Proofpoint

authSTDIOregistry active

Summary

Connects Claude to Proofpoint TAP and Essentials APIs for email security operations. You get tools to query threat events, trace message paths, manage quarantine, pull threat intelligence feeds, and interact with URL Defense. It exposes domains like forensics, Smart Search for advanced email queries, VAP reporting for targeted users, DLP policies, and SIEM event exports. Reach for this when you need to investigate phishing campaigns, automate threat response workflows, or give an AI assistant direct access to your Proofpoint security telemetry. Built by Wyre Technology as part of their MSP tooling ecosystem.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Proofpoint MCP Server

A Model Context Protocol (MCP) server for Proofpoint TAP and Essentials APIs. Enables AI assistants to investigate threats, trace emails, manage quarantine, access threat intelligence, and perform URL defense operations.

This is a Model Context Protocol (MCP) server that connects Claude (or any MCP-compatible AI) to your Proofpoint environment.

Part of the MSP Claude Plugins ecosystem — a growing suite of AI integrations for the MSP stack. Built by MSPs, for MSPs.

Installation

npm install @wyre-technology/proofpoint-mcp

Configuration

Set the following environment variables:

Variable	Required	Description
`PROOFPOINT_SERVICE_PRINCIPAL`	Yes	Your Proofpoint TAP service principal
`PROOFPOINT_SERVICE_SECRET`	Yes	Your Proofpoint TAP service secret
`PROOFPOINT_BASE_URL`	No	Custom base URL (default: tap-api-v2.proofpoint.com)
`MCP_TRANSPORT`	No	Transport mode: stdio (default) or http

Usage

Running with Claude Desktop

Add to your Claude Desktop claude_desktop_config.json:

{
  "mcpServers": {
    "proofpoint-mcp": {
      "command": "npx",
      "args": ["@wyre-technology/proofpoint-mcp"],
      "env": {
        "PROOFPOINT_SERVICE_PRINCIPAL": "your-proofpoint-service-principal"
        "PROOFPOINT_SERVICE_SECRET": "your-proofpoint-service-secret"
      }
    }
  }
}

Running with Claude Code (CLI)

claude mcp add proofpoint-mcp \
  -e PROOFPOINT_SERVICE_PRINCIPAL=your-value \
  -e PROOFPOINT_SERVICE_SECRET=your-value \
  -- npx -y @wyre-technology/proofpoint-mcp

Docker

docker build -t proofpoint-mcp .
docker run \
  -e PROOFPOINT_SERVICE_PRINCIPAL=your-value \
  -e PROOFPOINT_SERVICE_SECRET=your-value \
  -p 8080:8080 proofpoint-mcp

Available Domains

Dlp

Data loss prevention policies

Events

Security event stream and SIEM export

Forensics

Forensic analysis of threats

People

Very Attacked People (VAP) reporting

Policy

Email policy management

Quarantine

Email quarantine management

Reports

Security reports and summaries

Smart Search

Advanced email search

Tap

Targeted Attack Protection events and campaigns

Threat Intel

Threat intelligence and indicators of compromise

Url Defense

URL rewriting and click defense

Development

# Clone the repository
git clone https://github.com/wyre-technology/proofpoint-mcp.git
cd proofpoint-mcp

# Install dependencies
npm install

# Build
npm run build

# Run tests
npm test

Contributing

Contributions are welcome! Please see CONTRIBUTING.md if present, or open an issue to discuss changes.

License

Licensed under the Apache License, Version 2.0. See LICENSE for details.

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Configuration

PROOFPOINT_SERVICE_PRINCIPAL*

Proofpoint TAP service principal (API user identifier)

PROOFPOINT_SERVICE_SECRET*secret

Proofpoint TAP service secret

PROOFPOINT_BASE_URL

Proofpoint TAP API base URL (defaults to https://tap-api-v2.proofpoint.com)

MCP_TRANSPORTdefault: stdio

Transport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.

AUTH_MODEdefault: env

Credential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.

LOG_LEVELdefault: info

Log verbosity: debug, info, warn, error

Proofpoint MCP Server

This is a Model Context Protocol (MCP) server that connects Claude (or any MCP-compatible AI) to your Proofpoint environment.

Part of the MSP Claude Plugins ecosystem — a growing suite of AI integrations for the MSP stack. Built by MSPs, for MSPs.

Installation

npm install @wyre-technology/proofpoint-mcp

Configuration

Set the following environment variables:

Variable	Required	Description
`PROOFPOINT_SERVICE_PRINCIPAL`	Yes	Your Proofpoint TAP service principal
`PROOFPOINT_SERVICE_SECRET`	Yes	Your Proofpoint TAP service secret
`PROOFPOINT_BASE_URL`	No	Custom base URL (default: tap-api-v2.proofpoint.com)
`MCP_TRANSPORT`	No	Transport mode: stdio (default) or http

Usage

Running with Claude Desktop

Add to your Claude Desktop claude_desktop_config.json:

{
  "mcpServers": {
    "proofpoint-mcp": {
      "command": "npx",
      "args": ["@wyre-technology/proofpoint-mcp"],
      "env": {
        "PROOFPOINT_SERVICE_PRINCIPAL": "your-proofpoint-service-principal"
        "PROOFPOINT_SERVICE_SECRET": "your-proofpoint-service-secret"
      }
    }
  }
}

Running with Claude Code (CLI)

claude mcp add proofpoint-mcp \
  -e PROOFPOINT_SERVICE_PRINCIPAL=your-value \
  -e PROOFPOINT_SERVICE_SECRET=your-value \
  -- npx -y @wyre-technology/proofpoint-mcp

Docker

docker build -t proofpoint-mcp .
docker run \
  -e PROOFPOINT_SERVICE_PRINCIPAL=your-value \
  -e PROOFPOINT_SERVICE_SECRET=your-value \
  -p 8080:8080 proofpoint-mcp

Available Domains

Dlp

Data loss prevention policies

Events

Security event stream and SIEM export

Forensics

Forensic analysis of threats

People

Very Attacked People (VAP) reporting

Policy

Email policy management

Quarantine

Email quarantine management

Reports

Security reports and summaries

Smart Search

Advanced email search

Tap

Targeted Attack Protection events and campaigns

Threat Intel

Threat intelligence and indicators of compromise

Url Defense

URL rewriting and click defense

Development

# Clone the repository
git clone https://github.com/wyre-technology/proofpoint-mcp.git
cd proofpoint-mcp

# Install dependencies
npm install

# Build
npm run build

# Run tests
npm test

Contributing

Contributions are welcome! Please see CONTRIBUTING.md if present, or open an issue to discuss changes.

License

Licensed under the Apache License, Version 2.0. See LICENSE for details.

Proofpoint

Proofpoint MCP Server

Installation

Configuration

Usage

Running with Claude Desktop

Running with Claude Code (CLI)

Docker

Available Domains

Dlp

Events

Forensics

People

Policy

Quarantine

Reports

Smart Search

Tap

Threat Intel

Url Defense

Development

Contributing

License

Configuration

Proofpoint

Proofpoint MCP Server

Installation

Configuration

Usage

Running with Claude Desktop

Running with Claude Code (CLI)

Docker

Available Domains

Dlp

Events

Forensics

People

Policy

Quarantine

Reports

Smart Search

Tap

Threat Intel

Url Defense

Development

Contributing

License

Configuration

Related Communication & Messaging MCP Servers

Related Communication & Messaging MCP Servers