How to Use the Cortex XSIAM MCP in Pydantic AI

Q: How do I connect the Cortex XSIAM MCP Server to my Pydantic AI agent?

Initialize the connection using MCPToolset with your Vinkius HTTP endpoint. Pass the toolset instance into the toolsets argument of your Pydantic AI Agent.

Build type-safe security agents with Pydantic AI and this Cortex XSIAM MCP Server to prevent silent runtime failures.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Cortex XSIAM MCP to Pydantic AI

Create your Vinkius account to connect Cortex XSIAM to Pydantic AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Cortex XSIAM with Pydantic AI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Run type-safe threat hunts with Pydantic AI

The `run_xql_query` tool lets your agent execute complex queries against your XSIAM data lake with strict runtime validation using this MCP Server integration. Every log row returned is validated against your Pydantic schemas, ensuring your pipeline never processes malformed data. If the schema doesn't match, the agent raises a validation error immediately. This prevents your security scripts from failing silently when parsing raw network logs or endpoint events.

Validate active security incidents before taking action

The `get_incident_details` tool fetches raw incident data, which your agent validates at runtime. This guarantees that fields like severity, source IP, and affected hosts are correctly typed before your code processes them. You can safely pass this validated data to `execute_playbook` to run automated remediations. This type-safe pipeline prevents your agent from passing bad arguments to critical security workflows.

Audit endpoint status with zero silent errors

The `get_endpoints` tool returns a structured list of all managed hosts on your network. Your agent can parse this list to identify disconnected or compromised machines without worrying about unexpected null values breaking your script. Once identified, the agent can call `isolate_endpoint` to block a compromised host. Because Pydantic AI enforces strict types, you can be sure the endpoint ID is valid before sending the isolation command.

Setup guide

Set up Cortex XSIAM MCP in Pydantic AI

Prerequisites

Python 3.10+ installed
pydantic-ai-slim[fastmcp] package
Active Vinkius subscription with a valid endpoint token

1

Install Pydantic AI with FastMCP
Run pip install "pydantic-ai-slim[fastmcp]". The FastMCP toolset replaces the deprecated MCPServerHTTP class with full protocol support.
2

Configure the FastMCPToolset
Pass a JSON-style config dict to FastMCPToolset with your Vinkius URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. Supports Streamable HTTP, SSE, and Stdio transports.
3

Create and run your agent
Pass the toolset to Agent(toolsets=[toolset]) and call agent.run(). Swap openai:gpt-4o for any supported model — Anthropic, Google, Mistral, or Groq.

agent.py

from pydantic_ai import Agent
from pydantic_ai.toolsets.fastmcp import FastMCPToolset

toolset = FastMCPToolset({
    "mcpServers": {
        "cortex-xsiam-mcp": {
            "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
        }
    }
})

agent = Agent(
    "openai:gpt-4o",
    toolsets=[toolset],
    system_prompt="You have access to Cortex XSIAM tools.",
)

result = await agent.run("List recent Cortex XSIAM transactions")
print(result.output)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cortex XSIAM. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cortex XSIAM now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cortex XSIAM MCP in Pydantic AI

Initialize the connection using `MCPToolset` with your Vinkius HTTP endpoint. Pass the toolset instance into the `toolsets` argument of your Pydantic AI Agent.

The runtime validation will raise a clear Pydantic ValidationError. This stops the agent from executing further steps on malformed incident or alert data.

Yes. This server is model-agnostic, meaning your Pydantic AI agent can use OpenAI, Anthropic, or local models to run XSIAM tools.

Vinkius manages the authentication details securely. Your Python code only needs to connect to the single Vinkius endpoint token.

All indicator lists and alert details are processed in memory within secure V8 sandboxes. Vinkius operates a zero-trust architecture, ensuring your security telemetry is never stored or exposed.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript