> For the complete documentation index, see [llms.txt](https://docs.panther.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.panther.com/ai/mcp/panther-remote-mcp.md). # Panther Remote MCP (Beta) ## Overview {% hint style="info" %} Panther Remote MCP is in open beta starting with Panther version 1.124, and is available to all customers. Please share any bug reports and feature requests with your Panther support team. {% endhint %} {% hint style="warning" %} **Prerequisite: `api.` subdomain.** Panther Remote MCP requires your Panther deployment to have an `api.` subdomain configured (set up as part of your custom domain configuration). If your deployment doesn't have one, use [Local MCP](/ai/mcp/mcp-server.md) instead. {% endhint %} Panther Remote MCP lets you interact with your Panther instance from any [MCP](https://modelcontextprotocol.io/)-compatible AI client — like Claude for Desktop, Cursor, or Goose — using natural language. Ask about alerts, query the data lake, look up an indicator, or pull a detection's source — all without leaving your editor or chat client. {% hint style="info" %} Remote MCP exposes Panther's **alerts, detections, data lake, schemas, identity, and enrichments**, and the tool surface is actively expanding. A handful of tools available in Local MCP — such as Panther-hosted AI workflows (e.g., AI alert triage) and scheduled-query introspection — aren't on Remote MCP yet. If your workflow needs one of those today, use Local MCP. {% endhint %} ## Connecting your MCP client Your Panther Remote MCP endpoint is: ``` https://api./mcp ``` Most popular MCP clients (Claude for Desktop, Cursor, Goose) work out of the box — they redirect to loopback URLs (`localhost`, `127.0.0.1`), which Panther always permits. If your client uses a non-loopback redirect URL (e.g., a hosted web client or a custom native-app scheme), your Panther admin may need to add it to the allowlist — see [Admin setup](#admin-setup) below. Add Panther as a remote MCP server in your client. For example: {% tabs %} {% tab title="Claude for Desktop" %} {% hint style="info" %} If your organization is on a Team or Enterprise plan, you must be a Claude Owner to add a remote MCP. {% endhint %} 1. Navigate to **Customize > Connectors**. 2. Click the **"+"** button next to Connectors. 3. Enter a name (e.g., `Panther`) and the URL `https://api./mcp`. 4. Click **Add**. 5. Claude opens your browser to sign in to Panther. Complete SSO and review the consent screen. 6. Approve. Your browser redirects back to Claude, which now has access to Panther tools. {% endtab %} {% tab title="Cursor" %} 1. Open **Settings** > **MCP** > **Add new MCP server**. 2. Select **Remote (OAuth)** and enter `https://api./mcp`. 3. Save. Cursor opens your browser to authorize. 4. Complete SSO and the consent screen. 5. Approve to return to Cursor with Panther tools available. {% endtab %} {% endtabs %} ## Choosing what the client can do After signing in, you'll land on Panther's **MCP authorization** page. This is where you choose how much of your access to share with the MCP client. By default, the consent screen pre-selects every permission your Panther role currently holds. You can **deselect any permission** to narrow what the connected client can do. * **You can only grant permissions you already have.** The backend rejects any selection that exceeds your current role. * **Permission revocations apply on refresh.** If your role is reduced after you've connected, the next refresh will fail closed rather than silently retain the old scope. * **Each user connects individually.** Connections are personal — there is no shared "service account" token. Audit logs attribute every tool call to the user who connected. ## Admin setup {% hint style="info" %} You must have the **Edit Settings & SAML Preferences** permission to configure Remote MCP. {% endhint %} The only admin task for Remote MCP is allowlisting redirect URLs that your users' MCP clients use to receive the authorization code, and only when those clients use non-loopback redirects. Loopback addresses (`localhost`, `127.0.0.1`, `::1`) are always permitted, which covers most desktop MCP clients out of the box. To configure additional redirect URLs: 1. In the upper-right corner of your Panther Console, click the gear icon to open Settings, then navigate to **AI & Automation** > **Remote MCP**. 2. Configure the following: * **Allowed redirect domains** — domains permitted for `https://` OAuth redirects (e.g., `claude.ai`, `*.cursor.com`). Loopback addresses (`localhost`, `127.0.0.1`, `::1`) are always allowed and do not need to be listed. * **Allowed custom schemes** — scheme names permitted for native-app deep-link redirects (e.g., `cursor`, `mcp`, `com.example.app`). Reserved values (`http`, `https`, `javascript`, `data`, `file`, `vbscript`) are rejected. 3. Save changes. Updates may take up to 10 minutes to take effect due to configuration caching. ### Allowed redirect domains The domain allowlist supports glob patterns: | Pattern | Matches | Does NOT match | | -------------- | ----------------------------------- | ------------------------------------------------ | | `claude.ai` | `claude.ai` only | `api.claude.ai`, `notclaude.ai` | | `*.cursor.com` | `auth.cursor.com`, `api.cursor.com` | `cursor.com` (no subdomain), `notcursor.com` | | `*cursor.com` | `auth.cursor.com`, `notcursor.com` | *Use sparingly* — also matches lookalike domains | {% hint style="warning" %} `*example.com` is a string-match wildcard, not a dot-boundary one — it will also match `notexample.com`. For "any subdomain of example.com" use `*.example.com` instead. {% endhint %} Matching is case-insensitive on the hostname. ### Permissions overview | Permission | Role this grants | | ------------------------------------------------------------------------- | ------------------------------------------------------------- | | **Edit Settings & SAML Preferences** | Configure the redirect allowlists (admin) | | **Read Settings & SAML Preferences** | View the Remote MCP settings page (admin/analyst) | | Any tool-specific permission (e.g., **Read Alerts**, **Query Data Lake**) | Becomes available for the user to grant on the consent screen | Users do not need any special "MCP" permission to connect — their existing role permissions are what they can choose to expose to a client. ## Security {% hint style="info" %} Panther's OAuth implementation follows RFC 7591 and treats MCP clients as public clients, so `client_secret` is not issued. If your MCP client requires a `client_secret` in the registration response, it is not spec-compliant. Contact that client's support team and reference [RFC 7591 §3.2.1](https://datatracker.ietf.org/doc/html/rfc7591#section-3.2.1) and the [MCP authorization specification](https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization). {% endhint %} * **OAuth 2.1 + PKCE.** Standard, audited flow. State, PKCE, and browser-bound flow IDs protect the OAuth handshake from interception and cross-session injection. * **Audit logging.** Every tool invocation is recorded as a single audit-log event (search by event type `AI_TOOL_INVOKE`) in Panther audit logs, attributed to the connecting user. ## Troubleshooting
"Redirect URI is not allowed" after I sign in Your MCP client's redirect URI isn't on your admin's allowlist. Ask your Panther admin to add the appropriate domain to **Allowed redirect domains**, or the scheme to **Allowed custom schemes**, in **Settings** > **AI & Automation** > **Remote MCP**. Changes may take up to 10 minutes to propagate.
The client connects but I see no tools (or fewer than expected) Tool visibility is filtered by what you granted on the consent screen and by your underlying Panther role. Disconnect and reconnect from your MCP client to redo the consent flow, and make sure the relevant permissions are checked. If a permission is missing from the consent screen entirely, your Panther role doesn't grant it — contact an admin.
A tool keeps failing with "permission denied" or "unauthorized" Your role likely changed after you connected — Remote MCP refuses to silently retain old permissions. Disconnect from the MCP client and reconnect to refresh your consent under your current role.
Can I use a Panther API token with Remote MCP? No. Remote MCP requires the OAuth flow tied to your user identity. If you need an API-token-based MCP server (for CI, scripted agents, etc.), use Local MCP instead.
What's the difference between this and the third-party MCP integrations under Panther AI? The MCP Integrations page describes Panther AI connecting out to third-party MCP servers like Atlassian or PagerDuty so Panther AI can use their tools during a conversation. This page describes the opposite direction: external MCP clients connecting in to Panther so they can use Panther's tools.
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/ai/mcp/panther-remote-mcp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.