A multi-tenant HTTP wrapper around SentinelOne's purple-mcp server that lets a single container serve multiple organizations by accepting credentials as request headers instead of environment variables. Built for the Wyre MCP gateway, it lazily spawns isolated purple-mcp child processes per tenant pair of API token and base URL, proxies requests through, and evicts idle tenants after 15 minutes. If you're running a gateway that needs to fan out SentinelOne MCP calls across different customer accounts without spinning up dedicated containers for each, this handles the plumbing. Expects x-purplemcp-token and x-purplemcp-base-url headers on every request and exposes the standard purple-mcp capabilities for threat hunting and endpoint management.
claude mcp add --transport stdio wyre-technology-sentinelone-mcp uvx sentinelone-mcp