Releases: panther-labs/mcp-panther
v1.1.0
MCP Panther v1.1.0 Release Notes
Features & Enhancements
- ✨ Compatibility Mode: Added
--compat-modeflag to improve compatibility with Goose (#94) - 🛠️ Policy Tools: Implemented tools for List/Get Panther Policies (#79)
- 📊 Server Logging: Added log file option for improved server logging (#81)
- 🔍 Data Lake Query Management: Added comprehensive data lake query management tools with enhanced type safety (#96)
- 🏷️ MCP Server Badge: Added official badge for MCP server recognition (#90)
Documentation & Configuration
- 📝 Configuration Structure: Added glama.json and reorganized README files for better documentation (#77)
- 📋 Reporting Prompts: Improved organization and human readability of reporting prompts (#97)
Development & Infrastructure
- 🧹 Code Quality:
New Contributors
- @tabletcorry made their first contribution in #81
- @punkpeye made their first contribution in #90
Full Changelog: v1.0.0...v1.1.0
Contributors
Assets 4
v1.0.0
Panther MCP Server v1.0.0 🎉
We're excited to announce the first stable release of Panther MCP Server! This Model Context Protocol (MCP) server brings the power of Panther's security platform directly into your IDE and AI workflows.
What is Panther MCP Server?
Panther MCP Server enables security teams to interact with their Panther API through natural language directly from a development environment. Whether you're writing detection rules, investigating alerts, or querying security logs, you can now do it all conversationally with AI assistance.
Key Capabilities
🚨 Alert Management
- Triage, comment on, and resolve alerts individually or in bulk
- Query alerts with flexible filtering (severity, date range, status, assignee)
- Investigate alert events and analyze patterns across multiple alerts
- Update alert assignments and status tracking
📊 Interactive Data Analysis
- Query your security data lake using natural language
- Get sample log events for any log type to understand data structure
- Execute custom SQL queries against Panther's data warehouse
- Explore table schemas and available data sources
🔍 Detection Engineering
- Create, view, and modify Panther detection rules from your IDE using real log samples
- Access rule details, global helpers, and scheduled rules
- Disable problematic rules quickly during incidents
- Get rule performance metrics and alert statistics
📈 Security Metrics & Monitoring
- View alert trends by severity and detection rule
- Monitor data ingestion patterns and log source health
- Track rule effectiveness and alert volumes over time
Installation Options
Choose the method that works best for your environment:
- Docker: Containerized deployment for maximum isolation and security
- UV/Python: Direct installation for development and customization
- Multiple IDE Support: Works with Cursor, Claude Desktop, Goose, and other MCP-compatible clients
Production-Ready Security
This release includes comprehensive security best practices:
- Least-privilege API token configuration
- IP allowlist binding recommendations
- Docker sandboxing support
- Credential rotation guidelines
- Vulnerability scanning integration with
mcp-scan
Getting Started
- Set up your Panther API token with appropriate least privilege permissions
- Choose your installation method (Docker recommended for production)
- Configure your MCP client (Cursor, Claude Desktop, or Goose)
- Start querying: "Show me all high severity alerts from the last 24 hours"
Community & Support
This project is the result of a collaboration between Panther Labs and Block, with special thanks to the open-source community. We welcome contributions, bug reports, and feature requests through GitHub.
At this time, Panther does not offer official customer support for customers for MCP. For issues during setup or usage, please file an issue in the repository and we'll get back to you as soon as we can.
Ready to supercharge your security workflows with Panther? Get started with the installation guide and join our growing community of security teams using AI to detect, investigate, and respond to threats faster than ever.
Full Changelog: This is the first stable release.