Skip to main content

Model Context Protocol (MCP)

Early Access

Try our newest feature! Only available through reach out. Contact us to join the early access program and get priority support.

Unizo offers an MCP server that integrates vulnerability management platforms with any LLM provider supporting the MCP protocol. This enables your AI agent to analyze vulnerabilities, prioritize remediation, and automate security workflows across Qualys, Tenable, Rapid7, and other vulnerability management solutions via a single MCP server.

Supported Tools & Use Cases

The following tools are available in the Vulnerability Management MCP Server:

Tool NameDescription
list_vulnerabilitiesBrowse vulnerabilities with advanced filtering and search capabilities
get_vulnerability_detailsRetrieve comprehensive vulnerability information including technical details and remediation guidance
list_assetsView scanned assets with their vulnerability status and metadata
get_asset_vulnerabilitiesCheck all vulnerabilities for specific assets with detailed context
analyze_riskCalculate risk scores and prioritize remediation based on multiple factors
track_remediationMonitor patching progress and remediation effectiveness

list_vulnerabilities

Browse vulnerabilities with advanced filtering and search capabilities

Parameters:

  • integration: Target vulnerability management platform (required)
  • severity: Filter by severity level (critical, high, medium, low)
  • status: Filter by vulnerability status (active, mitigated, false_positive)
  • asset_tags: Filter by asset tags or groups
  • cve_ids: Search for specific CVEs
  • published_after: Filter by publication date
  • exploitability: Filter by exploit availability
  • page: Pagination control
  • limit: Number of results per page

get_vulnerability_details

Retrieve comprehensive vulnerability information including technical details and remediation guidance

Parameters:

  • integration: Target vulnerability management platform (required)
  • vulnerability_id: Unique vulnerability identifier (required)
  • include_affected_assets: Include list of affected assets
  • include_remediation: Include detailed remediation steps
  • include_exploit_info: Include exploit availability and details
  • include_references: Include CVE references and links

list_assets

View scanned assets with their vulnerability status and metadata

Parameters:

  • integration: Target vulnerability management platform (required)
  • asset_type: Filter by asset type (server, workstation, network_device)
  • os_family: Filter by operating system family
  • criticality: Filter by asset criticality (critical, high, medium, low)
  • last_scan: Filter by last scan date
  • vulnerability_count: Filter by number of vulnerabilities
  • tags: Filter by asset tags
  • page: Pagination control
  • limit: Number of results per page

get_asset_vulnerabilities

Check all vulnerabilities for specific assets with detailed context

Parameters:

  • integration: Target vulnerability management platform (required)
  • asset_id: Target asset identifier (required)
  • severity_filter: Filter by severity levels
  • include_mitigated: Include mitigated vulnerabilities
  • include_dependencies: Include dependency vulnerabilities
  • sort_by: Sort results (severity, published_date, cvss_score)

analyze_risk

Calculate risk scores and prioritize remediation based on multiple factors

Parameters:

  • integration: Target vulnerability management platform (required)
  • vulnerabilities: List of vulnerabilities to analyze (required)
  • factors: Risk factors to consider (exploitability, asset_criticality, exposure)
  • business_context: Additional business context for scoring
  • threat_intelligence: Include threat intel correlation
  • compliance_frameworks: Consider compliance requirements

track_remediation

Monitor patching progress and remediation effectiveness

Parameters:

  • integration: Target vulnerability management platform (required)
  • remediation_id: Remediation campaign identifier
  • assets: Assets to track remediation for
  • time_range: Time period for tracking
  • include_validation: Include post-patch validation results
  • metrics: Specific metrics to track (mttr, success_rate, coverage)

Installation

Prerequisites

  • A Unizo API key
  • An active VMS integration (Black Duck SCA, Checkmarx, Coverity Static, Qualys, Rapid7 InsightVM, Semgrep, Tenable Nessus, Veracode)
  • Node.js v20 or higher

MCP Configuration

Here is an example configuration for setting up the Unizo Vulnerability Management MCP server:

{
  "mcpServers": {
    "unizo-vms": {
        "command": "npx",
      "args": [
        "mcp-remote",
        "http://api.unizo.ai/mcp/vms",
        "--allow-http",
        "--header",
        "apikey:${UNIZO_API_KEY}"
      ],
      "env": {
        "UNIZO_API_KEY": "your_api_key"
      }
    }
  }
}

Client Setup

For detailed setup instructions with specific AI clients:

Environment Variables

The following environment variables are required:

Error Handling

All tools return errors in a consistent format:

{
  "error": {
    "code": "VULNERABILITY_NOT_FOUND",
    "message": "CVE-2024-12345 not found in current integration"
  }
}

Common error codes:

  • INTEGRATION_NOT_FOUND: Invalid integration ID
  • VULNERABILITY_NOT_FOUND: Vulnerability ID does not exist
  • ASSET_NOT_FOUND: The asset ID is invalid or not available
  • REMEDIATION_NOT_FOUND: Remediation tracking not found
  • RATE_LIMIT_EXCEEDED: API rate limit reached
  • UNAUTHORIZED: Invalid API key or insufficient permissions