Model Context Protocol (MCP)
Unizo offers an MCP server that integrates vulnerability management systems with any LLM provider supporting the MCP protocol. This enables your AI agent to query vulnerabilities, analyze asset risks, and automate security assessments across Nessus, Qualys, Rapid7, and other vulnerability scanners via a single MCP server.
Supported Tools & Use Cases
The following tools are available in the VMS MCP Server:
| Tool Name | Description |
|---|---|
vms_list_connectors | Get list of available vulnerability management services |
vms_list_integrations | Get integrations for a specific VMS service |
vms_list_vulnerabilities | Browse vulnerabilities with filtering and pagination |
vms_get_vulnerability_summary | Retrieve comprehensive vulnerability information |
vms_list_assets | Browse assets with pagination and sorting |
vms_get_asset_details | Retrieve detailed asset information |
vms_get_asset_risk_assessment | Get risk assessment for a specific asset |
vms_list_scans | Browse vulnerability scans |
vms_get_scan_details | Retrieve detailed scan information |
Tool Reference
Service Discovery Tools
vms_list_connectors
Get list of available vulnerability management services
Parameters: None
Returns: List of available VMS services (e.g., Nessus, Qualys, Rapid7)
Example Response:
[
{"name": "nessus"},
{"name": "qualys"},
{"name": "rapid7"},
{"name": "tenable"}
]
vms_list_integrations
Get integrations for a specific VMS service
Parameters:
connector(string, required): Name of the service (e.g., "nessus", "qualys")
Returns: List of integrations available for the specified service
Example Response:
[
{
"id": "integration-123",
"name": "Production Nessus"
},
{
"id": "integration-456",
"name": "Development Qualys"
}
]
Vulnerability Management Tools
vms_list_vulnerabilities
Browse vulnerabilities with filtering and pagination
Parameters:
integration_id(string, required): Unique identifier for the integration
Returns: Paginated list of vulnerabilities
Example Response:
{
"status": "success",
"message": "Retrieved 25 vulnerabilities",
"data": {
"vulnerabilities": [
{
"id": "CVE-2024-12345",
"name": "CVE-2024-12345",
"title": "Critical SQL Injection Vulnerability",
"description": "A critical SQL injection vulnerability exists in the web application authentication module",
"severity": "CRITICAL",
"cvss": {
"version": "3.1",
"baseScore": 9.8,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
"cve": {
"id": "CVE-2024-12345",
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-12345",
"https://www.exploit-db.com/exploits/51234"
],
"publishedDate": "2024-10-15T08:00:00Z",
"lastModifiedDate": "2024-11-01T12:30:00Z"
},
"cwe": {
"id": "CWE-89",
"name": "SQL Injection"
},
"state": "ACTIVE",
"firstDetected": "2024-10-20T14:30:00Z",
"lastDetected": "2024-11-05T09:15:00Z",
"affectedAssetsCount": 12,
"changeLog": {
"createdDateTime": "2024-10-20T14:30:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z"
}
},
{
"id": "CVE-2024-54321",
"name": "CVE-2024-54321",
"title": "Remote Code Execution in Apache Struts",
"description": "Remote code execution vulnerability in Apache Struts 2.x framework",
"severity": "HIGH",
"cvss": {
"version": "3.1",
"baseScore": 8.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
"cve": {
"id": "CVE-2024-54321",
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-54321",
"https://struts.apache.org/security/"
],
"publishedDate": "2024-09-10T10:00:00Z",
"lastModifiedDate": "2024-10-15T16:45:00Z"
},
"cwe": {
"id": "CWE-94",
"name": "Code Injection"
},
"state": "ACTIVE",
"firstDetected": "2024-09-15T11:00:00Z",
"lastDetected": "2024-11-05T09:15:00Z",
"affectedAssetsCount": 8,
"changeLog": {
"createdDateTime": "2024-09-15T11:00:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z"
