Sysdig MCP Server Integration
The Sysdig MCP Server is an implementation of the Model Context Protocol (MCP) that lets LLMs and AI clients query and interact with the Sysdig Secure platform in a structured, extensible way. It bridges AI workflows and the Sysdig API, exposing tools, resources, and contextual data for informed, security-aware actions.
Sysdig now hosts the MCP server for you, per region. You register it once with your AI client and authenticate through a one-time OAuth sign-in. There is no server to install or run, and no API token to manage. If your region is not yet supported, or you need a headless deployment, you can self-host the server instead.
It enables AI clients to:
- Retrieve vulnerability findings, runtime threats, and posture results from Sysdig Secure
- List workload inventory, zones, and tenant settings
- Generate and run SysQL queries from natural language
- Tie together AI prompts, context, and Sysdig data to support security decisions
Your AI client speaks MCP to the Sysdig MCP server, which then calls the Sysdig APIs on your behalf to fulfill each request.
Hosted MCP Server
The hosted server is reachable over HTTPS, per region, and authenticated with OAuth. This is the recommended way to connect.
Prerequisites
- A Sysdig Secure account in a supported region
- An MCP-capable AI client, such as Claude Code, Cursor, OpenAI Codex, OpenCode, or Claude Desktop
- Network connectivity from your client to your region’s Sysdig endpoint
- A browser for the one-time OAuth sign-in
No API token is required for the hosted server.
Find Your Region’s URL
The hosted server lives at <region-url>/mcp/secure. Identify your region from the Sysdig UI URL you see in your browser when signed in to Sysdig Secure, then use the matching MCP Server URL in the registration steps below.
| Region | Code | Sysdig UI URL | MCP Server URL |
|---|---|---|---|
| US East (N. Virginia) | us1 | https://secure.sysdig.com | https://secure.sysdig.com/mcp/secure |
| US West (Oregon) | us2 | https://us2.app.sysdig.com | https://us2.app.sysdig.com/mcp/secure |
| US West (Dallas) | us4 | https://app.us4.sysdig.com | https://app.us4.sysdig.com/mcp/secure |
| EU Central (Frankfurt) | eu1 | https://eu1.app.sysdig.com | https://eu1.app.sysdig.com/mcp/secure |
| EU North (Stockholm) | eu2 | https://app.eu2.sysdig.com | https://app.eu2.sysdig.com/mcp/secure |
| Asia Pacific (Sydney) | au1 | https://app.au1.sysdig.com | https://app.au1.sysdig.com/mcp/secure |
| Asia Pacific (Mumbai) | in1 | https://app.in1.sysdig.com | https://app.in1.sysdig.com/mcp/secure |
| Middle East (Dammam) | me2 | https://app.me2.sysdig.com | https://app.me2.sysdig.com/mcp/secure |
If your region is not listed, the hosted server is not available there. Tenants in an unlisted region can still use the MCP server by self-hosting and registering that URL instead.
Register the Server in Claude Code
Run the following command, substituting your region’s MCP Server URL from the table above:
claude mcp add --transport http secure-mcp-server https://us2.app.sysdig.com/mcp/secure
Keep the server name as secure-mcp-server. The registration is saved automatically; there is no environment variable to set or persist. Add --scope user to make the registration available across all your projects, or use the default (local) for the current project only. Restart Claude Code if it was already running.
Authenticate
The first time a Sysdig tool or skill needs the server, run /mcp, select secure-mcp-server, and select Authenticate. Your browser opens for a one-time OAuth sign-in, and the session is then authenticated for the rest of your work.
Configure Other AI Clients
Every MCP-capable client can use the same hosted server: an HTTP MCP server at your region’s /mcp/secure URL, authenticated through OAuth. The exact steps differ per client (a config file, a settings panel, or a CLI command), but the essentials are identical:
- Transport: HTTP (streamable)
- Server name:
secure-mcp-server - URL: your region’s MCP Server URL, for example
https://us2.app.sysdig.com/mcp/secure - Authentication: OAuth, no token. The client drives the browser flow on first request.
For clients that follow the standard MCP server schema, use a configuration snippet like the following. Edit the URL to match your region:
{
"mcpServers": {
"secure-mcp-server": {
"type": "http",
"url": "https://us2.app.sysdig.com/mcp/secure"
}
}
}
Consult your client’s MCP documentation for the exact configuration-file location and reload procedure.
