- Solutions
-
- File Server: Ransomware Protection
- File Server: File Copy
- File Server: Audit File Access
- File Server: Storage growth reporting
- Licensing/Pricing
- Contact
This help page is for version 10.2. The latest available help is for version 10.1.
MCP Server for AI Help
If you use AI and your AI can connect to an MCP server, then you can enable the MCP server in PA File Sight so you can ask your AI for additional insight into your system, or suggestions for configuration improvements.
The MCP server in PA File Sight (as of version 10.2 in 2026) is currently read-only.
The MCP server can query about your configuration and the systems that are monitored, but it cannot make any changes. As we and our customers gain experience with this feature additional capabilities will be added in the future. If/when changes are supported in the future, they will need to be explicitly enabled.
How It Works
An MCP server is an HTTPS server with specific well-known requests paths. The MCP server (if enabled) will use the same HTTPS server that is already running in your PA File Sight installation.
This MCP server supports 'tools' which are requests that an AI can make to request information from the system. These tools are things such as:
- list-servers
- list-monitors
- list-monitor-types
- list-current-errors
- probe-device (request inventory values, SNMP values, etc)
These are examples, and not an exhaustive list. Other tools will be added in the future to add functionality.
With these tools an AI is able to gather information about monitored servers/devices, the monitors, current data from the monitors, etc. and reason about changes that should be made, or help suggest fixes to problems that are being alerted on.
MCP Security
When requests are made to the MCP server, they are made as a user that you have defined in Remote Access. Requests to the MCP server as this user account will have the same constraints that the user account has, meaning if the user can only see servers in a specific group, the MCP requests will also only be able to see servers in that group.
When connecting to the MCP server as a user, you'll need to look at your AI to see what authentication approaches it supports. The PA File Sight MCP server supports:
- HTTPS Basic Auth - the username and password are passed in a header with each request. This is considered less secure than the other options.
- Bearer Tokens - You create a Bearer Token for a user in Remote Access, and then give that Bearer Token to your AI. This allows it to connect as the target user.
- OAuth 2.1 - You will give your AI the HTTPS host:port to the MCP server and it will display the PA File Sight web login, and capture a token that will let it make requests.
For Bearer Tokens and OAuth 2.1 you can revoke the tokens in the Credential Manager to stop any future logins. The user of the tokens (the AI) never knows the account password.
Data Security Considerations
The MCP server in HKEY_LOCAL_MACHINE\software\PAFileSight does NOT connect to the Internet in any way. Requests are made to the MCP server from your AI tool.
When your AI tool queries the MCP server, it will probably send whatever it learns about your system to the AI servers in the cloud. This could include server names, group names, monitor names, device inventory data (manufacturer, model, CPU and RAM amount) and performance data. It will NOT include documents or files stored on servers (PA File Sight never has a reason to look at the content of such files).
Enabling the MCP Server
To enable the MCP server, set this registry value:
HKEY_LOCAL_MACHINE\software\PAFileSight\Protected
EnableMCP_Reads = 1
Changing the value above does NOT require the service to be restarted. In addition, you won't see anything different in the application - this just allows the HTTPS server to respond to MCP requests from an AI. If no AI connects and makes requests, then enabling the MCP server has no effect.
Connecting to the MCP Server
To connect to the MCP server, you need to give your AI the hostname and port of your HTTPS server for PA File Sight.
If you plan to use OAuth 2.1 to connect to the MCP server, see this page for enabling OAuth in PA File Sight.
If your AI will connect from the Cloud, you'll need to expose the HTTPS port to the Internet through your firewall, and also have a DNS name that can be used to access the HTTPS server.
Some AIs require an SSL/TLS certificate that matches the hostname, so in that case the default self-signed certificate will not work. See Custom SSL Certificate for how to add your own. Using the Let's Encrypt option is free if you don't already have a certificate available.
Some AIs may require that the MCP server must be reachable on port 443.
Some AIs might only connect to MCP via stdio, but there are HTTPS to stdio wrapper apps.
In our experience, asking your AI for help connecting to an MCP server has proven useful.
What Next
Once your AI can connect to the MCP server, you can ask it things such as "what is the most important error that I should look into" or "how can I improve monitoring coverage", etc.