UBOS Asset Marketplace: ntopng Model Context Protocol (MCP) Server - Unlock Network Intelligence for AI Agents

In today’s complex and dynamic digital landscape, understanding network behavior is paramount. The UBOS platform recognizes this need by providing a robust ecosystem for AI agent development, seamlessly integrating with diverse data sources. Among these valuable integrations is the ntopng Model Context Protocol (MCP) Server, a crucial asset for businesses seeking to leverage AI-driven insights into their network infrastructure.

What is the ntopng MCP Server?

The ntopng MCP Server acts as a conduit, enabling AI agents to interact with and query the wealth of data collected by ntopng (ntop Next Generation), a high-performance network traffic monitoring and analysis application. This server adheres to the Model Context Protocol (MCP), a standard designed to streamline the interaction between AI models and external data sources. By implementing the MCP standard, the ntopng MCP Server allows AI agents to ask precise questions about network activity, security alerts, and performance metrics, receiving structured, actionable answers.

ntopng excels at collecting comprehensive network data, including flow information, host statistics, and security alerts. However, this data’s raw volume and complexity can be overwhelming. The ntopng MCP Server transforms this raw data into a readily accessible and understandable format for AI agents, enabling sophisticated analysis and automated responses.

Key Features of the ntopng MCP Server:

• MCP Compliance: Adheres to the Model Context Protocol, ensuring seamless integration with other MCP-compatible tools and AI platforms, including UBOS.
• NTOPNG Integration: Provides a direct interface to query ntopng’s ClickHouse database, where historical network flows and alerts are stored.
• Pre-built Tools: Includes a suite of tools designed to extract specific network insights, such as top talkers, alert statistics, and flow data.
• Configurability: Offers extensive configuration options to tailor the connection to your ntopng instance, including host, port, user credentials, and security settings.
• Extensibility: While currently lacking support for MCP resources and prompts, the server’s architecture allows for future expansion and customization.

Use Cases: Empowering AI Agents with Network Intelligence

The ntopng MCP Server opens a wide array of possibilities for AI-powered network management and security. Here are some compelling use cases:

• Automated Threat Detection and Response: AI agents can continuously monitor network traffic for suspicious patterns, correlating flow data with alert statistics to identify and respond to potential security threats in real-time. For example, an AI agent could detect a sudden spike in traffic to a known malicious IP address and automatically isolate the affected host.
• Performance Optimization: By analyzing network flow data, AI agents can identify bottlenecks and optimize network performance. For instance, an agent could detect a congested link and automatically reroute traffic to alleviate the congestion.
• Network Anomaly Detection: AI agents can learn the normal patterns of network behavior and detect anomalies that may indicate a problem. An example is detecting unusual traffic patterns suggesting a compromised device or a denial-of-service attack.
• Compliance Monitoring: AI agents can monitor network activity to ensure compliance with security policies and regulations. For example, an agent could monitor data transfer patterns to ensure sensitive data is not being transmitted insecurely.
• Proactive Network Maintenance: By analyzing historical network data, AI agents can predict potential network failures and proactively schedule maintenance. As an example, anticipate a hardware failure based on increasing error rates and proactively schedule a replacement.
• Security Information and Event Management (SIEM) Augmentation: Enhance existing SIEM systems with AI-driven insights from ntopng data, improving threat detection accuracy and reducing false positives.
• Network Forensics: Aid in post-incident analysis by allowing AI agents to rapidly query historical network data to identify the root cause of security breaches.
• Capacity Planning: Use AI agents to analyze network traffic trends and predict future capacity needs, ensuring the network can handle increasing demands.

Key Features in Detail

The ntopng MCP Server exposes a rich set of tools that AI agents can utilize to extract valuable network insights:

• Data Retrieval Tools:

  • fetch_ntopng_all_ifids: Retrieves all available interface IDs from ntopng.
  • get_ntopng_hosts_location: Fetches geographical location and additional information for network hosts, enabling location-aware security and performance analysis.
  • fetch_ntopng_top_local_talkers: Retrieves the top 10 local talkers for a specified interface, identifying the hosts generating the most internal network traffic.
  • fetch_ntopng_top_remote_talkers: Retrieves the top 10 remote talkers for a specified interface, identifying the hosts generating the most external network traffic.
  • query_ntopng_flows_data: Retrieves detailed flow data from the ntopng flows database, providing granular information about network traffic patterns.
  • get_ntopng_top-k_flows: Retrieves the top-k flows data from the ntopng flows database, allowing you to focus on the most significant network traffic streams.
  • list_tables_ntopng_database: List tables structure of the ntopng database, helping understand the data structure.
  • query_ntopng_database: Query the ntopng Clickhouse database with custom queries.

• Alert Statistics Tools:

  • get_ntopng_all_alert_stats: Retrieves statistics for all alerts, providing a high-level overview of network security events.
  • get_ntopng_flow_alert_stats: Retrieves statistics for flow alerts, focusing on security events related to network traffic flows.
  • get_ntopng_host_alert_stats: Retrieves statistics for host alerts, focusing on security events related to specific network hosts.
  • get_ntopng_interface_alert_stats: Retrieves statistics for interface alerts, focusing on security events related to network interfaces.
  • get_ntopng_mac_alert_stats: Retrieves statistics for MAC address alerts.
  • get_ntopng_network_alert_stats: Retrieves statistics for network alerts.
  • get_ntopng_snmp_device_alert_list: Retrieves a list of SNMP device alerts.
  • get_ntopng_snmp_device_alert_stats: Retrieves statistics for SNMP device alerts.
  • get_ntopng_system_alert_stats: Retrieves statistics for system alerts.
  • get_ntopng_user_alert_stats: Retrieves statistics for user alerts.

