AWS incident response and investigation tools

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for chatflowdev1208 from gravatar.com chatflowdev1208

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.10
Report project as malware

Project description

AWS‑IReveal‑MCP

AWS‑IReveal‑MCP is a Model Context Protocol (MCP) server designed to give security teams and incident responders a unified interface to AWS services useful for investigation. By connecting AWS‑IReveal‑MCP to any MCP client (such as Claude Desktop or Cline), you can invoke queries and analyses across multiple AWS services without leaving your LLM‑driven workspace.

Features

AWS‑IReveal‑MCP integrates with the following AWS services and functionalities:

  • CloudTrail — Management event logs for API activity
  • Amazon Athena — SQL queries over CloudTrail logs
  • CloudWatch — Operational logs and ad hoc analysis
  • Amazon GuardDuty — Threat detection and finding investigation
  • AWS Config — Resource configuration history and compliance status
  • VPC Flow Logs — Network traffic metadata for forensic analysis
  • Network Access Analyzer — Reachability checks across SG/NACL/VPC
  • IAM Access Analyzer — Policy and resource‑based access findings

Together, these services let you

  • Trace “who did what, when, and where” (CloudTrail, Config)
  • Examine detailed data events (Athena)
  • Search and visualize logs (CloudWatch, VPC Flow Logs)
  • Surface security alerts (GuardDuty, IAM Access Analyzer)
  • Verify network reachability and configuration (Network Access Analyzer)

Example Prompts

  • analyze activity by IP x.x.x.x in the last 5 days
  • analyze activity by role 'sysadmin' in the last 24 hours
  • investigate suspicious activity on cloudtrail in the last 7 days on us-west-2
  • is there any data event on buckets with name containing 'customers' in the last 7 days?
  • investigate cloudwatch logs related to Bedrock
  • propose remediations for GuardDuty findings with high risk happened in the last 2 days
  • identify non-compliant resources, explain violated rules, and suggest remediation

Installation

Prerequisites

  • Install UV with:
curl -Ls https://astral.sh/uv/install.sh | sh
  • Clone the repo and set up the environment (this will install the required dependencies):
git clone https://github.com/sysdiglabs/aws-ireveal-mcp.git
cd aws-ireveal-mcp
uv venv
source .venv/bin/activate

Configuration

Add the following configuration to your MCP client's settings file:

{
  "mcpServers": {
    "aws-ireveal": {
      "command": "uv",
      "args": [
        "--directory",
        "/path_to_your/aws-ireveal-mcp",
        "run",
        "server.py"
      ],
      "env": {
        "AWS_PROFILE": "<YOUR_PROFILE>"
      }
    }
  }
}

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for chatflowdev1208 from gravatar.com chatflowdev1208

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0.tar.gz (17.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0-py3-none-any.whl (18.1 kB view details)

Uploaded Python 3

File details

Details for the file iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0.tar.gz.

File metadata

  • Download URL: iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0.tar.gz
  • Upload date:
  • Size: 17.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0.tar.gz
Algorithm Hash digest
SHA256 b287988353c6ddf61166036243ad17a21205dc4537c24cd56ee2a528e00fe31e
MD5 206a9b0edf0abf4d3b8a2b579bc5cc3d
BLAKE2b-256 b2f4a08843bafe9c501b668fe3143b2bba332688ed1227ceaa752fa5d3bfad42

See more details on using hashes here.

File details

Details for the file iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 18.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.10.0 {"installer":{"name":"uv","version":"0.10.0","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Debian GNU/Linux","version":"13","id":"trixie","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for iflow_mcp_sysdiglabs_aws_ireveal_mcp-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ebf890d2a7657426b5dae48b4cf9565bdd0475b9fa6e6035f93469492e36a6ee
MD5 9cace8372d06349d0054b439c49023d5
BLAKE2b-256 7fe45db46f8fdc778b7a88e6a8f83296e7864686f88d65e93a4760c92aa134fb

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page