能力标签

🔌 MCP 🔄 工作流 🐳 Docker 🔗 REST API 🧠 Claude

🔌

MCP工具

堡垒分析MCP工具

基于 Python · 让 AI 助手直接操作你的系统与工具

英文名：fortianalyzer-mcp

⭐ 10 Stars 🍴 5 Forks 💻 Python 📄 MIT 🏷 AI 8.0分

8.0AI 综合评分

mcpfortianalyzerjson-rpc

⬇ 下载源码 ZIP ⚙️ 配置说明

✦ AI Skill Hub 推荐

经 AI Skill Hub 精选评估，堡垒分析MCP工具获评「强烈推荐」。这款MCP工具在功能完整性、社区活跃度和易用性方面表现出色，AI 评分 8.0 分，适合有一定技术背景的用户使用。

📚 深度解析

堡垒分析MCP工具是一款基于 MCP（Model Context Protocol）标准协议的 AI 工具扩展。MCP 协议由 Anthropic 开发并开源，旨在建立 AI 模型与外部工具之间的标准化通信接口，目前已被 Claude Desktop、Claude Code、Cursor 等主流 AI 工具采纳。

通过安装堡垒分析MCP工具，你的 AI 助手将获得额外的工具调用能力，可以用自然语言直接操控该工具的功能，无需学习复杂的命令行语法。MCP 工具的核心价值在于"一次配置，永久增强"——配置完成后，每次与 AI 对话时都可以无缝调用这些工具。

在技术实现上，MCP 工具通过标准的 JSON-RPC 协议与 AI 客户端通信，工具的功能以"工具列表"的形式暴露给 AI 模型，AI 可以按需调用。堡垒分析MCP工具提供了结构化的工具调用接口，使 AI 模型能够精确地理解和使用每个功能点，显著降低 AI 在工具使用上的错误率。

与传统的 API 集成相比，MCP 工具的优势在于无需编写代码——用户只需在配置文件中添加几行 JSON，即可让 AI 获得全新能力。AI Skill Hub 将堡垒分析MCP工具评为 AI 评分 8.0 分，属于同类工具中的优质选择。

📋 工具概览

堡垒分析MCP工具是一款遵循 MCP（Model Context Protocol）标准协议的 AI 工具扩展。通过 MCP 协议，它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务，实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用，都可以通过自然语言在 AI 对话中直接触发，极大提升生产效率。

GitHub Stars

⭐ 10

开发语言

Python

支持平台

Windows / macOS / Linux

维护状态

轻量级项目，按需更新

开源协议

MIT

AI 综合评分

8.0 分

工具类型

MCP工具

Forks

📖 中文文档

以下内容由 AI Skill Hub 根据项目信息自动整理，如需查看完整原始文档请访问底部「原始来源」。

📌 核心特色

通过标准 MCP 协议与 Claude、Cursor 等主流 AI 客户端深度集成
提供结构化工具调用接口，显著降低 AI 集成复杂度
支持 Claude Desktop 和 Claude Code 无缝接入，开箱即用
可与其他 MCP 工具组合叠加，构建完整 AI 工作站
轻量无侵入设计，不影响现有系统架构

🎯 主要使用场景

在 Claude Desktop 对话中直接调用本地工具，实现 AI 与系统的深度联动
通过自然语言驱动复杂的多步骤自动化任务，代替繁琐手动操作
将多个 MCP 工具组合使用，构建个人专属 AI 工作站

以下安装命令基于项目开发语言和类型自动生成，实际以官方 README 为准。

安装命令

# 方式一：通过 Claude Code CLI 一键安装
claude skill install https://github.com/rstierli/fortianalyzer-mcp

# 方式二：手动配置 claude_desktop_config.json
{
  "mcpServers": {
    "----mcp--": {
      "command": "npx",
      "args": ["-y", "fortianalyzer-mcp"]
    }
  }
}

# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json

📋 安装步骤说明

确认已安装 Node.js（v18 或以上版本）
打开 Claude Desktop 或 Claude Code 的 MCP 配置文件
按「交给 Agent 安装 → Claude Desktop」标签中的 JSON 配置填入 mcpServers 字段
保存配置文件并重启 Claude 客户端
重启后，在对话中即可使用本工具

以下用法示例由 AI Skill Hub 整理，涵盖最常见的使用场景。

常用命令 / 代码示例

# 安装后在 Claude 对话中直接使用
# 示例：
用户: 请帮我用 堡垒分析MCP工具 执行以下任务...
Claude: [自动调用 堡垒分析MCP工具 MCP 工具处理请求]

# 查看可用工具列表
# 在 Claude 中输入："列出所有可用的 MCP 工具"

以下配置示例基于典型使用场景生成，具体参数请参照官方文档调整。

配置示例

// claude_desktop_config.json 配置示例
{
  "mcpServers": {
    "____mcp__": {
      "command": "npx",
      "args": ["-y", "fortianalyzer-mcp"],
      "env": {
        // "API_KEY": "your-api-key-here"
      }
    }
  }
}

// 保存后重启 Claude Desktop 生效

📑 README 深度解析真实文档完整度 90/100 查看 GitHub 原文 →

以下内容由系统直接从 GitHub README 解析整理，保留代码块、表格与列表结构。

FortiAnalyzer MCP Server

A Model Context Protocol (MCP) server for FortiAnalyzer JSON-RPC API. This server enables AI assistants like Claude to interact with FortiAnalyzer for log analysis, reporting, security monitoring, and SOC operations.

