Tenable SC AI Analyst
ContributedAn MCP server that turns Tenable Security Center into a conversational vulnerability analyst — query exposure, top risks, remediation, hosts, plugins and feed health in plain language.
Compatible Clients
Integrations
Tools (25)
- sc_list_vulnerabilities
List vulnerability findings (listvuln, or vulndetails for full detail).
- sc_vuln_summary_by_host
Vulnerability counts grouped by host/IP (sumip).
- sc_vuln_summary_by_plugin
Vulnerability counts grouped by plugin (sumid).
- sc_vuln_summary_by_severity
Vulnerability counts grouped by severity (sumseverity).
- sc_vuln_summary_by_cve
Vulnerability counts grouped by CVE (sumcve).
- sc_remediation_summary
Remediation rollup — the fixes that clear the most risk (sumremediation).
- sc_vuln_trend
Vulnerability trend over time (trend).
- sc_analysis_query
Escape hatch: run an arbitrary /rest/analysis query (raw type/tool/filters).
- sc_list_assets
List asset lists/groups.
- sc_get_asset
Get one asset list by ID.
- sc_list_repositories
List repositories.
- sc_list_solutions
List solutions via the remediation analysis.
- sc_get_solution
Get the remediation/solution text for a plugin.
- sc_search_plugins
Search the plugin catalog by name keyword.
- sc_get_plugin
Get full detail for one plugin.
- sc_list_queries
List saved queries.
- sc_run_query
Run a saved query by ID.
- sc_list_scan_results
List scan results.
- sc_get_scan_result
Get one scan result by ID.
- sc_feed_status
Report plugin/feed freshness — when each feed was last updated.
- sc_list_scanners
List Nessus scanners and their status.
- sc_create_accept_risk_rule
Write (gated by SC_ENABLE_WRITES): create an Accept Risk rule. Persistent change.
- sc_create_recast_risk_rule
Write (gated by SC_ENABLE_WRITES): create a Recast Risk rule. Persistent change.
- sc_create_ticket
Write (gated by SC_ENABLE_WRITES): create a remediation ticket. Persistent change.
- sc_launch_scan
Write (gated by SC_ENABLE_WRITES): launch a scan. Persistent change.
Tags
Connect an AI assistant (Claude Code, OpenCode, or any MCP client) directly to Tenable Security Center (Tenable.sc) and investigate your exposure in plain language — the agent calls the right Security Center analysis and answers from live data, no clicking through the console.
What it does
- Answers natural-language questions via the right
/rest/analysisquery: severity / host / plugin / CVE / remediation summaries, vulnerability trends, or a raw analysis query. - Surfaces context on demand: assets, repositories, solutions, plugins, saved queries, scan results, scanners, and plugin-feed freshness.
- Authenticates with API keys via the
x-apikeyheader (read from the environment) — no session token is ever created. - Keeps side-effecting actions (accept/recast risk rules, tickets, launch scan) off by default behind an explicit
SC_ENABLE_WRITESflag, each clearly marked as a persistent change. - Never touches Token / SAML / LDAP / User / Role / Director endpoints.
How it works
Built on the official MCP SDK’s FastMCP (Python 3.12), the server wraps the Tenable.sc REST API — primarily /rest/analysis — behind a small set of read-focused tools that share one reusable filter set (severity, plugin, IP, repository, last-seen, exploit-available, CVE) with offset pagination. A single async HTTP client handles auth and error handling for every request. Read tools are always available; the isolated write tools are registered only when writes are explicitly enabled.