Fleet MCP Server
An MCP server that enables AI assistants to interact with Fleet Device Management for device management, security monitoring, and compliance assurance.
Get this MCP server
An MCP server that enables AI assistants to interact with Fleet Device Management for device management, security monitoring, and compliance assurance.
Installation
UVX (Recommended)
uvx fleet-mcp run
PyPI
pip install fleet-mcp
From Source Code
git clone https://github.com/SimplyMinimal/fleet-mcp.git
cd fleet-mcp
pip install -e .
Development with UV
git clone https://github.com/SimplyMinimal/fleet-mcp.git
cd fleet-mcp
uv sync --dev
Configuration
Claude Desktop
{
"mcpServers": {
"fleet": {
"command": "uvx",
"args": ["fleet-mcp", "run"],
"env": {
"FLEET_SERVER_URL": "https://your-fleet-instance.com",
"FLEET_API_TOKEN": "your-api-token",
"FLEET_READONLY": "true",
"FLEET_ALLOW_SELECT_QUERIES": "true"
}
}
}
}
Cursor
{
"mcpServers": {
"fleet": {
"command": "uvx",
"args": ["fleet-mcp", "run"],
"env": {
"FLEET_SERVER_URL": "https://your-fleet-instance.com",
"FLEET_API_TOKEN": "your-api-token",
"FLEET_READONLY": "true",
"FLEET_ALLOW_SELECT_QUERIES": "true"
}
}
}
}
Cline (VS Code)
{
"mcpServers": {
"fleet": {
"command": "uvx",
"args": ["fleet-mcp", "run"],
"env": {
"FLEET_SERVER_URL": "https://your-fleet-instance.com",
"FLEET_API_TOKEN": "your-api-token",
"FLEET_READONLY": "true",
"FLEET_ALLOW_SELECT_QUERIES": "true"
}
}
}
}
Zed Editor
{
"context_servers": {
"fleet": {
"command": {
"path": "uvx",
"args": ["fleet-mcp", "run"]
},
"settings": {
"env": {
"FLEET_SERVER_URL": "https://your-fleet-instance.com",
"FLEET_API_TOKEN": "your-api-token",
"FLEET_READONLY": "true",
"FLEET_ALLOW_SELECT_QUERIES": "true"
}
}
}
}
}
Available Tools
| Tool | Description |
|---|---|
fleet_list_hosts |
List hosts with filtering, pagination, and search |
fleet_get_host |
Get detailed information about a specific host by ID |
fleet_get_host_by_identifier |
Get a host by hostname, UUID, or serial number |
fleet_search_hosts |
Search hosts by name, UUID, serial number, or IP |
fleet_list_queries |
List all saved queries with pagination |
fleet_get_query |
Get details of a specific saved query |
fleet_get_query_report |
Get the latest results of a scheduled query |
fleet_list_policies |
List all compliance policies |
fleet_get_policy_results |
Get compliance results for a specific policy |
fleet_list_software |
List software inventory across the entire fleet |
fleet_get_vulnerabilities |
List known vulnerabilities with filtering |
fleet_get_cve |
Get detailed information about a specific CVE |
fleet_list_teams |
List all teams |
fleet_list_users |
List all users with filtering |
fleet_list_labels |
List all labels |
Capabilities
- Host Management - view, search, query, and manage hosts in your fleet
- Live Query Execution - execute osquery queries in real time on hosts
- Policy Management - create, update, and monitor compliance policies
- Software Inventory - track installed software and vulnerabilities across devices
- Team and User Management - organize hosts and users into teams
- osquery Table Discovery - dynamically discover and document osquery tables
- Read-Only Mode - safe exploration with additional SELECT-only query execution
- Activity Monitoring - track Fleet activity and audit logs
Environment Variables
Required
FLEET_SERVER_URL- Fleet server URLFLEET_API_TOKEN- Fleet API token
Optional
FLEET_READONLY- Enable read-only modeFLEET_ALLOW_SELECT_QUERIES- Allow SELECT queries in read-only modeFLEET_VERIFY_SSL- Verify SSL certificatesFLEET_TIMEOUT- Request timeout (seconds)FLEET_MAX_RETRIES- Maximum number of retry attempts
Usage Examples
Show me all hosts in my fleet
Which policies are currently non-compliant?
Execute a live query to check for specific software
Show all vulnerabilities found in the fleet
Show the software inventory for a specific host
Notes
Supports both read-only and read-write modes. Read-only mode is secure by default for exploration. API tokens can be generated in the Fleet UI (My Account → Get API Token) or via the fleetctl command. Enhanced security practices include using TOML configuration files and proper file permissions.