Cyberwatch MCP Server

Overview

The Model Context Protocol (MCP) is an open protocol that allows AI agents (Claude Desktop, ChatGPT, Gemini, etc.) to interact with external services. Cyberwatch embeds an MCP server that lets your AI agent operate Cyberwatch in natural language.

Connecting from your AI client

The MCP server URL to configure in your client is:

https://<your-instance>/api/v3/mcp

Authentication is handled automatically via OAuth 2.0: on first connection, your client opens a browser to log in to Cyberwatch and grant access.

Example: Claude Desktop

Add the following entry to your Claude Desktop configuration (claude_desktop_config.json):

{
  "mcpServers": {
    "cyberwatch": {
      "url": "https://<your-instance>/api/v3/mcp"
    }
  }
}

For other MCP compatible clients (ChatGPT, Gemini, Cursor, etc.), refer to the client’s own documentation for the configuration procedure.

Delegating authorization to a service account

By default, the AI agent acts with the permissions of the user who authenticated during the OAuth flow. It is possible to delegate this authorization to a dedicated service account.

To do so, log in to the Cyberwatch interface in a browser using the service account before initiating the MCP connection in the AI client. The OAuth flow will use the active session, and the agent will act with that account’s permissions.

This approach is useful for automated or shared use cases, to avoid exposing the permissions of a personal account.

What your AI agent can do

Once connected, the AI agent can interact with Cyberwatch to:

Browse assets and vulnerabilities

  • List and search assets (by hostname, IP address, operating system…)
  • View vulnerabilities associated with an asset
  • Access CVE scores and details

Manage scans

  • View ongoing network discoveries
  • Relaunch scans on assets

Track compliance

  • View compliance checks and their status
  • Access compliance results per asset

Manage patches

  • Initiate patching actions
  • Relaunch scheduled reboots

Patching and reboot operations are only available when the corresponding settings are enabled on the Cyberwatch instance. The agent’s permissions are always limited to the projects accessible to the connected account.

Supported standards

The Cyberwatch MCP server complies with the following standards:

  • Model Context Protocol — version 2025-06-18
  • OAuth 2.0 Authorization Server Metadata — RFC 8414
  • OAuth 2.0 Protected Resource Metadata — RFC 9728
  • OAuth 2.0 Dynamic Client Registration — RFC 7591
  • PKCE — RFC 7636 (S256 method required)
  • JSON-RPC 2.0

Back to top

English Français Español