MCP HubMCP Hub
johnneerdael

netskope-mcp

by: johnneerdael

netskope mcp

1created 29/01/2025
Visit
netskope
cloud

📌Overview

Purpose: To manage Netskope Network Private Access (NPA) infrastructure through a Model Context Protocol (MCP) server utilizing Large Language Models (LLMs).

Overview: The Netskope NPA MCP Server streamlines the management of the NPA environment, enabling users to automate and optimize configurations and interaction with various tools essential for zero trust security. This framework provides a comprehensive set of tools to manage publishers, private applications, policies, and connections effectively and securely.

Key Features:

  • MCP Configuration: Simplifies the setup of your MCP server across different operating systems by providing clear instructions for both NPM package installations and local development setups.

  • Local and Policy Management Tools: A series of tools to create, list, update, and delete local brokers and policy rules, allowing for detailed management of application access and traffic routing based on user conditions and statuses.

  • Private Application and Publisher Management: Provides robust functionality for creating and managing private applications, including configuration, tagging, and publisher assignments, ensuring optimal application performance in a zero trust environment.

  • Diagnostics and Validation Tools: Includes features to retrieve diagnostic information on user and device access, validate resource names and configurations, and perform resource searches, enhancing troubleshooting and compliance capabilities.

Netskope NPA MCP Server

A Model Context Protocol (MCP) server for managing Netskope Network Private Access (NPA) infrastructure through Large Language Models (LLMs).

Warning

This project is under development and not all tools are fully operational. It is strongly advised not to use this in production environments.

Installation

Option 1: NPM Package

Install the package using npm:

npm install @johnneerdael/netskope-mcp

Option 2: Local Development

Clone the repository and install dependencies:

git clone https://github.com/johnneerdael/netskope-mcp.git
cd netskope-mcp
npm install
npm run build

MCP Configuration

Add the following configuration to your MCP settings file depending on your OS and installation method.

Windows with WSL

For NPM installation:

{
  "mcpServers": {
    "netskope-mcp": {
      "command": "wsl.exe",
      "args": [
        "bash",
        "-c",
        "source ~/.nvm/nvm.sh && NETSKOPE_BASE_URL=https://your-tenant.goskope.com NETSKOPE_API_KEY=your-token npx -y @johnneerdael/netskope-mcp"
      ]
    }
  }
}

For local development:

{
  "mcpServers": {
    "netskope-mcp": {
      "command": "wsl.exe",
      "args": [
        "bash",
        "-c",
        "cd /path/to/netskope-mcp && NETSKOPE_BASE_URL=https://your-tenant.goskope.com NETSKOPE_API_KEY=your-token node dist/cli.js"
      ]
    }
  }
}

Linux and macOS

For NPM installation:

{
  "mcpServers": {
    "netskope-mcp": {
      "command": "npx",
      "args": ["-y", "@johnneerdael/netskope-mcp"],
      "env": {
        "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com",
        "NETSKOPE_API_KEY": "your-token"
      }
    }
  }
}

For local development:

{
  "mcpServers": {
    "netskope-mcp": {
      "command": "node",
      "args": ["dist/cli.js"],
      "cwd": "/path/to/netskope-mcp",
      "env": {
        "NETSKOPE_BASE_URL": "https://your-tenant.goskope.com",
        "NETSKOPE_API_KEY": "your-token"
      }
    }
  }
}

Environment Variables

Required Variables

  • NETSKOPE_BASE_URL: Full URL of your Netskope tenant, e.g. https://your-tenant.goskope.com.
  • NETSKOPE_API_KEY: API token from Netskope admin console for authentication. Keep this token secure.

Configuration Examples

export NETSKOPE_BASE_URL="https://your-tenant.goskope.com"
export NETSKOPE_API_KEY="your-api-key"

Tools

AlertsTools

  • getAlertConfig: Retrieves current alert configuration for publishers (notifications for upgrades, connection status, etc).
  • updateAlertConfig: Updates alert configurations including admin users and event types monitored.

LocalBrokerTools

  • listLocalBrokers: List configured local brokers for on-premises ZTNA.
  • createLocalBroker: Create a new local broker instance.
  • getLocalBroker: Retrieve detailed info about a specific local broker.
  • updateLocalBroker: Modify an existing local broker's configuration.
  • deleteLocalBroker: Remove a local broker.
  • getBrokerConfig: Get global configuration for local brokers.
  • updateBrokerConfig: Update global local broker settings.
  • generateLocalBrokerRegistrationToken: Generate registration token for local broker.

PolicyTools

  • listRules: Lists policy rules that govern access controls.
  • getRule: Retrieves detailed info on a specific rule.
  • createRule: Creates a new policy rule.
  • updateRule: Updates an existing rule.
  • deleteRule: Deletes a policy rule.

PrivateAppsTools

  • createPrivateApp: Create a private application with protocols, publishers, and security settings.
  • updatePrivateApp: Update an existing private app's configuration.
  • deletePrivateApp: Remove a private application.
  • getPrivateApp: Retrieve detailed private app configuration.
  • listPrivateApps: List all configured private applications.
  • getPrivateAppTags: Get all tags associated with private apps.
  • createPrivateAppTags: Add new tags to private apps.
  • updatePrivateAppTags: Update tags on multiple private apps.
  • updatePrivateAppPublishers: Update publisher assignments for private apps.
  • deletePrivateAppPublishers: Remove publisher assignments.
  • getDiscoverySettings: Get current discovery settings.
  • getPolicyInUse: Retrieve active policies associated with private apps.

PublishersTools

  • listPublishers: List all publishers with status and capabilities.
  • getPublisher: Retrieve detailed information on a publisher.
  • createPublisher: Create a new publisher instance.
  • patchPublisher: Partial update of publisher configuration.
  • updatePublisher: Full update of publisher settings.
  • deletePublisher: Remove a publisher.
  • bulkUpgradePublishers: Initiate upgrades for multiple publishers.
  • getReleases: Get information about available publisher releases.
  • getPrivateApps: List private applications handled by a specific publisher.
  • generatePublisherRegistrationToken: Generate token for publisher registration.

UpgradeProfileTools

  • listUpgradeProfiles: List upgrade profiles defining publisher upgrade schedules.
  • getUpgradeProfile: Retrieve details of a specific upgrade profile.
  • createUpgradeProfile: Create a new upgrade profile.
  • updateUpgradeProfile: Update an existing upgrade profile's configuration.
  • deleteUpgradeProfile: Remove an upgrade profile.

SteeringTools

  • updatePublisherAssociation: Update associations between private apps and publishers.
  • deletePublisherAssociation: Remove associations between private apps and publishers.
  • getUserDiagnostics: Retrieve diagnostics info about user access.
  • getDeviceDiagnostics: Retrieve diagnostics info about device access.

ValidationTools

  • validateName: Validate resource names (publishers, apps, policies, etc.).
  • validateResource: Validate complete resource configurations before creation or update.
  • searchResources: Search for publishers or private apps by criteria.

This MCP server offers comprehensive management APIs for Netskope Network Private Access infrastructure, including alerting, local brokers, policy rules, private applications, publishers, upgrade profiles, steering, and validation functions. Use the environment variables to securely communicate with your Netskope tenant and refer to the above tool definitions for interacting with the API.