Skip to main content
MCP Servers / Tenable SC AI Analyst

Tenable SC AI Analyst

Contributed

An MCP server that turns Tenable Security Center into a conversational vulnerability analyst — query exposure, top risks, remediation, hosts, plugins and feed health in plain language.

Author ayuksel-tenb
Transport stdio
Runtime python
Auth api-key
License MIT
Added Jun 18, 2026
View on GitHub →

Compatible Clients

Claude CodeClaude DesktopCursorWindsurfVS Code Copilot

Integrations

Tenable

Tools (25)

  1. sc_list_vulnerabilities

    List vulnerability findings (listvuln, or vulndetails for full detail).

  2. sc_vuln_summary_by_host

    Vulnerability counts grouped by host/IP (sumip).

  3. sc_vuln_summary_by_plugin

    Vulnerability counts grouped by plugin (sumid).

  4. sc_vuln_summary_by_severity

    Vulnerability counts grouped by severity (sumseverity).

  5. sc_vuln_summary_by_cve

    Vulnerability counts grouped by CVE (sumcve).

  6. sc_remediation_summary

    Remediation rollup — the fixes that clear the most risk (sumremediation).

  7. sc_vuln_trend

    Vulnerability trend over time (trend).

  8. sc_analysis_query

    Escape hatch: run an arbitrary /rest/analysis query (raw type/tool/filters).

  9. sc_list_assets

    List asset lists/groups.

  10. sc_get_asset

    Get one asset list by ID.

  11. sc_list_repositories

    List repositories.

  12. sc_list_solutions

    List solutions via the remediation analysis.

  13. sc_get_solution

    Get the remediation/solution text for a plugin.

  14. sc_search_plugins

    Search the plugin catalog by name keyword.

  15. sc_get_plugin

    Get full detail for one plugin.

  16. sc_list_queries

    List saved queries.

  17. sc_run_query

    Run a saved query by ID.

  18. sc_list_scan_results

    List scan results.

  19. sc_get_scan_result

    Get one scan result by ID.

  20. sc_feed_status

    Report plugin/feed freshness — when each feed was last updated.

  21. sc_list_scanners

    List Nessus scanners and their status.

  22. sc_create_accept_risk_rule

    Write (gated by SC_ENABLE_WRITES): create an Accept Risk rule. Persistent change.

  23. sc_create_recast_risk_rule

    Write (gated by SC_ENABLE_WRITES): create a Recast Risk rule. Persistent change.

  24. sc_create_ticket

    Write (gated by SC_ENABLE_WRITES): create a remediation ticket. Persistent change.

  25. sc_launch_scan

    Write (gated by SC_ENABLE_WRITES): launch a scan. Persistent change.

Tags

tenablesecurity-centervulnerability-managementvulnerability-analysismcp

Connect an AI assistant (Claude Code, OpenCode, or any MCP client) directly to Tenable Security Center (Tenable.sc) and investigate your exposure in plain language — the agent calls the right Security Center analysis and answers from live data, no clicking through the console.

What it does

  • Answers natural-language questions via the right /rest/analysis query: severity / host / plugin / CVE / remediation summaries, vulnerability trends, or a raw analysis query.
  • Surfaces context on demand: assets, repositories, solutions, plugins, saved queries, scan results, scanners, and plugin-feed freshness.
  • Authenticates with API keys via the x-apikey header (read from the environment) — no session token is ever created.
  • Keeps side-effecting actions (accept/recast risk rules, tickets, launch scan) off by default behind an explicit SC_ENABLE_WRITES flag, each clearly marked as a persistent change.
  • Never touches Token / SAML / LDAP / User / Role / Director endpoints.

How it works

Built on the official MCP SDK’s FastMCP (Python 3.12), the server wraps the Tenable.sc REST API — primarily /rest/analysis — behind a small set of read-focused tools that share one reusable filter set (severity, plugin, IP, repository, last-seen, exploit-available, CVE) with offset pagination. A single async HTTP client handles auth and error handling for every request. Read tools are always available; the isolated write tools are registered only when writes are explicitly enabled.