Check Point MCP Servers
by
A collection of Model Context Protocol servers for Check Point security platforms, exposing structured security data through TypeScript packages.
Check Point MCP Servers Overview
What is Check Point MCP Servers about?
Provides individual MCP server packages that surface management, policy, logs, threat‑prevention, HTTPS inspection, SASE, reputation, gateway diagnostics, threat emulation, Gaia OS, documentation, Spark management, CPInfo analysis, Argos ERM and policy insights data as machine‑readable APIs.
How to use Check Point MCP Servers?
- Clone the repository and install dependencies with
npm install. - Build all packages (
npm run build) or build a specific server using Nx, e.g.,npx nx build @chkp/quantum-management-mcp. - Run a server in development mode with
npx nx run @chkp/quantum-management-mcp:devor the provided npm alias (npm run nx:dev:management). - Configure the MCP client to invoke the server via the generated npm package, typically using
npx @chkp/<package-name>and supplying any required environment variables.
Key features of Check Point MCP Servers
- Modular monorepo: each security domain is an isolated package.
- TypeScript implementation: strong typing and modern tooling.
- Nx workspace: efficient builds, testing, linting, and dependency graph.
- Broad coverage: management, logs, threat‑prevention, HTTPS inspection, SASE, reputation, gateway diagnostics, threat emulation, Gaia OS, documentation, Spark, CPInfo analysis, Argos ERM, policy insights.
- Telemetry opt‑out: disable anonymous usage collection via
TELEMETRY_DISABLED=true. - Security‑first design: credentials never sent to the model; only the server authenticates to Check Point devices.
Use cases of Check Point MCP Servers
- AI‑assisted security analytics: feed structured policy and log data to LLMs for automated audit and optimization.
- Automated policy compliance: query policy objects and rules to validate against standards.
- Incident investigation: retrieve connection logs, threat intel, and reputation data programmatically.
- Custom dashboards: build visualizations on top of the MCP endpoints.
- DevOps integration: incorporate security state checks into CI/CD pipelines.
FAQ from the Check Point MCP Servers
Q: Do I need to build the packages before using them?
A: Yes, running npm run build (or the Nx build command for a specific package) compiles the TypeScript sources.
Q: How do I authenticate the MCP server to my Check Point management system?
A: Set the required credentials as environment variables as documented in each package's README (e.g., CP_API_KEY, CP_USERNAME, CP_PASSWORD).
Q: Can I run multiple MCP servers simultaneously? A: Each server runs as an independent Node process; you can start as many as needed on different ports.
Q: How is telemetry handled?
A: Anonymous usage stats are sent by default; set TELEMETRY_DISABLED=true or use the --no-telemetry flag to opt out.
Q: What Node version is required?
A: The project targets Node 18+ (as defined in the engines field of the root package.json).
Check Point MCP Servers's README
Check Point MCP Servers
This repository contains a collection of Model Context Protocol (MCP) servers for Check Point security platforms, implemented in TypeScript. Each MCP server is organized as a separate package within this monorepo structure.
What is MCP?
Model Context Protocol (MCP) servers expose a structured, machine-readable API for your enterprise data—designed for AI-powered automation, copilots, and decision engines. By delivering a clear, contextual slice of your security environment, MCP lets you query, analyze, and optimize complex systems without building custom SDKs or parsing raw exports.
Why MCP for Check Point Security?
Security policies often span hundreds of rules and thousands of objects across diverse enforcement points. Understanding, auditing, or optimizing these environments is slow and error-prone.
MCP changes this: exposing security management data in a modular, context-rich format, ready for AI systems to consume. Enabling the AI to use your data with precision. Ask real-world questions, and get structured, actionable answers—instantly.
Repository Structure
This monorepo is organized with each Check Point security domain as a separate MCP server:
/packages- Contains all MCP server implementations and shared libraries/management- Management API MCP server for policy and object management/infra- Shared infrastructure components and utilities/management-logs- Management Logs MCP server for Check Point products/threat-prevention- Management API MCP Server for Threat Prevention policies/https-inspection- Management API MCP Server for Https Inspection policies/harmony-infra- Shared infrastructure components for Harmony products/harmony-sase- Harmony SASE MCP Server for SASE policy management/mcp-utils- Shared utilities for Check Point MCP servers/reputation-service- Reputation MCP Server/gw-cli-base- Base Infra for running Gateways scripts/gw-cli- Gateway Script MCP Server for Information, Perfomance and Diagnostics/gw-cli-connection-analysis- Gateway Script MCP Server to Analyze Connection Issues/threat-emulation- Threat Emulation MCP server for malware analysis and file scanning/gaia- GAIA OS MCP server for network management and interface configuration/documentation-tool- Check Point documentation assistant MCP server for product information and technical guidance/spark-management- Spark Management MCP server for Quantum Spark appliance management/cpinfo-analysis- CPInfo Analysis MCP server for Check Point appliance diagnostic file analysis and troubleshooting/argos-erm- Argos ERM MCP server for external risk management and threat intelligence/policy-insights- Policy Insights MCP server
Available MCP Servers
The following MCP servers are available in this repository:
| MCP Server | Package Name | Description |
|---|---|---|
| Management | @chkp/quantum-management-mcp |
Query policies, rules, objects, and network topology |
| Management Logs | @chkp/management-logs-mcp |
Make queries and gain insights from connection and audit logs |
| Threat-Prevention | @chkp/threat-prevention-mcp |
Query Threat Prevention policies, profiles and indicators, view IPS updates and IOC feeds |
| HTTPS-Inspection | @chkp/https-inspection-mcp |
Query Https Inspection policies, rules and exceptions |
| Harmony SASE | @chkp/harmony-sase-mcp |
Query and manage Harmony SASE Regions, Networks, Applications and configurations |
| Reputation Service | @chkp/reputation-service-mcp |
Query Url, IP and File Reputation |
| GW CLI | @chkp/quantum-gw-cli-mcp |
Provides comprehensive diagnostics and analysis across hardware, network configuration, high availability, performance, security, and real-time connection debugging |
| GW CLI Connection Analysis | @chkp/quantum-gw-connection-analysis-mcp |
Provides debug logs to help analyze connection issues |
| Threat Emulation | @chkp/threat-emulation-mcp |
Analyze files for malware and threats using Check Point's cloud services |
| Gaia | @chkp/quantum-gaia-mcp |
Network management and interface configuration for GAIA OS |
| Documentation Tool | @chkp/documentation-mcp |
Comprehensive Check Point documentation assistant providing instant access to product information, technical specifications, configuration guidance, and feature documentation across the entire Check Point security portfolio |
| Spark Management | @chkp/spark-management-mcp |
Manage and monitor Quantum Spark appliances for MSPs and distributed networks |
| Cpinfo analysis | @chkp/cpinfo-analysis-mcp |
Analyze CPInfo diagnostic files for system health, performance metrics, network configuration, and troubleshooting insights |
| Argos ERM | @chkp/argos-erm-mcp |
Monitor and investigate security threats across alerts, IOCs, assets, vulnerabilities, credential exposure, threat intelligence, and organizational risk assessment |
| Policy Insights | @chkp/policy-insights-mcp |
Query policy insights to tighten Access Control policies |
Example: Setting Up an MCP Server
Here's an example of how to configure the Management MCP server in your MCP client:
{
"MCP-NAME": {
"command": "npx",
"args": [
"@chkp/MCP_NPM_PACKAGE"
],
"env": {
// Specific server configuration
}
}
}
Each MCP server has its own specific configuration requirements. Please refer to the individual package README files for detailed setup instructions.
Getting Started for Development (Not needed for users who just wish to use the MCPs)
To work with this repository:
# Clone the repository
git clone [repository-url]
# Install dependencies
npm install
# Build all packages
npm run build
Nx Workspace Commands
This project uses Nx for managing the monorepo. You can use Nx commands to run tasks for specific packages:
Package Build Options:
- Alias:
npm run nx:build:<folder-name>(e.g.,management,harmony-sase,infra) - Direct Nx:
npx nx build <full-package-name>(e.g.,@chkp/quantum-management-mcp)
Running Development Mode
# Run @chkp/management in development mode
npx nx run @chkp/quantum-management-mcp:dev
# or using alias
npm run nx:dev:management
# Run https-inspection in development mode
npx nx run @chkp/https-inspection-mcp:dev
# or using alias
npm run nx:dev:https-inspection
Building Specific Packages
# Build https-inspection server
npx nx build @chkp/https-inspection-mcp
# or using alias
npm run nx:build:https-inspection
# Build threat-prevention server
npx nx build @chkp/threat-prevention-mcp
# or using alias
npm run nx:build:threat-prevention
Running Tests
# Run tests for a specific package
npx nx run @chkp/quantum-infra:test
# Run tests for all packages
npx nx run-many --target=test
Other Useful Nx Commands
# Show project graph
npx nx graph
# List all available projects
npx nx show projects
# Build all packages
npx nx run-many --target=build
# Lint all packages
npx nx run-many --target=lint
⚠️ Security Notice
- Authentication keys and credentials are never shared with the model. They are used only by the MCP server to authenticate with your Check Point management system.
- Only use client implementations you trust. Malicious or untrusted clients could misuse your credentials or access data improperly.
- Queried Data will be exposed to the model. Ensure that you only use models and providers that comply with your organization's policies for handling sensitive data and PII.
📊 Telemetry and Privacy
Check Point collects anonymous usage statistics to improve MCP servers. Only tool usage patterns and anonymous identifiers are collected—no credentials, policies, or sensitive data.
Opt-Out: Set TELEMETRY_DISABLED=true environment variable or use the --no-telemetry flag to disable telemetry collection.
Check Point MCP Servers Reviews
Login Required
Please log in to share your review and rating for this MCP.
Similar MCP Servers like Check Point MCP Servers
Explore related MCPs that share similar capabilities and solve comparable challenges
SafeLine
by chaitin
A self‑hosted web application firewall and reverse proxy that protects web applications from attacks and exploits by filtering, monitoring, and blocking malicious HTTP/S traffic.
SafeDep Vet
by safedep
Provides enterprise‑grade open source software supply chain security by scanning source code, dependencies, containers and SBOMs, detecting vulnerabilities and malicious packages, and enforcing policy as code.
Semgrep MCP Server
by semgrep
Offers an MCP server that lets LLMs, agents, and IDEs run Semgrep scans to detect security vulnerabilities in source code.
Burp MCP Server
by PortSwigger
Enables Burp Suite to communicate with AI clients via the Model Context Protocol, providing an MCP server and bundled stdio proxy.
Wazuh MCP Remote Server
by gensecaihq
Provides AI‑driven conversational access to Wazuh SIEM data, allowing natural‑language queries, threat analysis, incident triage, and compliance checks through a Model Context Protocol‑compliant remote server.
Cycode CLI
by cycodehq
Boost security in the development lifecycle via SAST, SCA, secrets, and IaC scanning.
Bugsy
by mobb-dev
Provides automatic security vulnerability remediation for code via a command‑line interface and an MCP server, leveraging findings from popular SAST tools such as Checkmarx, CodeQL, Fortify, and Snyk.
Keycloak MCP Server
by ChristophEnglisch
Provides AI‑powered administration of Keycloak users and realms through the Model Context Protocol, enabling automated creation, deletion, and listing of users and realms from MCP clients such as Claude Desktop.
OpenCTI MCP Server
by Spathodea-Network
Provides a Model Context Protocol server that enables querying and retrieving threat intelligence data from OpenCTI through a standardized interface.