Meet Cato’s MCP Server: A Smarter Way to Integrate AI Into Your IT & Security Processes 

We Just Wanted to Ask a Simple Question 

Sometimes preparing dinner can be a complicated task. You’re juggling a stir-fry, boiling pasta, prepping a salad, and all you want is to say “Chop the onions” and have it done. No switching between tasks, no looking up steps. Just state the intent, and it’s executed. 

We wanted that same level of simplicity when interacting with our environment, including sites, users, topology, and real-time data. That led us to build Cato’s Model Context Protocol (MCP) Server. 

In many operational environments, teams rely on scripts or API calls to integrate Cato with other systems in their stack. Even for basic tasks, such as checking which sites are in a degraded state, this can involve multiple steps, custom logic, or combining data from different sources. MCP reduces that complexity. You can ask a direct question like “Which sites are currently in a degraded state?” and get a clear, structured response. This makes it easier to automate routine checks and incorporate Cato insights into broader workflows. 

MCP allows you to interact with your account in Cato’s CMA using your own MCP-aware client. This could be an existing tool such as Claude Desktop, Cursor IDE, or a custom agent developed by your team. It also opens the door to new workflows where Cato is just one of several MCP servers your client interacts with. For example, an LLM could retrieve data from the Cato MCP server, combine it with results from a SIEM MCP server, and return a unified response, all from within the tools you already use.  

Why This Matters 

MCP provides a new way to access operational data using natural language. It allows teams to ask direct questions and receive structured, reliable answers, making it easier to extract insights and automate routine queries. Key benefits include: 

• Faster troubleshooting: Ask operational questions and get immediate, structured responses. 

• Flexible integration: Works with any MCP-compatible client, including Claude, ChatGPT, and custom agents. 

• Secure by design: Only exposes a defined set of tools, keeping access tightly scoped and controlled. 

How We Built It: Cato’s MCP Implementation 

We’ve packaged Cato MCP as a self-contained Docker container that runs locally and exposes a subset of Cato’s public GraphQL APIs as tools. It connects to your Cato account and can be paired with any AI agent that supports the MCP specification. Cato’s MCP is currently available to Cato’s customers, with full deployment instructions provided here. For customers and partners interested in hands-on guidance, enablement training is available here. 

Here’s what you need to get started: 

• Configuration: Provide your CMA Host, Account ID, and API key. 

• Compatibility: The provided MCP server has been tested for compatibility with popular MCP clients (non free tier), such as Cursor and Claude Desktop using the Claude Sonnet 3.7 model, and is recommended for use with these clients. 

• Provided tools: At launch, we’re exposing several tools to support questions based on two of Cato’s most commonly used GraphQL queries: 
  • AccountSnapshot, which provides near real-time, snapshot-based metrics for an account, offering analytics similar to those found on the Topology page. 
  • EntityLookup, which allows searching for entities of a specific type, with support for filtering and pagination. 

Under the hood, the MCP server translates supported queries into tools, and exposes them to the connected AI agent as callable functions. We’re starting with a small, well-scoped set of tools, but more capabilities are planned. 

What You Can Ask – Real Use Cases 

With Cato’s MCP, you can ask operational questions directly through an AI agent without writing scripts or navigating dashboards. Below are examples of the types of questions we demonstrate using a Claude-based agent connected to our MCP server. Claude responds with both structured answers and visual output, making results easier to interpret. 

In the following video, we show the response to these questions:  

·      Which countries or PoPs have the most remote users connected right now? 

·      Which sites are currently connected only through a last-resort link? 

·      Which sites have just a single WAN port currently active? 

In the following video, we continue with these additional questions: 

• Provide a list of all connected remote users, grouped by OS and client version. 

• Which remote users are still running outdated client versions? 

• Which sites need a Socket upgrade? 

And in the following video, we show the response also to these additional questions: 

• Show all sites, grouped by IPsec, Socket, or vSocket. 

• Which countries or PoPs have the most sites connected right now? 

Security Recommendations 

MCP gives AI controlled access to real operational data, which means we need to treat it like any other sensitive interface. In a previous post, we also demonstrated how MCP can potentially be exploited. Here’s what we recommend for safe usage: 

• Limit access to the container: Run it in a restricted network context; local-only is ideal. 

• Rotate your CMA API key regularly: Treat your Cato-issued API key like any other credential. Use a dedicated key for MCP and rotate it periodically, especially in shared or automated environments. 

• Use only official, preconfigured tools: Cato MCP exposes a limited, vetted set of tools by default. Avoid modifying or extending the toolset unless explicitly supported. 

• Monitor usage: We plan to add observability, but for now, track queries through your AI agent if supported. 

What’s Next 

MCP was built to simplify how you interact with your environment. Instead of navigating dashboards or writing API calls, it allows AI agents to query your Cato deployment using natural language. The first release includes a limited set of tools for site status, user sessions, and entity lookups. The framework is designed to scale, and we plan to expand tool coverage and integrations over time. Our goal is to make AI-driven operations more accessible, consistent, and secure.