How to Use the Cortex XSIAM MCP in LangChain

Build complex security response chains in LangChain by connecting your agents directly to Cortex XSIAM data.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Cortex XSIAM MCP to LangChain

Create your Vinkius account to connect Cortex XSIAM to LangChain and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Cortex XSIAM with LangChain

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Automated incident response logic

Trigger `execute_playbook` directly within your LangChain pipeline to handle active threats without manual intervention. Your agent decides the sequence, pulling incident data first and running remediation steps based on the results. This keeps your security operations moving at machine speed. You define the logic, and the agent executes the specific playbook required for the situation.

Real-time threat hunting with LangChain

Run custom `run_xql_query` calls to pull raw logs from your environment. LangChain agents parse this data to identify hidden patterns that standard detection rules might miss. Combine this with `get_indicators` to cross-reference logs against known malicious artifacts. You get a clear, traceable path of every security decision your agent makes.

Incident monitoring and management

Use `get_incidents` to feed your agent a live list of the SOC queue. The agent sorts through high-severity items and prepares summaries for your review. It can then call `get_incident_details` to provide a deep dive into specific alerts. You stay informed without digging through dashboard interfaces manually.

Setup guide

Set up Cortex XSIAM MCP in LangChain

Prerequisites

Python 3.10+ installed
langchain-mcp-adapters + langgraph packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run pip install langchain-mcp-adapters langgraph langchain-openai. The MCP adapters package converts MCP tools into native LangChain BaseTool objects.
2

Connect via HTTP transport
Use MultiServerMCPClient with "transport": "http" pointing to your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Create a ReAct agent
Pass the discovered tools to create_react_agent() from LangGraph. The agent automatically routes Cortex XSIAM tool calls through the MCP protocol.
4

Run with any LLM
Swap ChatOpenAI for ChatAnthropic, ChatGoogleGenerativeAI, or any LangChain-compatible model. The MCP tools work identically across all providers.

agent.py

from langchain_mcp_adapters.client import MultiServerMCPClient
from langgraph.prebuilt import create_react_agent
from langchain_openai import ChatOpenAI

async with MultiServerMCPClient({
    "cortex-xsiam-mcp": {
        "transport": "http",
        "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
    }
}) as client:
    tools = client.get_tools()

    agent = create_react_agent(
        ChatOpenAI(model="gpt-4o"),
        tools,
    )
    result = await agent.ainvoke({
        "messages": "List recent Cortex XSIAM transactions"
    })
    print(result["messages"][-1].content)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cortex XSIAM. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cortex XSIAM now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cortex XSIAM MCP in LangChain

You use the MCP adapter for LangChain to connect to the server endpoint. This allows your agents to see the available tools and invoke them as part of your chain.

Yes, you pass the playbook name and necessary arguments to the tool. The agent manages the input, ensuring the command executes correctly within the security environment.

Data is stateless by default but you can manage context using client sessions. This keeps your trace history accurate without bloating the agent memory.

It provides a direct bridge to the query engine. You send your XQL strings, and the server returns the raw output for the agent to process.

Your data remains within your controlled infrastructure. The server acts as a secure pipe, only transmitting the specific alerts or logs requested by your agent.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript