Sold by: SentinelOneÂ
Deployed on AWS
Purple AI Model Context Protocol (MCP) Server provides secure, seamless integration between the Singularity Platform and any AI framework or large language model. Acting as a universal translator and intelligence hub, it empowers developers and partners to build custom agentic AI experiences powered by the full context and analytics of the SentinelOne platform. The open-source Purple AI MCP Server is available today on GitHub and will also be deployable as an EKS and through Amazon Bedrock, using Agent Core. Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
Overview
The SentinelOne Purple AI MCP Server serves as a pivotal gateway, democratizing access to the vast security context within the Singularity Platform for any generative AI application. By implementing the Model Context Protocol, this server delivers comprehensive security telemetry that includes device inventory, real-time alerts, vulnerability data, and misconfiguration findings, directly into your cloud-native workflows.
It is engineered to facilitate the creation of next-generation, agentic security solutions. AI agents can leverage SentinelOne's data lake, running PowerQueries on events and interacting directly with Purple AI for conversational threat analysis and guided security actions. This capability accelerates the shift to an autonomous Security Operations Center (SOC) model, where agents can automatically perform incident enrichment, validate security posture, and inform strategic decisions across enterprise and cloud assets. The Purple AI MCP Server provides the essential integration layer for embedding true security intelligence into your custom AI systems.
To learn more about this open-source resource and explore its deployment capabilities, visit the official project page at: https://github.com/Sentinel-One/purple-mcp Purple AI MCP Server is also deployable as an EKS and through Amazon Bedrock, using Agent Core.
Users will need to have an active deployment of SentinelOne console and be able to obtain the SentinelOne Singularity Console token and url to be able to deploy and use the Purple AI MCP server.
Highlights
- The Purple AI MCP Server uses the open-source Model Context Protocol (MCP) to establish a universal, standardized bridge, connecting the SentinelOne Singularity Platform with any AI framework or LLM.
- It exposes comprehensive, read-only security services, including Purple AI for conversational security investigation, Alerts, Vulnerabilities, Misconfigurations, Events (PowerQuery), and Asset Inventory to enrich AI-native workflows.
- Empowers developers and partners to build custom, context-aware agentic AI use cases for security operations (SecOps), enabling autonomous threat triage, real-time posture analysis, and advanced threat hunting.
Details
Sold by
Categories
Delivery method
Type
Supported services
Delivery option
ECS
Amazon Bedrock AgentCore
Latest version
Operating system
Linux
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Access real-time vendor security and compliance information through their Trust Center powered by Drata. Review certifications and security standards before purchase.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
ECS
Supported services: Learn moreÂ
- Amazon ECS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
Latest build of SentinelOne Purple AI MCP Server. Please see https://github.com/Sentinel-One/purple-mcp for additional release notes
Additional details
Usage instructions
###Obtaining SentinelOne Console Token
A SentinelOne Console Token is required for using MCP Server. Before deploying Purple AI MCP you need to have an active deployment of Purple AI Singularity Operations Center. If you are not registered with the SentinelOne Singularity Platform, please visit https://www.sentinelone.com/platform/Â for more information on subscribing.
Obtain a Sentinelone Singularity Operations Center console token. This can be found in SentinelOne Console Policy & Settings > User Management > Service Users in your console. Currently, this server only supports tokens that have access to a single Account or Site. If you need to access multiple sites, you will need to run multiple MCP servers with Account-specific or Site-specific tokens.
###Deployment instructions quickstart:
- Create a new ECS Cluster
- Create a new task definition that includes the below environment variables and ensure container exposes port 8000
PURPLEMCP_CONSOLE_BASE_URL=https://your-console.sentinelone.net PURPLEMCP_CONSOLE_TOKEN=your-token MCP_MODE=streamable-http PURPLEMCP_STATELESS_HTTP=True
- Create a new service using the task definition created in step 2.
For further usage instructions see deployment guideÂ
###Example deployment using Docker:
docker run -p 8000:8000 \ -e PURPLEMCP_CONSOLE_TOKEN \ -e PURPLEMCP_CONSOLE_BASE_URL \ -e MCP_MODE=streamable-http \ -e PURPLEMCP_STATELESS_HTTP=True \ 709825985650.dkr.ecr.us-east-1.amazonaws.com/sentinelone/sentinelone/purple-ai-mcp-server:0.6.0####Example Payload 1 - Listing available tools
{ "jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": { "_meta": { "progressToken": 1 } } }Expected Output
{ "jsonrpc": "2.0", "id": 1, "result": { "tools": [ { "name": "purple_ai", "description": "Query Purple AI for information and assistance", "inputSchema": { "type": "object", "properties": { "query": { "type": "string", "description": "The question or request to send to Purple AI" } }, "required": ["query"] } } ] } }####Example Payload 2 - Query Purple_AI
{ "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "purple_ai", "arguments": { "query": "What is Purple AI?" } } }Expected Output 2
{ "jsonrpc": "2.0", "id": 2, "result": { "content": [ { "type": "text", "text": "text response" } ], "isError": false } }Support
Vendor support
Multiple support options are available. Email support at support@sentinelone.comÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
The First Security AI Platform to Protect the Entire Enterprise.
Break Down Security Silos. Gain Enterprise-Wide Visibility and Control. Action Your Data In Real-time with AI.
One intelligent platform. Unprecedented speed. Infinite scale. Singularity™ enables unfettered visibility, industry-leading detection, and autonomous response. Discover the power of AI-powered, enterprise-wide cybersecurity. Enterprise security across endpoints, cloud, and identity, backed by a unified data lake, and with the power of Purple AI.
Block attacks with an AI-powered CNAPP. Gain visibility and enhance security from build time to runtime. Prioritize cloud health and remediation with Verified Exploit Paths™. Try Cloud Native Security for free!
Go beyond next-gen SIEM with the AI SIEM for the Autonomous SOC. Critical threats are autonomously mitigated, while tasks requiring human input are seamlessly augmented with AI and automation. Empower analysts of all skill levels to perform effective threat hunting and investigations with confidence. Optimize security operations with fast and scalable automation.
![SentinelOne Endpoint Protection [Private Offer Only]](https://d7umqicpi7263.cloudfront.net/img/product/f082fa4f-9b6f-4693-a718-62fac6bbce3e.PNG)
SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects, responds and hunts attacks across all major vectors.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.