• Device Statistics Tools:

  • get_ntopng_flow_devices_stats: Retrieve statistics for all flow devices.
  • get_ntopng_sflow_devices_stats: Retrieve statistics for all sFlow devices.

These tools empower AI agents to proactively monitor, analyze, and respond to network events, enhancing network security, performance, and compliance.

Setting Up the ntopng MCP Server

Integrating the ntopng MCP Server with your AI agent development environment involves a few key steps:

1. Configuration: Configure the server with the necessary connection details for your ntopng instance. This includes the host, port, database credentials, and API key. These configurations can be set using environment variables or within the claude_desktop_config.json file.
2. Installation: Install the mcp-ntopng package using uv pip install -e . from the project main directory.
3. Testing: Verify the connection and functionality of the server by running the provided testing scripts or by integrating it into your AI agent development workflow.
4. Integrate with UBOS: Leverage the UBOS platform to orchestrate your AI Agents using this MCP Server. Connect your Agents to the ntopng data through UBOS’s intuitive interface, build custom Agents utilizing this data, and create sophisticated Multi-Agent Systems that respond intelligently to network events.

Configuration Details

The claude_desktop_config.json file needs to be configured to point to the mcp-ntopng server. Ensure the correct paths to the uv binary and the run_mcp_ntopng.py script are provided. Additionally, the environment variables must be set correctly to allow the server to connect to the ntopng database.

Example claude_desktop_config.json:

{ “mcpServers”: { “mcp-ntopng”: { “command”: “/Users/marco/Development/claude/mcp-server-ntopng/.venv/bin/python”, “args”: [ “/Users/marco/Development/claude/mcp-server-ntopng/run_mcp_ntopng.py” ], “env”: { “NTOPNG_HOST”: “marcoeg-nod004.ntoplink.com”, “NTOPNG_DBPORT”: “9000”, “NTOPNG_DBUSER”: “default”, “NTOPNG_DBPASSWORD”: “”, “NTOPNG_SECURE”: “false”, “NTOPNG_VERIFY”: “false”, “NTOPNG_CONNECT_TIMEOUT”: “30”, “NTOPNG_SEND_RECEIVE_TIMEOUT”: “300”, “SELECT_QUERY_TIMEOUT_SECS”: “30”, “NTOPNG_API_KEY”: “NTOPNG_TOKEN” } } } }

Environment Variables:

The following environment variables are crucial for configuring the database connection:

• NTOPNG_HOST: Hostname of the ntopng server.
• NTOPNG_DBUSER: Username for ClickHouse DB authentication.
• NTOPNG_DBPASSWORD: Password for ClickHouse DB authentication.
• NTOPNG_API_KEY: The ntopng authentication token.
• NTOPNG_DBPORT: The port number of the Clickhouse DB in the ntopng server. Defaults to 9000 if HTTPS is enabled, 8123 if disabled.
• NTOPNG_SECURE: Enable/disable a TLS connection. Defaults to false. Set to true for secure TLS connections.
• NTOPNG_VERIFY: Enable/disable SSL certificate verification. Defaults to true. Set to false to disable certificate verification (not recommended for production).
• NTOPNG_CONNECT_TIMEOUT: Connection timeout in seconds. Defaults to 30.
• NTOPNG_SEND_RECEIVE_TIMEOUT: Send/receive timeout in seconds. Defaults to 300.

Why UBOS?

UBOS is a comprehensive AI Agent development platform designed to empower businesses in creating and deploying intelligent agents across various departments. By integrating the ntopng MCP Server with UBOS, you unlock the following benefits:

• Centralized AI Agent Management: UBOS provides a centralized platform for managing, orchestrating, and monitoring your AI agents.
• Seamless Data Integration: UBOS simplifies the process of connecting your AI agents to diverse data sources, including the ntopng MCP Server.
• Custom AI Agent Development: UBOS allows you to build custom AI agents tailored to your specific needs, leveraging the data provided by the ntopng MCP Server.
• Multi-Agent System Orchestration: UBOS enables the creation of sophisticated multi-agent systems that can collaborate to solve complex network management and security challenges.
• Low-Code/No-Code Environment: With UBOS, even non-technical users can participate in the AI agent development process, accelerating innovation and democratizing access to AI.

The UBOS platform, combined with the ntopng MCP Server, offers a powerful solution for leveraging AI to enhance network security, optimize performance, and improve overall network management. Embrace the future of network intelligence with UBOS and the ntopng MCP Server.

Getting Started

To begin leveraging the power of the ntopng MCP Server within the UBOS ecosystem, follow these steps:

1. Explore the UBOS Platform: Visit the UBOS website (https://ubos.tech) to learn more about the platform’s features and capabilities.
2. Sign Up for a UBOS Account: Create an account on the UBOS platform to access the development tools and resources.
3. Deploy the ntopng MCP Server: Follow the instructions provided in this document to deploy and configure the ntopng MCP Server.
4. Connect to UBOS: Integrate the ntopng MCP Server with your UBOS environment, enabling your AI agents to access network data.
5. Develop Your AI Agents: Use the UBOS platform to develop custom AI agents that leverage the data provided by the ntopng MCP Server to solve your specific network management and security challenges.

By embracing the UBOS platform and the ntopng MCP Server, you can unlock the full potential of AI-driven network intelligence, transforming your network from a complex infrastructure into a strategic asset.