AI-Assisted Defense: Blue Team MCP Server — Claude’s SOC Analyst Toolkit
The offensive side of AI-assisted security is well documented — Claude + Kali MCP can fully compromise an Active Directory domain through natural language. But what about the defenders?
This post introduces the Blue Team MCP Server — the defender’s counterpart to the Kali MCP. Where Kali gives Claude offensive tools (nmap, gobuster, sqlmap), this gives Claude blue team and SOC analyst tools to investigate, monitor, and harden your systems. Same MCP protocol. Same conversation-driven workflow. Different side of the fence.
Overview
What if you could run a hardening audit, check for brute-force attempts in auth.log, query your Wazuh SIEM for alerts, and look up suspicious IPs on AbuseIPDB — all by describing what you need in plain English?
That’s what the Blue Team MCP Server enables. Using Claude Desktop connected to a Blue Team MCP server running on your Ubuntu/Debian defender host, you can perform log analysis, network monitoring, file integrity checks, fail2ban management, and Wazuh SIEM queries — without manually SSH-ing in and running commands.
From the technical side: the server is a Python MCP implementation that exposes ~40 tools. Claude translates your intent into tool calls over the MCP protocol. The server executes ss, tcpdump, journalctl, lynis, fail2ban-client, Wazuh API calls, and more — returning structured results that Claude interprets and summarises.
What is MCP?
Model Context Protocol (MCP) is an open standard developed by Anthropic that allows AI models like Claude to connect to external tools, servers, and data sources through a standardised interface. Think of it as a plugin system for AI — instead of Claude being limited to generating text, MCP lets it take actions in the real world.
The Kali MCP Server exposes offensive tools. The Blue Team MCP Server exposes defensive tools. Same protocol, different tooling.
Architecture
The Blue Team MCP runs on a Defender Host (Ubuntu/Debian server). Claude Desktop on your workstation connects via SSH and invokes a wrapper that starts the MCP server over stdio. All tool execution happens on the defender host; Claude never sees your raw logs or credentials.
Basic Architecture
┌─────────────────────┐ SSH (stdio) ┌─────────────────────────┐
│ Your Workstation │ ──────────────────────── │ Defender Host │
│ Claude Desktop │ │ Ubuntu/Debian Server │
│ (macOS/Windows) │ │ blue_team_server.py │
└─────────────────────┘ └─────────────────────────┘
│ │
│ ┌─────────┴──────────┐
Anthropic API │ System tools: │
(Claude Sonnet) │ ss, tcpdump, │
│ fail2ban-client, │
│ journalctl, lynis │
│ rkhunter, etc. │
└────────────────────┘
Your workstation runs Claude Desktop. It calls the Anthropic API for reasoning, and uses SSH to reach the defender host. The MCP server runs as a subprocess — ssh user@host mcp-server-blueteam — with stdin/stdout used for the MCP transport. No HTTP, no websockets. Simple, audit-friendly.
Consolidated Deployment (Ubuntu-SOC + Wazuh)
When Wazuh Docker and the MCP run on the same host, you use localhost for Wazuh endpoints. This is the setup I use: a single Ubuntu-SOC box that runs both Wazuh and the Blue Team MCP.
┌─────────────────────┐ SSH ┌────────────────────────────────────┐
│ Claude Desktop │ ──────────────────► │ Ubuntu-SOC │
│ (macOS) │ 192.168.153.5 │ • 192.168.153.5 (NAT) │
└─────────────────────┘ or 172.16.101.5 │ • 172.16.101.5 (LAB) │
│ │
│ ┌─────────────────────────────────┐ │
│ │ Wazuh Docker │ │
│ │ • Manager API :55000 │ │
│ │ • Indexer (OpenSearch) :9200 │ │
│ └─────────────────────────────────┘ │
│ ┌─────────────────────────────────┐ │
│ │ mcp-server-blueteam │ │
│ │ WAZUH_API_URL=localhost:55000 │ │
│ │ WAZUH_INDEXER_URL=localhost:9200│ │
│ └─────────────────────────────────┘ │
└────────────────────────────────────┘
The indexer (port 9200) stores HYDRA-DC Windows events in OpenSearch. Its password can differ from the Wazuh API — check your docker-compose or .env for OPENSEARCH_INITIAL_ADMIN_PASSWORD when configuring the indexer URL.
Technical Setup
1. On the Defender Host (Ubuntu/Debian)
git clone https://github.com/not2cleverdotme/blue-team-mcp
cd blue-team-mcp
sudo bash setup.sh
The setup script:
- Installs system packages:
tcpdump,fail2ban,lynis,rkhunter,chkrootkit - Creates a Python virtualenv with MCP dependencies (
mcp,httpx,pydantic) - Places
mcp-server-blueteamin/usr/local/bin - Grants tcpdump network capture capabilities via
setcap - Creates
/opt/blue-team-mcp/config.envfor API keys and Wazuh credentials
2. Configure API Keys and Wazuh
Edit the config file:
sudo nano /opt/blue-team-mcp/config.env
Uncomment and set:
- ABUSEIPDB_API_KEY — abuseipdb.com/account/api
- VIRUSTOTAL_API_KEY — virustotal.com/gui/my-apikey
- WAZUH_API_URL —
https://localhost:55000(if Wazuh is on same host) - WAZUH_API_USER —
wazuh-wui(Wazuh Docker default) - WAZUH_API_PASSWORD — Wazuh API password
- WAZUH_API_VERIFY_SSL —
falsefor self-signed certs - WAZUH_INDEXER_URL —
https://localhost:9200(for agent event search) - WAZUH_INDEXER_USER —
admin - WAZUH_INDEXER_PASSWORD — indexer password (often different from Wazuh API)
- WAZUH_INDEXER_VERIFY_SSL —
falsefor self-signed certs
3. Configure Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS):
{
"mcpServers": {
"blue-team-mcp": {
"command": "ssh",
"args": [
"-i", "/Users/you/.ssh/ubuntu-soc",
"soc-admin@192.168.153.5",
"mcp-server-blueteam"
],
"transport": "stdio"
}
}
}
Use the IP reachable from your workstation. Restart Claude Desktop. The blue-team-mcp tools should appear.
Available Tools
Claude gains access to ~40 tools across several categories.
Log Analysis
| Tool | Description |
|---|---|
blueteam_read_auth_log |
SSH/sudo/PAM events from auth.log |
blueteam_read_syslog |
General system events |
blueteam_read_web_log |
nginx/Apache access & error logs |
blueteam_journalctl |
Query any systemd unit’s journal |
Network Monitoring
| Tool | Description |
|---|---|
blueteam_list_listening_ports |
All open/listening ports with process |
blueteam_list_connections |
Established TCP connections |
blueteam_capture_traffic |
Live packet capture via tcpdump |
Wazuh SIEM
| Tool | Description |
|---|---|
blueteam_wazuh_agents |
List all Wazuh agents (status, IP, OS) |
blueteam_wazuh_agents_summary |
Agent count by status (active/disconnected) |
blueteam_wazuh_manager_logs |
Manager daemon logs |
blueteam_wazuh_alerts |
Security alerts from alerts.json |
blueteam_wazuh_indexer_search |
Query OpenSearch for agent alerts (HYDRA-DC Windows events) |
Threat Intelligence
| Tool | Description |
|---|---|
blueteam_lookup_ip_abuseipdb |
IP reputation via AbuseIPDB |
blueteam_lookup_hash_virustotal |
File hash lookup via VirusTotal |
blueteam_lookup_domain_virustotal |
Domain reputation via VirusTotal |
Fail2Ban, File Integrity, Hardening
| Tool | Description |
|---|---|
blueteam_fail2ban_status |
List jails and ban counts |
blueteam_fail2ban_unban |
Unban an IP from a jail |
blueteam_hash_file |
Hash any file (MD5/SHA1/SHA256/SHA512) |
blueteam_find_suid_files |
Find unexpected SUID/SGID binaries |
blueteam_rootkit_scan |
Run rkhunter or chkrootkit |
blueteam_lynis_audit |
Full Lynis hardening audit |
blueteam_check_updates |
Pending security updates |
blueteam_check_open_firewall |
View ufw/nftables/iptables rules |
User & Session Monitoring
| Tool | Description |
|---|---|
blueteam_who_is_logged_in |
Active user sessions with source IPs |
blueteam_last_logins |
Login history (last 50) |
blueteam_failed_logins |
Failed login attempts |
blueteam_sudo_history |
Sudo command usage |
blueteam_list_users |
All local accounts with risk flags |
blueteam_check_ssh_authorized_keys |
All authorized_keys files |
Process & Persistence
| Tool | Description |
|---|---|
blueteam_list_processes |
All running processes |
blueteam_list_cron_jobs |
System and user cron jobs |
Example Prompts
Once connected via Claude Desktop, you can ask:
"Check the last 2 hours of auth.log and tell me if there are any brute force
attempts. Group by source IP."
"Show me all listening ports. Are any unexpected services running?"
"Here are 5 IPs from my nginx access log: 1.2.3.4, 5.6.7.8, 9.10.11.12,
13.14.15.16, 200.1.2.3 — look them all up on AbuseIPDB."
"Run a Lynis audit and give me the top 5 highest priority hardening items."
"Check for any SUID binaries that aren't in the standard list of expected ones."
"Who is currently logged into this server, and when did they log in?"
"Scan all user cron jobs and flag anything that looks suspicious."
"Hash /usr/bin/sshd and check it against VirusTotal."
"Show me Wazuh agent status — which are active and which are disconnected?"
"Search the Wazuh indexer for events from HYDRA-DC in the last hour."
Claude translates these into tool calls, executes them on the defender host, and returns interpreted results. No manual command construction required.
MAESTRO Framework Alignment
The Blue Team MCP Server is designed to align with the CSA MAESTRO (Multi-Agent Environment, Security, Threat, Risk, and Outcome) framework — a threat model for agentic AI systems. MAESTRO extends traditional frameworks like STRIDE to address AI-specific risks: autonomy, adversarial inputs, supply chain, and repudiation.
When configuring the MCP server, you can apply MAESTRO-aligned mitigations via environment variables in config.env:
| MAESTRO Concern | Mitigation | Configuration |
|---|---|---|
| Repudiation | Audit logging — record every tool invocation for accountability | export BLUETEAM_AUDIT_LOG=/var/log/blue-team-mcp-audit.jsonl |
| Denial of Service | Rate limiting — cap tool calls per minute | export BLUETEAM_RATE_LIMIT=60 |
| Information Disclosure | Path restrictions — limit file hash and capture scope | BLUETEAM_ALLOWED_PATHS, BLUETEAM_CAPTURE_DIR (defaults: /var:/etc:/home:/opt:/usr, /tmp) |
| Supply Chain | Pinned dependencies — requirements.txt pins mcp, httpx, pydantic to specific versions |
Handled by setup; run pip-audit periodically |
Enable audit logging and rate limiting in production for stronger accountability and DoS resistance. Ensure log rotation (e.g., logrotate) on the audit log to prevent unbounded growth.
Security Notes
- The MCP server runs with whatever privileges the SSH user has. Use a dedicated low-privilege user with sudo for specific tools in production.
- Threat intel tools make outbound API calls to AbuseIPDB/VirusTotal — ensure this is acceptable.
blueteam_capture_trafficrequiresCAP_NET_RAWor root; setup grants this to tcpdump viasetcap.- Log files under
/var/log/often require root oradmgroup membership. Add your SSH user:usermod -aG adm youruser
The Balance
The Kali MCP shows that offensive security knowledge is increasingly held by the AI. The Blue Team MCP gives defenders the same leverage: natural-language access to hardening, log analysis, and SIEM queries.
Same MCP protocol. Same conversation-driven workflow. One side attacks; one side defends. The question is which side you’re on.
Tools Used
| Component | Purpose |
|---|---|
| Claude Desktop | Orchestration, natural language interpretation, result synthesis |
| Blue Team MCP Server | Bridge between Claude and defender host tools |
| ss, tcpdump, journalctl | Network and log inspection |
| fail2ban-client | Ban management |
| lynis, rkhunter, chkrootkit | Hardening and rootkit detection |
| Wazuh API + Indexer | SIEM queries and agent event search |
| AbuseIPDB, VirusTotal | Threat intelligence lookups |