Multi-region: There is no region-independent URL. Set the URL for your tenantβs region, and update it if you move to a different region.
Verify the Connection
In Claude Code, run:
claude mcp list
You should see a secure-mcp-server row with the status connected. In a running session, /mcp opens the MCP status panel, which shows the authentication state for each server.
For an end-to-end check, ask the agent to call get_customer_settings. If it returns a JSON object describing your tenant’s settings, the server is reachable and authenticated.
Troubleshooting
| Symptom | Cause and fix |
|---|---|
secure-mcp-server is missing from claude mcp list | The server was never registered. Run the registration command with your region’s MCP Server URL. |
Listed, but not connected | The server needs authentication. In a session, run /mcp, select secure-mcp-server, and select Authenticate. If OAuth previously succeeded but tools stopped working, the session token may have expired; authenticate again. |
| Network or DNS errors, or the wrong tenant responds | The registered URL is for the wrong region. Run claude mcp remove secure-mcp-server, then re-add it with the correct MCP Server URL from the region table. |
| The wrong server responds regardless of your registration | A secure-mcp-server entry hardcoded in a project .mcp.json, .claude/settings.local.json, or ~/.claude/settings.json takes precedence. Remove or correct that entry. |
Available Tools
The MCP server exposes tools that your AI client can call on your behalf. Available tools include:
| Tool | Description |
|---|---|
get_customer_settings | Retrieve your tenant’s Sysdig settings. |
list_zones | List the zones configured in your tenant. |
list_vulnerability_findings_by_image | List vulnerability findings for a given image. |
list_runtime_events | List runtime security events, with optional filters. |
generate_sysql | Translate a natural-language request into a SysQL query. |
run_sysql | Execute a SysQL query directly. |
test_posture_rego | Test a posture Rego policy. |
get_skill_state / save_skill_state | Read and persist skill state. |
This list is not exhaustive and changes between releases. For the authoritative, current list of tools and supported regions, see Register the Sysdig MCP server in the sysdig/skills repository.
API Permissions
When you use the hosted server with OAuth, the MCP server acts with your own Sysdig user’s permissions: you can use the tools your account already has access to. For self-hosted or token-based setups, ensure the token’s user or service account has the permissions for the tools in use.
Minimum Permissions Required
| Tool Category | Required Permissions | Sysdig UI Permission Names |
|---|---|---|
| Threat Detection (Events Feed) | policy-events.read | Threats: Policy Events (Read) |
| SysQL | sage.exec, risks.read | Sysdig Sage: Use Sysdig Sage chat (EXEC) + Risks: Access to risk feature (Read) |
Additional recommended permissions:
- Settings: API Access Token (View, Read, Edit)
Assign Permissions
To assign these permissions to a user or service account, do the following:
- Go to Settings > Access & Secrets | Roles in Sysdig Secure.
- Create a role with the permissions listed in Minimum Permissions Required.
- Assign the role to a service account or user.
- Use that account when authenticating to the MCP server.
Service account limitation (self-hosted or token-based setups only): The SysQL generation tool does not currently work with service account tokens and returns a 500 error. Use an API token associated with a regular user account for this tool. This does not affect the hosted server, which authenticates through OAuth as your own user account (service accounts cannot be used for OAuth sign-in).
Optional: Self-Host the MCP Server
If your region is not in the region table, or you need a headless or CI deployment, you can run the Sysdig MCP Server yourself and register its URL with your client.
Prerequisites
- Python 3.10+ (or as specified in the project)
- Access to a Sysdig Secure instance with an API token
- Network connectivity from the MCP server to Sysdig
- Docker for deployment (recommended)
API Token
To authenticate a self-hosted server to the Sysdig Secure platform, you need a Sysdig Secure API token.
To get your API token:
- Log in to your Sysdig Secure instance.
- Navigate to Settings > User Profile > Sysdig Secure API.
- Generate a new token or copy an existing one.
