Add three MCP detections to the Suspicious MCP Activities story#4128
Open
eeee2345 wants to merge 1 commit into
Open
Add three MCP detections to the Suspicious MCP Activities story#4128eeee2345 wants to merge 1 commit into
eeee2345 wants to merge 1 commit into
Conversation
Extends the Suspicious MCP Activities analytic story (created in splunk#3895) with three contentctl-ng detections over the existing mcp:jsonrpc data source and mcp.log dataset: - MCP Webhook Persistence Creation (create_webhook to an external URL - persistence / exfiltration channel, T1546) - MCP Suspicious File Deletion (delete_file, e.g. removing SECURITY.md - data destruction / defense evasion, T1485) - MCP Source Code Secret Search (search_code for credential patterns - credential harvesting, T1552.001) Each detection follows the flat contentctl-ng schema, ends with its auto-named filter macro, and includes a unit test that replays against the existing splunk/attack_data mcp.log. Threat-rule context is referenced via the open, MIT-licensed Agent Threat Rules project (rule counts read at runtime, not hard-coded). Validated locally: validate_yaml.py (yamllint + yamlfmt) PASS and contentctl-ng 0.7.0 build succeeds; each search returns rows against mcp.log. Signed-off-by: Adam Lin <adam@agentthreatrule.org>
eeee2345
requested review from
ljstella,
nasbench and
patel-bhavin
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This extends the Suspicious MCP Activities analytic story (created in #3895) with three contentctl-ng detections over the existing mcp:jsonrpc data source and the splunk/attack_data mcp.log dataset:
Each detection uses the flat contentctl-ng schema, ends with its auto-named filter macro, joins the existing story via analytic_story, and ships a unit test that replays against mcp.log. ATR is cited only in references as URLs; rule counts are read from the live repo, not hard-coded.
Local validation
Note: the unit-test replay runs inside a Splunk container in CI. I verified the searches return rows against the dataset locally but could not run the container here, so that single check is confirmed only at the dataset-match level.
Disclosure: I maintain the open-source ATR project referenced in the detections.