}
}
],
"pagination": {
"total": 250,
"offset": 0,
"limit": 20,
"next": 20,
"previous": null
},
"total_count": 250
}
}
vms_get_vulnerability_summary
Retrieve comprehensive vulnerability information
Parameters:
integration_id(string, required): Unique identifier for the integrationvulnerability_id(string, required): Unique identifier of the vulnerability (e.g., CVE ID)
Returns: Comprehensive vulnerability information including affected assets
Example Response:
{
"status": "success",
"message": "Retrieved vulnerability details for CVE-2024-12345",
"data": {
"vulnerability": {
"id": "CVE-2024-12345",
"name": "CVE-2024-12345",
"title": "Critical SQL Injection Vulnerability in Web Application",
"description": "A critical SQL injection vulnerability exists in the web application authentication module. Attackers can bypass authentication and execute arbitrary SQL commands, potentially leading to complete database compromise. This vulnerability affects versions 2.0 through 2.8 of the application.",
"severity": "CRITICAL",
"cvss": {
"version": "3.1",
"baseScore": 9.8,
"temporalScore": 9.5,
"environmentalScore": 9.2,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"cve": {
"id": "CVE-2024-12345",
"references": [
"https://nvd.nist.gov/vuln/detail/CVE-2024-12345",
"https://www.exploit-db.com/exploits/51234",
"https://github.com/security/advisories/CVE-2024-12345"
],
"publishedDate": "2024-10-15T08:00:00Z",
"lastModifiedDate": "2024-11-01T12:30:00Z"
},
"cwe": {
"id": "CWE-89",
"name": "SQL Injection",
"description": "Improper Neutralization of Special Elements used in an SQL Command"
},
"state": "ACTIVE",
"exploitAvailable": true,
"patchAvailable": true,
"vendorAdvisory": "https://vendor.com/security/advisory/CVE-2024-12345",
"solution": "Upgrade to version 2.9 or later. Apply security patch KB-2024-001.",
"affectedProducts": [
{
"vendor": "Acme Corp",
"product": "Web Application Framework",
"versions": ["2.0", "2.1", "2.2", "2.3", "2.4", "2.5", "2.6", "2.7", "2.8"]
}
],
"firstDetected": "2024-10-20T14:30:00Z",
"lastDetected": "2024-11-05T09:15:00Z",
"affectedAssetsCount": 12,
"affectedAssets": [
{
"id": "asset-web-01",
"name": "web-server-prod-01.example.com",
"ipAddress": "192.168.1.10",
"firstDetected": "2024-10-20T14:30:00Z"
},
{
"id": "asset-web-02",
"name": "web-server-prod-02.example.com",
"ipAddress": "192.168.1.11",
"firstDetected": "2024-10-21T09:00:00Z"
}
],
"changeLog": {
"createdDateTime": "2024-10-20T14:30:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z",
"createdBy": {
"href": "https://api.unizo.ai/api/v1/users/scanner-001",
"id": "scanner-001",
"firstName": "VMS",
"lastName": "Scanner"
},
"lastUpdatedBy": {
"href": "https://api.unizo.ai/api/v1/users/system-001",
"id": "system-001",
"firstName": "System",
"lastName": "Agent"
}
}
}
}
}
Asset Management Tools
vms_list_assets
Browse assets with pagination and sorting
Parameters:
integration_id(string, required): Unique identifier for the integration
Returns: Paginated list of assets
Example Response:
{
"status": "success",
"message": "Retrieved 35 assets",
"data": {
"assets": [
{
"id": "asset-web-01",
"name": "web-server-prod-01.example.com",
"type": "SERVER",
"state": "ACTIVE",
"ipAddresses": ["192.168.1.10", "10.0.1.10"],
"macAddresses": ["00:1A:2B:3C:4D:5E"],
"fqdn": "web-server-prod-01.example.com",
"operatingSystem": {
"name": "Ubuntu Linux",
"version": "22.04.3 LTS",
"family": "LINUX"
},
"location": {
"datacenter": "US-EAST-1",
"rack": "A-15",
"building": "Main Campus"
},
"network": {
"subnet": "192.168.1.0/24",
"vlan": "VLAN-100",
"gateway": "192.168.1.1"
},
"cloudMetadata": {
"provider": "AWS",
"accountId": "123456789012",
"region": "us-east-1",
"instanceId": "i-0abcd1234efgh5678",
"instanceType": "t3.large"
