Splunk

MCP Sensitive System File Search

Last updated 2 days ago on 2026-07-17

About

This detection identifies MCP filesystem tool usage attempting to search for files containing sensitive patterns such as passwords, credentials, API keys, secrets, and configuration files. Adversaries and malicious insiders may abuse legitimate MCP filesystem capabilities to conduct reconnaissance and discover sensitive data stores for exfiltration or credential harvesting.
Platform
Splunk
Tags
Data Source: SplunkDomain: ApplicationRule Type: QueryOS: Any
Severity
medium
Risk Score
47
References
https://splunkbase.splunk.com/app/8377(external, opens in a new tab or window)https://www.splunk.com/en_us/blog/security/securing-ai-agents-model-context-protocol.html(external, opens in a new tab or window)
False Positives
Known false positives include legitimate development activities where developers search for configuration files, environment variables, or authentication modules as part of normal coding tasks, as well as security audits involving authorized security reviews or code scanning tools searching for hardcoded secrets. Additionally, documentation lookups for example config files or authentication documentation may trigger this detection, along with refactoring tasks where developers rename or consolidate credential management code across a codebase, and onboarding activities where new developers explore unfamiliar codebases to understand authentication flows.
Source
View on GitHub(external, opens in a new tab or window)

Definition

Rule Language
SPL
Rule Type
query
text code block:
`mcp_server` (method IN ("read_file", "get_file_contents", "read", "search_files", "find_files", "grep", "search", "list_directory", "read_directory")) (params.path="*.ssh*" OR params.path="*Administrator*" OR params.path="*credentials*" OR params.path="*password*" OR params.path="*.env*" OR params.path="*id_rsa*" OR params.path="*.pem*" OR params.path="*.ppk*" OR params.path="*.key*" OR params.path="*secrets*" OR params.path="*.aws*" OR params.path="*.config*" OR params.pattern="*password*" OR params.pattern="*key*" OR params.pattern="*secret*" OR params.pattern="*credential*" OR params.pattern="*token*" OR params.pattern="*auth*" OR params.pattern="*api_key*" OR params.pattern="*private_key*") | eval dest=host | eval detection_type=case( method IN ("read_file", "get_file_contents", "read"), "PATH_ACCESS", method IN ("search_files", "find_files", "grep", "search"), "PATTERN_SEARCH", method IN ("list_directory", "read_directory"), "DIRECTORY_ENUM", 1=1, "UNKNOWN") | eval target_path=coalesce('params.path', 'params.directory', 'params.file') | eval search_pattern=coalesce('params.pattern', 'params.query', 'params.search') | stats count min(_time) as firstTime max(_time) as lastTime values(detection_type) as detection_types values(target_path) as targeted_paths values(search_pattern) as search_patterns values(method) as methods_used by dest, source | eval time_span_seconds=lastTime-firstTime | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` | table dest firstTime lastTime count source detection_types methods_used targeted_paths search_patterns time_span_seconds | `mcp_sensitive_system_file_search_filter`

View this rule on Splunk

This rule was sourced from the official Splunk public repository. View the original rule on GitHub(external, opens in a new tab or window).