Check Point MCP Servers

This repository contains a collection of Model Context Protocol (MCP) servers for Check Point security platforms, implemented in TypeScript. Each MCP server is organized as a separate package within this monorepo structure.

What is MCP?

Model Context Protocol (MCP) servers expose a structured, machine-readable API for your enterprise data—designed for AI-powered automation, copilots, and decision engines. By delivering a clear, contextual slice of your security environment, MCP lets you query, analyze, and optimize complex systems without building custom SDKs or parsing raw exports.

Why MCP for Check Point Security?

Security policies often span hundreds of rules and thousands of objects across diverse enforcement points. Understanding, auditing, or optimizing these environments is slow and error-prone.

MCP changes this: exposing security management data in a modular, context-rich format, ready for AI systems to consume. Enabling the AI to use your data with precision. Ask real-world questions, and get structured, actionable answers—instantly.

Repository Structure

This monorepo is organized with each Check Point security domain as a separate MCP server:

• /packages - Contains all MCP server implementations and shared libraries
  • /management - Management API MCP server for policy and object management
  • /infra - Shared infrastructure components and utilities
  • /management-logs - Management Logs MCP server for Check Point products
  • /threat-prevention - Management API MCP Server for Threat Prevention policies
  • /https-inspection - Management API MCP Server for Https Inspection policies
  • /harmony-infra - Shared infrastructure components for Harmony products
  • /harmony-sase - Harmony SASE MCP Server for SASE policy management
  • /mcp-utils - Shared utilities for Check Point MCP servers
  • /reputation-service - Reputation MCP Server
  • /gw-cli-base - Base Infra for running Gateways scripts
  • /gw-cli - Gateway Script MCP Server for Information, Perfomance and Diagnostics
  • /gw-cli-connection-analysis - Gateway Script MCP Server to Analyze Connection Issues
  • /threat-emulation - Threat Emulation MCP server for malware analysis and file scanning
  • /gaia - GAIA OS MCP server for network management and interface configuration
  • /documentation-tool - Check Point documentation assistant MCP server for product information and technical guidance
  • /spark-management - Spark Management MCP server for Quantum Spark appliance management
  • /cpinfo-analysis - CPInfo Analysis MCP server for Check Point appliance diagnostic file analysis and troubleshooting
  • /argos-erm - Argos ERM MCP server for external risk management and threat intelligence

Available MCP Servers

The following MCP servers are available in this repository:

| MCP Server | Package Name | Description | |------------|--------------|-------------| | Management | @chkp/quantum-management-mcp | Query policies, rules, objects, and network topology | | Management Logs | @chkp/management-logs-mcp | Make queries and gain insights from connection and audit logs | | Threat-Prevention | @chkp/threat-prevention-mcp | Query Threat Prevention policies, profiles and indicators, view IPS updates and IOC feeds | | HTTPS-Inspection | @chkp/https-inspection-mcp | Query Https Inspection policies, rules and exceptions | | Harmony SASE | @chkp/harmony-sase-mcp | Query and manage Harmony SASE Regions, Networks, Applications and configurations | | Reputation Service | @chkp/reputation-service-mcp | Query Url, IP and File Reputation | | GW CLI | @chkp/quantum-gw-cli-mcp | Provides comprehensive diagnostics and analysis across hardware, network configuration, high availability, performance, security, and real-time connection debugging | | GW CLI Connection Analysis | @chkp/quantum-gw-connection-analysis-mcp | Provides debug logs to help analyze connection issues | | Threat Emulation | @chkp/threat-emulation-mcp | Analyze files for malware and threats using Check Point's cloud services | | Gaia | @chkp/quantum-gaia-mcp | Network management and interface configuration for GAIA OS | | Documentation Tool | @chkp/documentation-mcp | Comprehensive Check Point documentation assistant providing instant access to product information, technical specifications, configuration guidance, and feature documentation across the entire Check Point security portfolio | | Spark Management | @chkp/spark-management-mcp | Manage and monitor Quantum Spark appliances for MSPs and distributed networks | | Cpinfo analysis | @chkp/cpinfo-analysis-mcp | Analyze CPInfo diagnostic files for system health, performance metrics, network configuration, and troubleshooting insights | | Argos ERM | @chkp/argos-erm-mcp | Monitor and investigate security threats across alerts, IOCs, assets, vulnerabilities, credential exposure, threat intelligence, and organizational risk assessment |

Example: Setting Up an MCP Server

Here's an example of how to configure the Management MCP server in your MCP client:

{
  "MCP-NAME": {
    "command": "npx",
    "args": [
      "@chkp/MCP_NPM_PACKAGE"
    ],
    "env": {
        // Specific server configuration 
    }
  }
}

Each MCP server has its own specific configuration requirements. Please refer to the individual package README files for detailed setup instructions.

Getting Started for Development (Not needed for users who just wish to use the MCPs)

To work with this repository:

# Clone the repository
git clone [repository-url]

# Install dependencies
npm install

# Build all packages
npm run build

Nx Workspace Commands

This project uses Nx for managing the monorepo. You can use Nx commands to run tasks for specific packages:

Package Build Options:

• Alias: npm run nx:build:<folder-name> (e.g., management, harmony-sase, infra)
• Direct Nx: npx nx build <full-package-name> (e.g., @chkp/quantum-management-mcp)

Running Development Mode

# Run @chkp/management in development mode
npx nx run @chkp/quantum-management-mcp:dev
# or using alias
npm run nx:dev:management

# Run https-inspection in development mode
npx nx run @chkp/https-inspection-mcp:dev
# or using alias
npm run nx:dev:https-inspection

Building Specific Packages

# Build https-inspection server
npx nx build @chkp/https-inspection-mcp
# or using alias
npm run nx:build:https-inspection

# Build threat-prevention server
npx nx build @chkp/threat-prevention-mcp
# or using alias
npm run nx:build:threat-prevention

Running Tests

# Run tests for a specific package
npx nx run @chkp/quantum-infra:test

# Run tests for all packages
npx nx run-many --target=test

Other Useful Nx Commands

# Show project graph
npx nx graph

# List all available projects
npx nx show projects

# Build all packages
npx nx run-many --target=build

# Lint all packages
npx nx run-many --target=lint

⚠️ Security Notice

1. Authentication keys and credentials are never shared with the model. They are used only by the MCP server to authenticate with your Check Point management system.
2. Only use client implementations you trust. Malicious or untrusted clients could misuse your credentials or access data improperly.
3. Queried Data will be exposed to the model. Ensure that you only use models and providers that comply with your organization's policies for handling sensitive data and PII.

📊 Telemetry and Privacy

Check Point collects anonymous usage statistics to improve MCP servers. Only tool usage patterns and anonymous identifiers are collected—no credentials, policies, or sensitive data.

Opt-Out: Set TELEMETRY_DISABLED=true environment variable or use the --no-telemetry flag to disable telemetry collection.