Ctrlk
Knowledge BaseRelease NotesRequest Demo

Panther Remote MCP (Beta)

Connect MCP-compatible AI clients directly to your Panther instance over OAuth

Overview

Panther Remote MCP is in open beta starting with Panther version 1.124, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.

Prerequisite: api. subdomain. Panther Remote MCP requires your Panther deployment to have an api.<your-panther-host> subdomain configured (set up as part of your custom domain configuration). If your deployment doesn't have one, use Local MCP instead.

Panther Remote MCP lets you interact with your Panther instance from any MCP-compatible AI client — like Claude for Desktop, Cursor, or Goose — using natural language. Ask about alerts, query the data lake, look up an indicator, or pull a detection's source — all without leaving your editor or chat client.

Remote MCP exposes Panther's alerts, detections, data lake, schemas, identity, and enrichments, and the tool surface is actively expanding. A handful of tools available in Local MCP — such as Panther-hosted AI workflows (e.g., AI alert triage) and scheduled-query introspection — aren't on Remote MCP yet. If your workflow needs one of those today, use Local MCP.

Connecting your MCP client

Your Panther Remote MCP endpoint is:

https://api.<your-panther-host>/mcp

Most popular MCP clients (Claude for Desktop, Cursor, Goose) work out of the box — they redirect to loopback URLs (localhost, 127.0.0.1), which Panther always permits. If your client uses a non-loopback redirect URL (e.g., a hosted web client or a custom native-app scheme), your Panther admin may need to add it to the allowlist — see Admin setup below.

Add Panther as a remote MCP server in your client. For example:

If your organization is on a Team or Enterprise plan, you must be a Claude Owner to add a remote MCP.

  1. Navigate to Customize > Connectors.

  2. Click the "+" button next to Connectors.

  3. Enter a name (e.g., Panther) and the URL https://api.<your-panther-host>/mcp.

  4. Click Add.

  5. Claude opens your browser to sign in to Panther. Complete SSO and review the consent screen.

  6. Approve. Your browser redirects back to Claude, which now has access to Panther tools.

Choosing what the client can do

After signing in, you'll land on Panther's MCP authorization page. This is where you choose how much of your access to share with the MCP client.

By default, the consent screen pre-selects every permission your Panther role currently holds. You can deselect any permission to narrow what the connected client can do.

  • You can only grant permissions you already have. The backend rejects any selection that exceeds your current role.

  • Permission revocations apply on refresh. If your role is reduced after you've connected, the next refresh will fail closed rather than silently retain the old scope.

  • Each user connects individually. Connections are personal — there is no shared "service account" token. Audit logs attribute every tool call to the user who connected.

Admin setup

You must have the Edit Settings & SAML Preferences permission to configure Remote MCP.

The only admin task for Remote MCP is allowlisting redirect URLs that your users' MCP clients use to receive the authorization code, and only when those clients use non-loopback redirects. Loopback addresses (localhost, 127.0.0.1, ::1) are always permitted, which covers most desktop MCP clients out of the box.

To configure additional redirect URLs:

  1. In the upper-right corner of your Panther Console, click the gear icon (Settings) > Panther AI.

  2. Navigate to the Remote MCP tab.

  3. Configure the following:

    • Allowed redirect domains — domains permitted for https:// OAuth redirects (e.g., claude.ai, *.cursor.com). Loopback addresses (localhost, 127.0.0.1, ::1) are always allowed and do not need to be listed.

    • Allowed custom schemes — scheme names permitted for native-app deep-link redirects (e.g., cursor, mcp, com.example.app). Reserved values (http, https, javascript, data, file, vbscript) are rejected.

  4. Save changes. Updates may take up to 10 minutes to take effect due to configuration caching.

Allowed redirect domains

The domain allowlist supports glob patterns:

Pattern
Matches
Does NOT match

claude.ai

claude.ai only

api.claude.ai, notclaude.ai

*.cursor.com

auth.cursor.com, api.cursor.com

cursor.com (no subdomain), notcursor.com

*cursor.com

auth.cursor.com, notcursor.com

Use sparingly — also matches lookalike domains

*example.com is a string-match wildcard, not a dot-boundary one — it will also match notexample.com. For "any subdomain of example.com" use *.example.com instead.

Matching is case-insensitive on the hostname.

Permissions overview

Permission
Role this grants

Edit Settings & SAML Preferences

Configure the redirect allowlists (admin)

Read Settings & SAML Preferences

View the Remote MCP settings page (admin/analyst)

Any tool-specific permission (e.g., Read Alerts, Query Data Lake)

Becomes available for the user to grant on the consent screen

Users do not need any special "MCP" permission to connect — their existing role permissions are what they can choose to expose to a client.

Security

Panther's OAuth implementation follows RFC 7591 and treats MCP clients as public clients, so client_secret is not issued.

If your MCP client requires a client_secret in the registration response, it is not spec-compliant. Contact that client's support team and reference RFC 7591 §3.2.1 and the MCP authorization specification.

  • OAuth 2.1 + PKCE. Standard, audited flow. State, PKCE, and browser-bound flow IDs protect the OAuth handshake from interception and cross-session injection.

  • Audit logging. Every tool invocation is recorded as a single audit-log event (search by event type AI_TOOL_INVOKE) in Panther audit logs, attributed to the connecting user.

Troubleshooting

"Redirect URI is not allowed" after I sign in

Your MCP client's redirect URI isn't on your admin's allowlist. Ask your Panther admin to add the appropriate domain to Allowed redirect domains, or the scheme to Allowed custom schemes, in Settings > Panther AI > Remote MCP. Changes may take up to 10 minutes to propagate.

The client connects but I see no tools (or fewer than expected)

Tool visibility is filtered by what you granted on the consent screen and by your underlying Panther role. Disconnect and reconnect from your MCP client to redo the consent flow, and make sure the relevant permissions are checked. If a permission is missing from the consent screen entirely, your Panther role doesn't grant it — contact an admin.

A tool keeps failing with "permission denied" or "unauthorized"

Your role likely changed after you connected — Remote MCP refuses to silently retain old permissions. Disconnect from the MCP client and reconnect to refresh your consent under your current role.

Can I use a Panther API token with Remote MCP?

No. Remote MCP requires the OAuth flow tied to your user identity. If you need an API-token-based MCP server (for CI, scripted agents, etc.), use Local MCP instead.

What's the difference between this and the third-party MCP integrations under Panther AI?

The MCP Integrations page describes Panther AI connecting out to third-party MCP servers like Atlassian or PagerDuty so Panther AI can use their tools during a conversation. This page describes the opposite direction: external MCP clients connecting in to Panther so they can use Panther's tools.

PreviousMCPNextPanther Local MCP Server

Last updated

Was this helpful?