Note: This is an independent open-source project and is not affiliated with, endorsed by, or supported by Fortinet, Inc. FortiAnalyzer is a trademark of Fortinet, Inc.

Disclaimer: This is an independent community project, not affiliated with or supported by Fortinet. Use at your own risk. Always validate changes in a non-production environment before applying to production systems.

Overview

This MCP server provides a comprehensive interface to FortiAnalyzer's capabilities, allowing AI assistants to:

Query and analyze security logs (traffic, threat, event logs)
Generate and download reports
Monitor real-time analytics via FortiView
Manage security alerts and incidents
Perform IOC (Indicators of Compromise) analysis
Manage devices and ADOMs

Features

Category	Capabilities
Log Analysis	Query traffic, security, and event logs with filters; get log statistics
PCAP Downloads	Search IPS logs, download PCAP files by session ID or bulk download matching criteria
Reports	List layouts, run reports, monitor progress, download in PDF/HTML/CSV/XML
FortiView Analytics	Top sources, destinations, applications, threats, websites, cloud apps
Alerts & Events	Get alerts, acknowledge, add comments, view alert logs and statistics
Incident Management	Create, update, track incidents; get incident statistics
IOC Analysis	Run IOC rescans, check license status, view rescan history
Device Management	List/add/delete devices, manage device groups and VDOMs
System	System status, HA status, ADOM management, task monitoring

Requirements

Python: 3.12 or higher
FortiAnalyzer: 7.x with JSON-RPC API access enabled
Authentication: API token (recommended) or username/password
Network: HTTPS access to FortiAnalyzer management interface

Install dependencies

uv sync ```

Required when running HTTP mode reachable beyond localhost — without it,

Install dev dependencies

uv sync --all-extras

Run integration tests (requires live FAZ)

pytest tests/integration/ -v ```

Note: Integration tests are verified against FortiAnalyzer 7.6.2. Some features (like API rate limiting) require FAZ 7.6.5+.

Installation

Install package

pip install -e . ```

Using Docker

Pre-built images are available on GitHub Container Registry:

docker pull ghcr.io/rstierli/fortianalyzer-mcp:latest

Quick start with Docker Compose:

```yaml

docker-compose.yml

services: fortianalyzer-mcp: image: ghcr.io/rstierli/fortianalyzer-mcp:latest container_name: fortianalyzer-mcp restart: unless-stopped ports: - "8001:8001" env_file: - .env environment: - MCP_SERVER_MODE=http - MCP_SERVER_HOST=0.0.0.0 - MCP_SERVER_PORT=8001 - FORTIANALYZER_HOST=your-faz-hostname - FORTIANALYZER_VERIFY_SSL=true - DEFAULT_ADOM=root - FAZ_TOOL_MODE=full - LOG_LEVEL=INFO


> **Security:** Keep `FORTIANALYZER_VERIFY_SSL=true`. For a self-signed FAZ,
> import the FAZ CA certificate into the container trust store rather than
> disabling verification (disabling it exposes the FAZ API token to MITM).
> In HTTP mode, binding to `0.0.0.0` with no `MCP_AUTH_TOKEN` leaves every tool
> unauthenticated — always set a strong token (below) and, where possible,
> publish the port only on an internal interface (e.g. `127.0.0.1:8001:8001`).

Create a `.env` file for secrets (not tracked in git):

bash

HTTP Authentication (optional, recommended for Docker/HTTP deployments)

Allowed Host headers for HTTP/Docker deployments (optional)

Using the installed command

fortianalyzer-mcp

Docker Mode

```bash

Production Deployment (Reverse Proxy)

For production deployments behind a TLS-terminating reverse proxy:

MCP Client → HTTPS → Reverse Proxy (Traefik/nginx) → HTTP → MCP Container → FortiAnalyzer

Key considerations:

MCP_ALLOWED_HOSTS — The MCP SDK validates the Host header to prevent DNS rebinding attacks. By default only localhost and 127.0.0.1 are accepted. Set this to the value clients put in their connection URL (NOT the client's IP):

   # Reverse-proxy hostname (Traefik/nginx):
   MCP_ALLOWED_HOSTS=["mcp.example.com"]
   # Direct Docker exposure on IP+port:
   MCP_ALLOWED_HOSTS=["10.1.5.62:8001"]
   # Port wildcard (any port on the host):
   MCP_ALLOWED_HOSTS=["10.1.5.62:*"]

MCP_AUTH_TOKEN — Always set a Bearer token for HTTP deployments. If it is unset, the server runs fail-open: every tool (log search, device add/delete, PCAP download) is exposed unauthenticated to anyone who can reach the port.

