4,500+ servers built on MCP Fusion
Vinkius
Cortex XSIAM logo
Vinkius
Google ADK logo

How to Use the Cortex XSIAM MCP in Google ADK

Connect Cortex XSIAM to your Google ADK pipelines to hunt threats using Gemini's million-token context.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Cortex XSIAM MCP on Cursor AI Code Editor MCP Client Cortex XSIAM MCP on Claude Desktop App MCP Integration Cortex XSIAM MCP on OpenAI Agents SDK MCP Compatible Cortex XSIAM MCP on Visual Studio Code MCP Extension Client Cortex XSIAM MCP on GitHub Copilot AI Agent MCP Integration Cortex XSIAM MCP on Google Gemini AI MCP Integration Cortex XSIAM MCP on Lovable AI Development MCP Client Cortex XSIAM MCP on Mistral AI Agents MCP Compatible Cortex XSIAM MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Google ADK

Connect Cortex XSIAM MCP to Google ADK

Create your Vinkius account to connect Cortex XSIAM to Google ADK and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Cortex XSIAM with Google ADK
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Audit your fleet with this MCP Server

The `get_endpoints` tool retrieves a complete list of managed hosts and devices directly into your Gemini agent. You can instantly see which endpoints are offline, outdated, or missing critical security policies. Your agent can filter these systems and run a `scan_endpoint` to check for active malware. This lets you automate routine endpoint hygiene checks without writing custom MCP integrations.

Analyze security incidents with long-context reasoning

The `get_incidents` tool pulls active security incidents from your SOC queue directly into your Google ADK agent. Because Gemini handles massive context windows, you can feed entire lists of incidents to the agent for high-level pattern analysis. The agent can then call `get_incident_details` on specific high-severity events. This pulls raw alert telemetry and logs, allowing your agent to summarize the attack path in plain English.

Run automated playbooks from Google Cloud

The `execute_playbook` tool lets your enterprise agent trigger pre-defined remediation workflows inside XSIAM. You can kick off IP blocks or password resets directly from your Google Cloud environment. To verify the playbook worked, your agent can query `get_alerts` to see if the threat stopped firing. This closes the loop on automated incident response.

Setup guide

Set up Cortex XSIAM MCP in Google ADK

Prerequisites

  • Python 3.10+ installed
  • google-adk package (pip install google-adk)
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install Google ADK

    Run pip install google-adk to install the Agent Development Kit. MCP support is included via the McpToolset class.

  2. 2

    Connect via SSE transport

    Use McpToolset.from_server() with SseServerParams pointing to your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Create an LlmAgent

    Pass the returned mcp_tools list directly to LlmAgent(tools=mcp_tools). The ADK maps each MCP tool to a native Gemini function call — no manual schema definitions required.

  4. 4

    Run with any Gemini model

    The agent works with any Gemini model (gemini-2.0-flash, gemini-2.5-pro, etc.). Copy the full example on the right to get started with Cortex XSIAM tools in your ADK agent.

agent.py 
from google.adk.agents import LlmAgent
from google.adk.tools.mcp_tool.mcp_toolset import McpToolset
from google.adk.tools.mcp_tool.mcp_session_manager import SseServerParams

# Connect to the MCP via SSE
mcp_tools, exit_stack = await McpToolset.from_server(
    connection_params=SseServerParams(
        url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    )
)

# Create your agent with auto-discovered tools
agent = LlmAgent(
    name="Cortex XSIAM_agent",
    model="gemini-2.0-flash",
    instruction="You have access to Cortex XSIAM tools via MCP.",
    tools=mcp_tools,
)
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cortex XSIAM. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cortex XSIAM now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cortex XSIAM MCP in Google ADK

Use the `McpToolset` class with your Vinkius HTTP URL. Pass that toolset instance directly into your `LlmAgent` constructor to expose the security tools.
Yes. Your agent can call `get_indicators` to retrieve active indicators of compromise from your XSIAM tenant. This helps correlate Google Cloud logs with known threat intelligence.
Yes, this MCP Server works with both transport protocols. Most enterprise Google Cloud deployments use the streamable HTTP transport for reliable remote connectivity.
Yes. You can use the `tool_names` filter in the toolset configuration to expose only safe tools like `get_alerts` while hiding destructive actions.
Your endpoint details and security telemetry stay within your private Google Cloud VPC and the Vinkius secure corridor. No security data is ever cached on disk or used to train public models.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Cortex XSIAM MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 9 tools

We've already built the connector for Cortex XSIAM. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 9 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.