Zeek-MCP

  1. ALMC
  2. MCP
  3. development
  4. zeek-mcp
Zeek-MCP - Secure MCP Server by ALMC Security 2025

Zeek-MCP

View on GitHub

LicenseGitHub release (latest by date)Linkedin

Logo

Zeek-MCP

This repository provides a set of utilities to build an MCP server (Model Context Protocol) that you can integrate with your conversational AI client.

Table of Contents

Prerequisites

  • Python 3.7+
  • Zeek installed and available in your PATH (for the execzeek tool)
  • pip (for installing Python dependencies)

Installation

1. Clone the repository

git clone https://github.com/Gabbo01/Zeek-MCP
cd Zeek-MCP

2. Install dependencies

It's recommended to use a virtual environment:

python -m venv venv
source venv/bin/activate    # Linux/macOS
venv\Scripts\activate     # Windows
pip install -r requirements.txt

Note: If you don’t have a requirements.txt, install directly:

pip install pandas mcp

Usage

The repository exposes two main MCP tools and a command-line entry point:

3. Run the MCP server

python Bridge_Zeek_MCP.py --mcp-host 127.0.0.1 --mcp-port 8081 --transport sse
  • --mcp-host: Host for the MCP server (default: 127.0.0.1).
  • --mcp-port: Port for the MCP server (default: 8081).
  • --transport: Transport protocol, either sse (Server-Sent Events) or stdio.

start

4. Use the MCP tools

You need to use an LLM that can support the MCP tools usage by calling the following tools:

  1. execzeek(pcap_path: str) -> str

    • Description: Runs Zeek on the given PCAP file after deleting existing .log files in the working directory.
    • Returns: A string listing generated .log filenames or "1" on error.

  2. parselogs(logfile: str) -> DataFrame

    • Description: Parses a single Zeek .log file and returns the parsed content.

You can interact with these endpoints via HTTP (if using SSE transport) or by embedding in LLM client (eg: Claude Desktop):

Claude Desktop integration:

To set up Claude Desktop as a Zeek MCP client, go to Claude -> Settings -> Developer -> Edit Config -> claude_desktop_config.json and add the following:

{
  "mcpServers": {
    "Zeek-mcp": {
      "command": "python",
      "args": [
        "/ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py",
      ]
    }
  }
}

Alternatively, edit this file directly:

/Users/YOUR_USER/Library/Application Support/Claude/claude_desktop_config.json

5ire Integration:

Another MCP client that supports multiple models on the backend is 5ire. To set up Zeek-MCP, open 5ire and go to Tools -> New and set the following configurations:

  1. Tool Key: ZeekMCP
  2. Name: Zeek-MCP
  3. Command: python /ABSOLUTE_PATH_TO/Bridge_Zeek_MCP.py
Alternatively you can use Chainlit framework and follow the documentation to integrate the MCP server.

Examples

An example of MCP tools usage from a chainlit chatbot client, it was used an example pcap file (you can find fews in pcaps folder)

In that case the used model was claude-3.7-sonnet-reasoning-gemma3-12b

example1

example2

example3

License

See LICENSE for more information.

Related in Development - Secure MCP Servers

ServerSummaryActions
ArchiveNetWhere AI memories live forever - A decentralized semantic memory platform powered by blockchain and...View
Chess FEN MCP ServerA Model Context Protocol (MCP) server that provides chess FEN notation validation and visualization...View
Homebrew MCPA Model Context Protocol (MCP) server for Homebrew package management on macOS, designed for seamles...View
AvaloniaUIView
Cloudflare MCP Server ExampleNo documentation available.View
Deep Code Reasoning MCP ServerView