},
"vulnerabilityStats": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8,
"total": 27
},
"riskScore": 8.5,
"lastScanned": "2024-11-05T09:15:00Z",
"tags": [
{
"key": "Environment",
"value": "Production"
},
{
"key": "Application",
"value": "Web-Frontend"
}
],
"changeLog": {
"createdDateTime": "2023-06-10T12:00:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z"
}
},
{
"id": "asset-db-01",
"name": "database-prod-01.example.com",
"type": "DATABASE",
"state": "ACTIVE",
"ipAddresses": ["192.168.2.20"],
"macAddresses": ["00:1A:2B:3C:4D:5F"],
"fqdn": "database-prod-01.example.com",
"operatingSystem": {
"name": "Red Hat Enterprise Linux",
"version": "8.8",
"family": "LINUX"
},
"location": {
"datacenter": "US-EAST-1",
"rack": "B-10",
"building": "Main Campus"
},
"network": {
"subnet": "192.168.2.0/24",
"vlan": "VLAN-200",
"gateway": "192.168.2.1"
},
"vulnerabilityStats": {
"critical": 0,
"high": 2,
"medium": 8,
"low": 15,
"total": 25
},
"riskScore": 5.2,
"lastScanned": "2024-11-04T22:30:00Z",
"tags": [
{
"key": "Environment",
"value": "Production"
},
{
"key": "Criticality",
"value": "High"
}
],
"changeLog": {
"createdDateTime": "2023-05-15T10:00:00Z",
"lastUpdatedDateTime": "2024-11-04T22:30:00Z"
}
}
],
"pagination": {
"total": 350,
"offset": 0,
"limit": 20,
"next": 20,
"previous": null
},
"total_count": 350
}
}
vms_get_asset_details
Retrieve detailed asset information
Parameters:
integration_id(string, required): Unique identifier for the integrationasset_id(string, required): Unique identifier of the asset
Returns: Comprehensive asset information including vulnerabilities
Example Response:
{
"status": "success",
"message": "Retrieved asset details for asset-web-01",
"data": {
"asset": {
"id": "asset-web-01",
"name": "web-server-prod-01.example.com",
"type": "SERVER",
"state": "ACTIVE",
"ipAddresses": ["192.168.1.10", "10.0.1.10", "172.16.0.10"],
"macAddresses": ["00:1A:2B:3C:4D:5E", "00:1A:2B:3C:4D:5F"],
"fqdn": "web-server-prod-01.example.com",
"hostname": "web-server-prod-01",
"operatingSystem": {
"name": "Ubuntu Linux",
"version": "22.04.3 LTS",
"family": "LINUX",
"architecture": "x86_64",
"kernelVersion": "5.15.0-89-generic"
},
"hardware": {
"manufacturer": "Dell Inc.",
"model": "PowerEdge R740",
"serialNumber": "SN12345ABC",
"cpuCount": 2,
"cpuModel": "Intel Xeon Gold 6140",
"memoryGB": 128,
"diskGB": 2048
},
"location": {
"datacenter": "US-EAST-1",
"rack": "A-15",
"unit": "U20-U24",
"building": "Main Campus",
"floor": "2",
"room": "Server Room A"
},
"network": {
"subnet": "192.168.1.0/24",
"vlan": "VLAN-100",
"gateway": "192.168.1.1",
"dnsServers": ["8.8.8.8", "8.8.4.4"],
"openPorts": [22, 80, 443, 8080]
},
"cloudMetadata": {
"provider": "AWS",
"accountId": "123456789012",
"region": "us-east-1",
"availabilityZone": "us-east-1a",
"instanceId": "i-0abcd1234efgh5678",
"instanceType": "t3.large",
"vpcId": "vpc-12345678",
"subnetId": "subnet-abcdef12",
"securityGroups": ["sg-web-prod", "sg-common"]
},
"installedSoftware": [
{
"name": "Apache HTTP Server",
"version": "2.4.52",
"vendor": "Apache Software Foundation"
},
{
"name": "OpenSSL",
"version": "3.0.2",
"vendor": "OpenSSL Project"
},
{
"name": "PHP",
"version": "8.1.12",
"vendor": "PHP Group"
}
],
"vulnerabilityStats": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8,
"informational": 3,
"total": 30
},
"topVulnerabilities": [
{
"id": "CVE-2024-12345",
"title": "Critical SQL Injection Vulnerability",
"severity": "CRITICAL",
"cvssScore": 9.8
},
{
"id": "CVE-2024-54321",
"title": "Remote Code Execution in Apache Struts",
"severity": "HIGH",
"cvssScore": 8.1
}
],
"riskScore": 8.5,
"riskLevel": "HIGH",
"lastScanned": "2024-11-05T09:15:00Z",
"scanHistory": [
{
"scanId": "scan-12345",
"scanDate": "2024-11-05T09:15:00Z",
"vulnerabilitiesFound": 27
},
{
"scanId": "scan-12344",
"scanDate": "2024-10-29T09:00:00Z",
"vulnerabilitiesFound": 25
}
],
"tags": [
{
"key": "Environment",
"value": "Production",
"source": "Manual"
},
{
"key": "Application",
"value": "Web-Frontend",
"source": "Manual"
},
{
"key": "Owner",
"value": "DevOps Team",
"source": "CMDB"
}
],
"changeLog": {
"createdDateTime": "2023-06-10T12:00:00Z",
"lastUpdatedDateTime": "2024-11-05T09:15:00Z",
"createdBy": {
"href": "https://api.unizo.ai/api/v1/users/admin-001",
"id": "admin-001",
"firstName": "Admin",
"lastName": "User"
},
"lastUpdatedBy": {
"href": "https://api.unizo.ai/api/v1/users/scanner-001",
"id": "scanner-001",
"firstName": "VMS",
"lastName": "Scanner"
}
}
}
}
}
vms_get_asset_risk_assessment
Get risk assessment for a specific asset
Parameters:
integration_id(string, required): Unique identifier for the integrationasset_id(string, required): Unique identifier of the asset
Returns: Comprehensive risk assessment for the asset
Example Response:
{
"status": "success",
"message": "Retrieved risk assessment for asset-web-01",
"data": {
"riskAssessment": {
"assetId": "asset-web-01",
"assetName": "web-server-prod-01.example.com",
"overallRiskScore": 8.5,
"riskLevel": "HIGH",
"assessmentDate": "2024-11-05T09:15:00Z",
"riskFactors": {
"vulnerabilityRisk": {
"score": 9.2,
"weight": 0.4,
"description": "Asset has 2 critical and 5 high severity vulnerabilities"
},
"exposureRisk": {
"score": 8.5,
"weight": 0.3,
"description": "Asset is internet-facing with multiple open ports"
},
"assetCriticality": {
"score": 9.0,
"weight": 0.2,
"description": "Production asset handling sensitive data"
},
"patchCompliance": {
"score": 6.5,
"weight": 0.1,
"description": "Asset is missing 15 security patches"
}
},
"vulnerabilitySummary": {
"critical": 2,
"high": 5,
"medium": 12,
"low": 8,
"total": 27,
"exploitable": 3,
"patchAvailable": 18
},
"topRisks": [
{
"vulnerability": "CVE-2024-12345",
"title": "Critical SQL Injection Vulnerability",
"severity": "CRITICAL",
"cvssScore": 9.8,
"exploitAvailable": true,
"riskContribution": 35
},
{
"vulnerability": "CVE-2024-54321",
"title": "Remote Code Execution",
"severity": "HIGH",
"cvssScore": 8.1,
"exploitAvailable": true,
"riskContribution": 25
}
],
"recommendations": [
{
"priority": "CRITICAL",
"action": "Apply security patch for CVE-2024-12345 immediately",
"expectedRiskReduction": 35,
"estimatedEffort": "2 hours"
},
{
"priority": "HIGH",
"action": "Upgrade Apache Struts to latest version",
"expectedRiskReduction": 25,
"estimatedEffort": "4 hours"
},
{
"priority": "MEDIUM",
"action": "Review and restrict open ports on firewall",
"expectedRiskReduction": 15,
"estimatedEffort": "1 hour"
}
],
"complianceStatus": {
"pci": {
"compliant": false,
"violations": ["ASV scan findings", "Patch management"]
},
"hipaa": {
"compliant": false,
"violations": ["Technical safeguards"]
}
},
"trendAnalysis": {
"riskScoreChange30Days": 1.2,
"newVulnerabilities30Days": 5,
"resolvedVulnerabilities30Days": 3
}
}
}
}
Scan Management Tools
vms_list_scans
Browse vulnerability scans
Parameters:
integration_id(string, required): Unique identifier for the integration
Returns: Paginated list of scans
Example Response:
{
"status": "success",
"message": "Retrieved 10 scans",
"data": {
"scans": [
{
"id": "scan-12345",
"name": "Weekly Production Scan - Nov 5",
"status": "COMPLETED",
"type": "SCHEDULED",
"startTime": "2024-11-05T09:00:00Z",
"endTime": "2024-11-05T11:45:00Z",
"duration": 9900,
"targetCount": 150,
"targetsScanned": 150,
"vulnerabilitiesFound": 425,
"vulnerabilityDistribution": {
"critical": 15,
"high": 45,
"medium": 180,
"low": 185
},
"scanner": {
"name": "Nessus Scanner 01",
"version": "10.6.2"
},
"changeLog": {
"createdDateTime": "2024-11-05T09:00:00Z",
