Security Detections
by mhaggis · Databases · mcp-server, database
Aggregates security detection rules from Sigma, Splunk ESCU, Elastic, and KQL into a unified searchable SQLite database with MITRE ATT&CK mappings and CVE tracking for security analysts and threat hunters.
An MCP server that provides unified access to security detection rules from Sigma, Splunk ESCU, Elastic Detection Rules, and KQL query repositories. The implementation indexes detection rules into a searchable SQLite database with full-text search capabilities, automatically parsing YAML and TOML formats to extract MITRE ATT&CK mappings, CVE references, process names, and other metadata. Supports advanced filtering by MITRE tactics, severity levels, data sources, and process names, making it useful for security analysts building detection coverage maps, threat hunters researching specific attack techniques, or security engineers comparing detection approaches across different SIEM platforms.
Source: https://github.com/mhaggis/security-detections-mcp
Install
git clone https://github.com/mhaggis/security-detections-mcpTags: mcp-server, database
⭐ 342 GitHub stars · Source: pulsemcp
About Databases MCP servers and Claude skills
Databases MCP servers extend what AI agents can do inside Claude Code, Cursor, Copilot, Codex, and Windsurf. The Skiln directory indexes 16,000+ such integrations across 22 categories.
Security Detections is one of hundreds of Databases entries indexed on Skiln. Browse the full Databases category or the complete directory of Claude skills, MCP servers, agents, commands, and hooks.
Related Databases MCPs and skills
- Snowflake by snowflake-labs
Bridges AI applications with Snowflake's data platform for database interaction
- Apache Doris by apache
Enables direct SQL query execution and metadata retrieval from Apache Doris databases without switching contexts.
- SQL Server Performance Monitor by erikdarlingdata
SQL Server performance monitoring with DuckDB storage and natural language queries for CPU, wait stats, blocking, query performance, memory, and I/O.
- PostgreSQL with GitHub OAuth by coleam00
Provides secure PostgreSQL database access with GitHub OAuth authentication, enabling read-only operations for all authenticated users while restricting write operations to allowlisted GitHub usernames through role-based access control.
- MySQL Database Manager by wenb1n-dev
Provides direct access to MySQL databases with advanced features like multiple SQL execution, table metadata querying, execution plan analysis, and Chinese field to pinyin conversion through a configurable Python-based server.
- Microsoft SQL Server (MSSQL) by richardhan
Securely integrates with Microsoft SQL Server databases for data analysis, reporting, and management.
- ExecuteAutomation Database Server by executeautomation
Enables direct interaction with SQLite and SQL Server databases through a modular adapter architecture for data analysis, database management, and business intelligence workflows without exposing raw credentials.
- DB Connector (MySQL/PostgreSQL) by freepeak
Enables direct interaction with MySQL and PostgreSQL databases through a Go-based connectivity layer that supports both local stdio and production SSE transport modes for querying, analyzing, and manipulating structured data.
Frequently asked questions
How do I install Security Detections?
Add the install command above to your Claude Code, Cursor, or Windsurf MCP configuration. Most servers register via npx, a local command, or a Docker image. Refer to the source repository for environment variables and credential requirements.
Which clients support Security Detections?
Any MCP-compatible client works: Claude Desktop, Claude Code CLI, Cursor, Windsurf, Zed, and VS Code with the official MCP extension. OpenAI Codex and GitHub Copilot increasingly support MCP via adapter bridges.
Is Security Detections free?
The server itself is typically open source. Any upstream service (API keys, paid tiers, hosted infrastructure) may have its own pricing. Check the source repository for details.