   MCP_AUTH_TOKEN=$(openssl rand -hex 32)

Secrets management — Keep API tokens and auth tokens in an env_file (.env), not inline in docker-compose.yml.

Example with Traefik:

services:
  fortianalyzer-mcp:
    image: ghcr.io/rstierli/fortianalyzer-mcp:latest
    container_name: fortianalyzer-mcp
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    env_file:
      - .env
    environment:
      - MCP_SERVER_MODE=http
      - MCP_SERVER_HOST=0.0.0.0
      - MCP_SERVER_PORT=8001
      - FORTIANALYZER_HOST=your-faz-hostname
      - FORTIANALYZER_VERIFY_SSL=true
      - MCP_ALLOWED_HOSTS=["mcp.example.com"]
      - DEFAULT_ADOM=root
      - FAZ_TOOL_MODE=full
      - LOG_LEVEL=INFO
    networks:
      - frontend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.faz-mcp-secure.entrypoints=https"
      - "traefik.http.routers.faz-mcp-secure.rule=Host(`mcp.example.com`)"
      - "traefik.http.routers.faz-mcp-secure.tls=true"
      - "traefik.http.services.faz-mcp.loadbalancer.server.port=8001"
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

networks:
  frontend:
    external: true

Examples: ["mcp.example.com"], ["10.1.5.62:8001"], or wildcard ["10.1.5.62:*"]

MCP_ALLOWED_HOSTS=["mcp.example.com"]

```

Usage Examples

Create and activate virtual environment

uv venv source .venv/bin/activate # On Windows: .venv\Scripts\activate

Create virtual environment

python -m venv .venv source .venv/bin/activate

.env

FORTIANALYZER_API_TOKEN=your-api-token

Configuration

Environment Variables

Create a .env file from the example:

cp .env.example .env

Edit .env with your FortiAnalyzer settings:

```bash

Authentication Option 1: API Token (Recommended for FAZ 7.2.2+)

FORTIANALYZER_API_TOKEN=your-api-token-here

Authentication Option 2: Username/Password

Request Settings

FORTIANALYZER_TIMEOUT=30 FORTIANALYZER_MAX_RETRIES=3

Default ADOM (optional, defaults to "root")

DEFAULT_ADOM=root

Then update the "command" path in claude_desktop_config.json

```

Fix (alternative): grant Claude Desktop Full Disk Access — System Settings → Privacy & Security → Full Disk Access → add Claude. Broader permission; only use if relocation isn't feasible.

Set up environment

export FORTIANALYZER_HOST=your-faz-host export FORTIANALYZER_API_TOKEN=your-token

Set in .env or environment

MCP_AUTH_TOKEN=your-secret-token ```

When configured, all HTTP requests (except /health) must include the Authorization: Bearer <token> header. If not set, the server runs fail-open: it accepts all requests without authentication (kept for backwards compatibility). In HTTP mode this means every tool — including device add/delete and PCAP download — is reachable by anyone who can connect to the port. Always set MCP_AUTH_TOKEN for any HTTP deployment reachable beyond 127.0.0.1, and prefer binding to an internal interface.

Environment File Permissions

Protect your .env files containing API tokens:

chmod 600 .env .env.*

The MCP SDK rejects non-localhost Host headers by default for DNS rebinding protection.

Generating an API Token

Log into FortiAnalyzer web interface
Go to System Settings > Admin > Administrators
Edit your admin user or create a new one
Under JSON API Access, click Regenerate or New API Key
Copy the generated token

API Reference

The server communicates with FortiAnalyzer using the JSON-RPC API over HTTPS. All requests are sent to the /jsonrpc endpoint.

Or using Python module

python -m fortianalyzer_mcp ```

Claude Desktop Integration

Add to your Claude Desktop configuration file:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "fortianalyzer": {
      "command": "/path/to/fortianalyzer-mcp/.venv/bin/fortianalyzer-mcp",
      "env": {
        "FORTIANALYZER_HOST": "your-faz-hostname",
        "FORTIANALYZER_API_TOKEN": "your-api-token",
        "FORTIANALYZER_VERIFY_SSL": "true",
        "DEFAULT_ADOM": "root",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}

Note: Use the full path to the fortianalyzer-mcp executable in your virtual environment. The DEFAULT_ADOM setting is optional and defaults to "root" if not specified.

Claude Code Integration

Add to ~/.claude/mcp_servers.json:

{
  "mcpServers": {
    "fortianalyzer": {
      "command": "/path/to/fortianalyzer-mcp/.venv/bin/fortianalyzer-mcp",
      "env": {
        "FORTIANALYZER_HOST": "your-faz-hostname",
        "FORTIANALYZER_API_TOKEN": "your-api-token",
        "FORTIANALYZER_VERIFY_SSL": "true",
        "DEFAULT_ADOM": "root",
        "LOG_LEVEL": "INFO"
      }
    }
  }
}