"lastUpdatedDateTime": "2024-11-05T11:45:00Z"
}
},
{
"id": "scan-12344",
"name": "Weekly Production Scan - Oct 29",
"status": "COMPLETED",
"type": "SCHEDULED",
"startTime": "2024-10-29T09:00:00Z",
"endTime": "2024-10-29T11:30:00Z",
"duration": 9000,
"targetCount": 148,
"targetsScanned": 148,
"vulnerabilitiesFound": 398,
"vulnerabilityDistribution": {
"critical": 12,
"high": 42,
"medium": 175,
"low": 169
},
"scanner": {
"name": "Nessus Scanner 01",
"version": "10.6.1"
},
"changeLog": {
"createdDateTime": "2024-10-29T09:00:00Z",
"lastUpdatedDateTime": "2024-10-29T11:30:00Z"
}
}
],
"pagination": {
"total": 50,
"offset": 0,
"limit": 20,
"next": 20,
"previous": null
},
"total_count": 50
}
}
vms_get_scan_details
Retrieve detailed scan information
Parameters:
integration_id(string, required): Unique identifier for the integrationscan_id(string, required): Unique identifier of the scan
Returns: Comprehensive scan information
Example Response:
{
"status": "success",
"message": "Retrieved scan details for scan-12345",
"data": {
"scan": {
"id": "scan-12345",
"name": "Weekly Production Scan - Nov 5",
"description": "Scheduled weekly vulnerability scan of production infrastructure",
"status": "COMPLETED",
"type": "SCHEDULED",
"startTime": "2024-11-05T09:00:00Z",
"endTime": "2024-11-05T11:45:00Z",
"duration": 9900,
"policy": {
"id": "policy-001",
"name": "Production Security Baseline",
"description": "Comprehensive security scan policy for production assets"
},
"targets": {
"total": 150,
"scanned": 150,
"failed": 0,
"skipped": 0,
"ipRanges": ["192.168.1.0/24", "192.168.2.0/24", "10.0.0.0/16"]
},
"scanner": {
"id": "scanner-001",
"name": "Nessus Scanner 01",
"version": "10.6.2",
"location": "US-EAST-1"
},
"vulnerabilitySummary": {
"total": 425,
"critical": 15,
"high": 45,
"medium": 180,
"low": 185,
"informational": 0,
"exploitable": 12,
"patchAvailable": 250
},
"assetsSummary": {
"totalAssets": 150,
"vulnerableAssets": 98,
"cleanAssets": 52,
"highRiskAssets": 18
},
"topVulnerabilities": [
{
"id": "CVE-2024-12345",
"title": "Critical SQL Injection Vulnerability",
"severity": "CRITICAL",
"cvssScore": 9.8,
"affectedAssets": 12
},
{
"id": "CVE-2024-54321",
"title": "Remote Code Execution",
"severity": "HIGH",
"cvssScore": 8.1,
"affectedAssets": 8
}
],
"complianceResults": {
"pci": {
"passed": 85,
"failed": 15,
"compliancePercentage": 85
},
"hipaa": {
"passed": 92,
"failed": 8,
"compliancePercentage": 92
}
},
"schedule": {
"enabled": true,
"frequency": "WEEKLY",
"dayOfWeek": "TUESDAY",
"time": "09:00:00",
"timezone": "America/New_York",
"nextRun": "2024-11-12T09:00:00Z"
},
"changeLog": {
"createdDateTime": "2024-11-05T09:00:00Z",
"lastUpdatedDateTime": "2024-11-05T11:45:00Z",
"createdBy": {
"href": "https://api.unizo.ai/api/v1/users/admin-001",
"id": "admin-001",
"firstName": "Admin",
"lastName": "User"
},
"lastUpdatedBy": {
"href": "https://api.unizo.ai/api/v1/users/scanner-001",
"id": "scanner-001",
"firstName": "VMS",
"lastName": "Scanner"
}
}
}
}
}
Installation
Prerequisites
- A Unizo API key
- An active Vulnerability Management integration (Nessus, Qualys, Rapid7)
- Node.js v20 or higher
MCP Configuration
Here is an example configuration for setting up the Unizo VMS MCP server:
{
"mcpServers": {
"unizo-vms": {
"command": "npx",
"args": [
"mcp-remote",
"https://api.unizo.ai/mcp",
"--header",
"apikey:${UNIZO_API_KEY}",
"--header",
"x-mcp-scopes:vms"
],
"env": {
"UNIZO_API_KEY": "your_api_key"
}
}
}
}
Client Setup
For detailed setup instructions with specific AI clients:
Environment Variables
The following environment variables are required:
UNIZO_API_KEY: Your Unizo API key
Error Handling
All tools return errors in a consistent format:
{
"status": "error",
"message": "Asset 'asset-web-01' not found",
"traceback": "..."
}