Environment Variables
| Variable | Description | Example |
|---|---|---|
SYSDIG_MCP_API_HOST | Sysdig Secure API base URL | https://us2.app.sysdig.com |
SYSDIG_MCP_API_SECURE_TOKEN | API token used to authenticate to Sysdig | your-secure-token |
SYSDIG_MCP_TRANSPORT | Transport mechanism (stdio, streamable-http, sse) | stdio |
SYSDIG_MCP_MOUNT_PATH | URL prefix for HTTP/SSE deployments | /sysdig-mcp-server |
SYSDIG_MCP_LOGLEVEL | Log level (DEBUG, INFO, WARNING, ERROR) | INFO |
SYSDIG_MCP_LISTENING_PORT | Port for HTTP/SSE servers | 8080 |
SYSDIG_MCP_LISTENING_HOST | Hostname for HTTP/SSE servers | localhost |
You can set these variables in your shell or in a .env file.
Example .env file:
# Required Configuration
SYSDIG_MCP_API_HOST=https://us2.app.sysdig.com
SYSDIG_MCP_API_SECURE_TOKEN=your-api-token-here
# Optional Configuration
SYSDIG_MCP_TRANSPORT=stdio
SYSDIG_MCP_LOGLEVEL=INFO
SYSDIG_MCP_LISTENING_PORT=8080
SYSDIG_MCP_LISTENING_HOST=localhost
SYSDIG_MCP_MOUNT_PATH=/sysdig-mcp-server
Run the Server with Docker
docker pull ghcr.io/sysdiglabs/sysdig-mcp-server:latest
docker run -e SYSDIG_MCP_API_HOST=<your_sysdig_host> \
-e SYSDIG_MCP_API_SECURE_TOKEN=<your_sysdig_secure_api_token> \
-e SYSDIG_MCP_TRANSPORT=stdio \
-p 8080:8080 \
ghcr.io/sysdiglabs/sysdig-mcp-server:latest
For HTTP/SSE transports, set SYSDIG_MCP_TRANSPORT=streamable-http:
docker run -e SYSDIG_MCP_TRANSPORT=streamable-http \
-e SYSDIG_MCP_API_HOST=<your_sysdig_host> \
-e SYSDIG_MCP_API_SECURE_TOKEN=<your_sysdig_secure_api_token> \
-p 8080:8080 \
ghcr.io/sysdiglabs/sysdig-mcp-server:latest
Connect a Client to a Self-Hosted Server
When using sse or streamable-http transport, the server expects a Bearer token in the HTTP header:
Authorization: Bearer <your_sysdig_secure_api_token>
X-Sysdig-Host: <your_sysdig_host>
If X-Sysdig-Host is not provided, the server uses the host from SYSDIG_MCP_API_HOST. The server URL for HTTP/SSE transports is:
http://<host>:<port>/sysdig-mcp-server/mcp
To configure the Claude Desktop app for a self-hosted server using stdio, add the following under mcpServers in Settings > Developer > Edit Config, then replace the placeholders and restart Claude Desktop:
{
"mcpServers": {
"sysdig-mcp-server": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"SYSDIG_MCP_API_HOST",
"-e",
"SYSDIG_MCP_TRANSPORT",
"-e",
"SYSDIG_MCP_API_SECURE_TOKEN",
"ghcr.io/sysdiglabs/sysdig-mcp-server"
],
"env": {
"SYSDIG_MCP_API_HOST": "<your_sysdig_host>",
"SYSDIG_MCP_API_SECURE_TOKEN": "<your_sysdig_secure_api_token>",
"SYSDIG_MCP_TRANSPORT": "stdio"
}
}
}
}
Security Considerations
| Area | Description |
|---|---|
| Authentication & Token Management | Prefer OAuth with the hosted server. For self-hosted or token-based setups, use short-lived or rotating tokens and avoid embedding static credentials. |
| Input Validation & Prompt Sanitization | Guard against prompt injection. Validate and sanitize client inputs before execution. |
| Least Privilege & Scope Limiting | Grant only the minimal required permissions for each use case. Avoid administrative tokens. |
| Context & Tenant Isolation | Ensure clients and tenants are isolated to prevent data leakage across contexts. |
| Audit Logging & Monitoring | Log client requests, tool invocations, and API interactions. Monitor for anomalies or abuse. |
| Transport Security | Use TLS and proper token handling for HTTP transports. Never send tokens in query parameters. |
