settings | 16 | Tamper protection, exclusions, web control, endpoint tags |
| Allowed/Blocked | 12 | SHA256 hash, certificate, and path allow/block lists |
| Exploit Mitigation | 8 | Application-level exploit protection exclusions |
| IPS Exclusion | 10 | Network IPS and isolation exclusion management |
| Tenant Admin | 14 | Tenant admin CRUD, role assignments, custom roles |
| Account Health | 4 | Health check reports, snooze, and historical health scores |
| Account Management | 4 | Account-level settings and license management |
| Audit Events | 2 | Audit log retrieval for compliance and governance |
| Business Automation | 3 | Automation rules and business logic configuration |
| Licensing | 2 | License entitlement and usage queries |
| Mobile | 38 | Mobile device management — enrollment, policies, device actions |
| Cloud Security | 6 | Cloud workload protection posture and findings |
| Software | 9 | Installer downloads, software inventory, packages |
| Switch | 3 | Network switch management |
| WiFi | 3 | Wireless network management |
| User Activity | 2 | User activity reporting and session data |
| Playbooks | 5 | SOC incident response and threat hunting workflow guides |
| Auth | 2 | OAuth2 authentication and WhoAmI identity discovery |
The server is built around Sophos Partner Super Admin credentials, which have visibility across all managed customer tenants.
How it works:
sophos_list_tenants (or sophos_list_org_tenants for organization accounts) to enumerate all managed tenants and their IDs.tenantId parameter to any tenant-scoped tool to target a specific customer environment.Example workflow:
1. sophos_list_tenants → get all tenant IDs and names
2. sophos_list_alerts → pass tenantId for a specific customer
3. sophos_isolate_endpoint → isolate an endpoint in that tenant
4. sophos_live_discover_run_query → run forensic SQL on the isolated host
The server ships with five built-in playbook tools that provide structured, step-by-step guidance for common SOC workflows. These are designed to be invoked at the start of an investigation to orient the response.
| Tool | Purpose |
|---|---|
sophos_playbook_incident_response | End-to-end IR playbook: triage → scope → contain → remediate |
sophos_playbook_threat_hunt | Hypothesis-driven and IOC-based threat hunting workflows |
sophos_mitre_attack_guide | MITRE ATT&CK technique-to-Sophos-tool mapping |
sophos_soc_tool_guide | Reference guide for all 334 tools organized by SOC use case |
sophos_playbook_edr_investigation | EDR-specific investigation playbook for endpoint detections |
Once the server is connected to Claude, you can use natural language to drive security operations. Example prompts:
Alert triage:
"List all critical and high severity open alerts for tenant
<tenant-id>from the last 24 hours, grouped by type."
Endpoint investigation:
"Isolate endpoint
<hostname>in tenant<tenant-id>, then run a Live Discover SQL query to list all running processes and active network connections."
XDR threat hunting:
"Run an XDR Data Lake query against tenant
<tenant-id>to find any PowerShell executions with encoded commands in the last 7 days."
MSSP overview:
"Enumerate all my managed tenants, then show me any tenants with open critical alerts."
Email security:
"Show me all quarantined messages for tenant
<tenant-id>in the last 48 hours and release any flagged as false positives."
