Sysdig MCP Server Integration

The Sysdig MCP Server is an implementation of the Model Context Protocol (MCP) that lets LLMs and AI clients query and interact with the Sysdig Secure platform. Sysdig hosts the server for you per region, so you can register it with your AI client and authenticate through a one-time OAuth sign-in.

The Sysdig MCP Server is an implementation of the Model Context Protocol (MCP) that lets LLMs and AI clients query and interact with the Sysdig Secure platform in a structured, extensible way. It bridges AI workflows and the Sysdig API, exposing tools, resources, and contextual data for informed, security-aware actions.

Sysdig now hosts the MCP server for you, per region. You register it once with your AI client and authenticate through a one-time OAuth sign-in. There is no server to install or run, and no API token to manage. If your region is not yet supported, or you need a headless deployment, you can self-host the server instead.

It enables AI clients to:

  • Retrieve vulnerability findings, runtime threats, and posture results from Sysdig Secure
  • List workload inventory, zones, and tenant settings
  • Generate and run SysQL queries from natural language
  • Tie together AI prompts, context, and Sysdig data to support security decisions

Your AI client speaks MCP to the Sysdig MCP server, which then calls the Sysdig APIs on your behalf to fulfill each request.

Hosted MCP Server

The hosted server is reachable over HTTPS, per region, and authenticated with OAuth. This is the recommended way to connect.

Prerequisites

  • A Sysdig Secure account in a supported region
  • An MCP-capable AI client, such as Claude Code, Cursor, OpenAI Codex, OpenCode, or Claude Desktop
  • Network connectivity from your client to your region’s Sysdig endpoint
  • A browser for the one-time OAuth sign-in

No API token is required for the hosted server.

Find Your Region’s URL

The hosted server lives at <region-url>/mcp/secure. Identify your region from the Sysdig UI URL you see in your browser when signed in to Sysdig Secure, then use the matching MCP Server URL in the registration steps below.

RegionCodeSysdig UI URLMCP Server URL
US East (N. Virginia)us1https://secure.sysdig.comhttps://secure.sysdig.com/mcp/secure
US West (Oregon)us2https://us2.app.sysdig.comhttps://us2.app.sysdig.com/mcp/secure
US West (Dallas)us4https://app.us4.sysdig.comhttps://app.us4.sysdig.com/mcp/secure
EU Central (Frankfurt)eu1https://eu1.app.sysdig.comhttps://eu1.app.sysdig.com/mcp/secure
EU North (Stockholm)eu2https://app.eu2.sysdig.comhttps://app.eu2.sysdig.com/mcp/secure
Asia Pacific (Sydney)au1https://app.au1.sysdig.comhttps://app.au1.sysdig.com/mcp/secure
Asia Pacific (Mumbai)in1https://app.in1.sysdig.comhttps://app.in1.sysdig.com/mcp/secure
Middle East (Dammam)me2https://app.me2.sysdig.comhttps://app.me2.sysdig.com/mcp/secure

If your region is not listed, the hosted server is not available there. Tenants in an unlisted region can still use the MCP server by self-hosting and registering that URL instead.

Register the Server in Claude Code

Run the following command, substituting your region’s MCP Server URL from the table above:

claude mcp add --transport http secure-mcp-server https://us2.app.sysdig.com/mcp/secure

Keep the server name as secure-mcp-server. The registration is saved automatically; there is no environment variable to set or persist. Add --scope user to make the registration available across all your projects, or use the default (local) for the current project only. Restart Claude Code if it was already running.

Authenticate

The first time a Sysdig tool or skill needs the server, run /mcp, select secure-mcp-server, and select Authenticate. Your browser opens for a one-time OAuth sign-in, and the session is then authenticated for the rest of your work.

Configure Other AI Clients

Every MCP-capable client can use the same hosted server: an HTTP MCP server at your region’s /mcp/secure URL, authenticated through OAuth. The exact steps differ per client (a config file, a settings panel, or a CLI command), but the essentials are identical:

  • Transport: HTTP (streamable)
  • Server name: secure-mcp-server
  • URL: your region’s MCP Server URL, for example https://us2.app.sysdig.com/mcp/secure
  • Authentication: OAuth, no token. The client drives the browser flow on first request.