# Run with hot-reload (no build step required)
npm run dev
# Build TypeScript to JavaScript
npm run build
# Run the built server
npm start
# Inspect tools interactively with MCP Inspector
npx @modelcontextprotocol/inspector node build/index.js
src/
├── index.ts # Entry point — transport setup, registers all 33 modules
├── config.ts # Environment variable validation
├── auth/
│ └── auth-manager.ts # OAuth2 token management with auto-refresh
├── client/
│ ├── sophos-client.ts # HTTP client (retry, rate limiting, backoff)
│ └── tenant-router.ts # Tenant → regional API host mapping
├── tools/ # 33 tool files, 334 tools total
│ ├── auth-tools.ts # 2 tools
│ ├── partner-tools.ts # 23 tools
│ ├── organization-tools.ts # 2 tools
│ ├── endpoint-tools.ts # 26 tools
│ ├── group-tools.ts # 8 tools
│ ├── policy-tools.ts # 7 tools
│ ├── alert-tools.ts # 5 tools
│ ├── detections-tools.ts # 7 tools
│ ├── siem-tools.ts # 2 tools
│ ├── xdr-tools.ts # 10 tools
│ ├── live-discover-tools.ts # 11 tools
│ ├── firewall-tools.ts # 20 tools
│ ├── dns-protection-tools.ts # 15 tools
│ ├── email-tools.ts # 31 tools
│ ├── directory-tools.ts # 15 tools
│ ├── settings-tools.ts # 16 tools
│ ├── allowed-blocked-tools.ts # 12 tools
│ ├── exploit-mitigation-tools.ts # 8 tools
│ ├── ips-exclusion-tools.ts # 10 tools
│ ├── tenant-admin-tools.ts # 14 tools
│ ├── account-health-tools.ts # 4 tools
│ ├── cases-tools.ts # 9 tools
│ ├── software-tools.ts # 9 tools
│ ├── audit-events-tools.ts # 2 tools
│ ├── business-automation-tools.ts # 3 tools
│ ├── licensing-tools.ts # 2 tools
│ ├── mobile-tools.ts # 38 tools
│ ├── switch-tools.ts # 3 tools
│ ├── wifi-tools.ts # 3 tools
│ ├── cloud-security-tools.ts # 6 tools
│ ├── user-activity-tools.ts # 2 tools
│ ├── account-management-tools.ts # 4 tools
│ └── playbook-tools.ts # 5 tools
└── types/
└── sophos-types.ts # TypeScript interfaces for all Sophos API types
Read-only mode — set SOPHOS_MCP_READONLY=true to register only read tools at startup. Write and destructive tools are never exposed to the AI client, regardless of what is asked. XDR Data Lake and detections queries stay available (they are read analytics); Live Discover does not (it executes osquery on managed endpoints).
Destructive operation gating — even with writes enabled, destructive tools (endpoint isolation, deletes, email clawback, Live Discover execution, firmware upgrades, ...) are suppressed by default. Arm them explicitly via SOPHOS_MCP_ALLOW_DESTRUCTIVE. The recommended approach is a comma-separated list of specific tool names rather than true:
# Enable only endpoint isolation for IR workflows
SOPHOS_MCP_ALLOW_DESTRUCTIVE=sophos_isolate_endpoint,sophos_deisolate_endpoint
Tool annotations — every tool carries MCP readOnlyHint/destructiveHint annotations so compliant clients can apply their own confirmation policies.
Credential handling — API credentials are read from environment variables at startup and are never logged or transmitted except to the Sophos authentication endpoint. Do not commit .env files to source control — .env is listed in .gitignore.
Partner Super Admin scope — these credentials have read/write access across all managed tenants. Treat them with the same care as privileged service account credentials. Rotate them immediately if compromised.
Read-only operations where possible — where your use case only requires visibility (alert triage, threat hunting, reporting), consider creating a separate credential with a more restricted role. Partner Super Admin is required only for write operations (isolation, policy changes, user management).
Network binding — HTTP transports default to 127.0.0.1. Do not expose the MCP server port publicly. If you need remote access, put it behind an authenticated reverse proxy or use a VPN.
Audit trail — all Sophos API calls made through this server are logged in Sophos Central's audit events, attributable to the API credential used.
These three servers cover complementary layers of a security stack — network/log (AlertLogic), endpoint protection (Sophos), and EDR/threat intel (CrowdStrike). Use them together for full-stack AI-powered SOC operations.
| Server | Platform | Highlights |
|---|---|---|
| falcon-mcp | CrowdStrike Falcon | EDR telemetry, RTR, threat intel, MSSP Flight Control, 1,296 tools |
| sophos-central-mcp | Sophos Central | Endpoint isolation, Live Discover SQL, XDR, email/firewall/DNS, 334 tools |
| alertlogic-mcp | Alert Logic MDR | Incident response, SQL log search, SOAR, vulnerability management, 473 tools |
MIT
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.