For clients that follow the standard MCP server schema, use a configuration snippet like the following. Edit the URL to match your region:

{
  "mcpServers": {
    "secure-mcp-server": {
      "type": "http",
      "url": "https://us2.app.sysdig.com/mcp/secure"
    }
  }
}

Consult your client’s MCP documentation for the exact configuration-file location and reload procedure.

Multi-region: There is no region-independent URL. Set the URL for your tenant’s region, and update it if you move to a different region.

Verify the Connection

In Claude Code, run:

claude mcp list

You should see a secure-mcp-server row with the status connected. In a running session, /mcp opens the MCP status panel, which shows the authentication state for each server.

For an end-to-end check, ask the agent to call get_customer_settings. If it returns a JSON object describing your tenant’s settings, the server is reachable and authenticated.

Troubleshooting

SymptomCause and fix
secure-mcp-server is missing from claude mcp listThe server was never registered. Run the registration command with your region’s MCP Server URL.
Listed, but not connectedThe server needs authentication. In a session, run /mcp, select secure-mcp-server, and select Authenticate. If OAuth previously succeeded but tools stopped working, the session token may have expired; authenticate again.
Network or DNS errors, or the wrong tenant respondsThe registered URL is for the wrong region. Run claude mcp remove secure-mcp-server, then re-add it with the correct MCP Server URL from the region table.
The wrong server responds regardless of your registrationA secure-mcp-server entry hardcoded in a project .mcp.json, .claude/settings.local.json, or ~/.claude/settings.json takes precedence. Remove or correct that entry.

Available Tools

The MCP server exposes tools that your AI client can call on your behalf. Available tools include:

ToolDescription
get_customer_settingsRetrieve your tenant’s Sysdig settings.
list_zonesList the zones configured in your tenant.
list_vulnerability_findings_by_imageList vulnerability findings for a given image.
list_runtime_eventsList runtime security events, with optional filters.
generate_sysqlTranslate a natural-language request into a SysQL query.
run_sysqlExecute a SysQL query directly.
test_posture_regoTest a posture Rego policy.
get_skill_state / save_skill_stateRead and persist skill state.

This list is not exhaustive and changes between releases. For the authoritative, current list of tools and supported regions, see Register the Sysdig MCP server in the sysdig/skills repository.

API Permissions

When you use the hosted server with OAuth, the MCP server acts with your own Sysdig user’s permissions: you can use the tools your account already has access to. For self-hosted or token-based setups, ensure the token’s user or service account has the permissions for the tools in use.

Minimum Permissions Required

Tool CategoryRequired PermissionsSysdig UI Permission Names
Threat Detection (Events Feed)policy-events.readThreats: Policy Events (Read)
SysQLsage.exec, risks.readSysdig Sage: Use Sysdig Sage chat (EXEC) + Risks: Access to risk feature (Read)

Additional recommended permissions:

  • Settings: API Access Token (View, Read, Edit)

Assign Permissions

To assign these permissions to a user or service account, do the following:

  1. Go to Settings > Access & Secrets | Roles in Sysdig Secure.
  2. Create a role with the permissions listed in Minimum Permissions Required.
  3. Assign the role to a service account or user.
  4. Use that account when authenticating to the MCP server.

Service account limitation (self-hosted or token-based setups only): The SysQL generation tool does not currently work with service account tokens and returns a 500 error. Use an API token associated with a regular user account for this tool. This does not affect the hosted server, which authenticates through OAuth as your own user account (service accounts cannot be used for OAuth sign-in).

Optional: Self-Host the MCP Server

If your region is not in the region table, or you need a headless or CI deployment, you can run the Sysdig MCP Server yourself and register its URL with your client.

Prerequisites

  • Python 3.10+ (or as specified in the project)
  • Access to a Sysdig Secure instance with an API token
  • Network connectivity from the MCP server to Sysdig
  • Docker for deployment (recommended)

API Token

To authenticate a self-hosted server to the Sysdig Secure platform, you need a Sysdig Secure API token.

To get your API token:

  1. Log in to your Sysdig Secure instance.
  2. Navigate to Settings > User Profile > Sysdig Secure API.
  3. Generate a new token or copy an existing one.

Environment Variables

VariableDescriptionExample
SYSDIG_MCP_API_HOSTSysdig Secure API base URLhttps://us2.app.sysdig.com
SYSDIG_MCP_API_SECURE_TOKENAPI token used to authenticate to Sysdigyour-secure-token
SYSDIG_MCP_TRANSPORTTransport mechanism (stdio, streamable-http, sse)stdio
SYSDIG_MCP_MOUNT_PATHURL prefix for HTTP/SSE deployments/sysdig-mcp-server
SYSDIG_MCP_LOGLEVELLog level (DEBUG, INFO, WARNING, ERROR)INFO
SYSDIG_MCP_LISTENING_PORTPort for HTTP/SSE servers8080
SYSDIG_MCP_LISTENING_HOSTHostname for HTTP/SSE serverslocalhost

You can set these variables in your shell or in a .env file.

Example .env file:

# Required Configuration
SYSDIG_MCP_API_HOST=https://us2.app.sysdig.com
SYSDIG_MCP_API_SECURE_TOKEN=your-api-token-here

# Optional Configuration
SYSDIG_MCP_TRANSPORT=stdio
SYSDIG_MCP_LOGLEVEL=INFO
SYSDIG_MCP_LISTENING_PORT=8080
SYSDIG_MCP_LISTENING_HOST=localhost
SYSDIG_MCP_MOUNT_PATH=/sysdig-mcp-server

Run the Server with Docker

docker pull ghcr.io/sysdiglabs/sysdig-mcp-server:latest

docker run -e SYSDIG_MCP_API_HOST=<your_sysdig_host> \
    -e SYSDIG_MCP_API_SECURE_TOKEN=<your_sysdig_secure_api_token> \
    -e SYSDIG_MCP_TRANSPORT=stdio \
    -p 8080:8080 \
    ghcr.io/sysdiglabs/sysdig-mcp-server:latest

For HTTP/SSE transports, set SYSDIG_MCP_TRANSPORT=streamable-http:

docker run -e SYSDIG_MCP_TRANSPORT=streamable-http \
    -e SYSDIG_MCP_API_HOST=<your_sysdig_host> \
    -e SYSDIG_MCP_API_SECURE_TOKEN=<your_sysdig_secure_api_token> \
    -p 8080:8080 \
    ghcr.io/sysdiglabs/sysdig-mcp-server:latest

Connect a Client to a Self-Hosted Server

When using sse or streamable-http transport, the server expects a Bearer token in the HTTP header:

Authorization: Bearer <your_sysdig_secure_api_token>
X-Sysdig-Host: <your_sysdig_host>

If X-Sysdig-Host is not provided, the server uses the host from SYSDIG_MCP_API_HOST. The server URL for HTTP/SSE transports is:

http://<host>:<port>/sysdig-mcp-server/mcp

To configure the Claude Desktop app for a self-hosted server using stdio, add the following under mcpServers in Settings > Developer > Edit Config, then replace the placeholders and restart Claude Desktop:

{
    "mcpServers": {
    "sysdig-mcp-server": {
        "command": "docker",
        "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "SYSDIG_MCP_API_HOST",
        "-e",
        "SYSDIG_MCP_TRANSPORT",
        "-e",
        "SYSDIG_MCP_API_SECURE_TOKEN",
        "ghcr.io/sysdiglabs/sysdig-mcp-server"
        ],
        "env": {
        "SYSDIG_MCP_API_HOST": "<your_sysdig_host>",
        "SYSDIG_MCP_API_SECURE_TOKEN": "<your_sysdig_secure_api_token>",
        "SYSDIG_MCP_TRANSPORT": "stdio"
        }
    }
    }
}

Security Considerations

AreaDescription
Authentication & Token ManagementPrefer OAuth with the hosted server. For self-hosted or token-based setups, use short-lived or rotating tokens and avoid embedding static credentials.
Input Validation & Prompt SanitizationGuard against prompt injection. Validate and sanitize client inputs before execution.
Least Privilege & Scope LimitingGrant only the minimal required permissions for each use case. Avoid administrative tokens.
Context & Tenant IsolationEnsure clients and tenants are isolated to prevent data leakage across contexts.
Audit Logging & MonitoringLog client requests, tool invocations, and API interactions. Monitor for anomalies or abuse.
Transport SecurityUse TLS and proper token handling for HTTP transports. Never send tokens in query parameters.