Integrate Cortex XSIAM with Claude, Cursor, Chatbots & AI Agents MCP Server

Connect Cortex XSIAM to any AI agent via MCP.

GDPR Free for Subscribers

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

execute

Execute playbook on Cortex XSIAM

g., enrich IOCs, block IP, reset password). Requires playbook name and optional input arguments. Use this to speed up response times and ensure consistent handling of incidents. Execute an automated incident response playbook in Cortex XSIAM

get

Get alerts on Cortex XSIAM

Use this to review detection rules firing or analyze threat patterns. List security alerts detected by Cortex XSIAM

get

Get endpoints on Cortex XSIAM

Use this to audit endpoint coverage, identify disconnected hosts, or target remediation actions. List managed endpoints (hosts/devices) in Cortex XSIAM

get

Get incident details on Cortex XSIAM

Requires the incident ID. Use this for deep investigation or context before taking action. Get detailed information about a specific security incident

get

Get incidents on Cortex XSIAM

Use this to monitor SOC queue, identify high-severity incidents, or track analyst workload. Supports sorting and limiting results. List security incidents in Cortex XSIAM

get

Get indicators on Cortex XSIAM

Use this to review threat intelligence or check if specific artifacts are known malicious. List indicators of compromise (IOCs) tracked in Cortex XSIAM

isolate

Isolate endpoint on Cortex XSIAM

Requires the endpoint ID. Use this immediately upon confirming a severe compromise to prevent lateral movement. Isolate a compromised endpoint from the network

run

Run xql query on Cortex XSIAM

XQL allows searching logs, endpoints, network data, and more. Requires a valid XQL query string. Returns the results of the query. Use this for custom threat hunting, compliance reporting, or data analysis. Execute an XQL (Cortex Query Language) query for advanced threat hunting

scan

Scan endpoint on Cortex XSIAM

Supports "quick" or "deep" scan types. Requires the endpoint ID. Use this to verify if a host is infected or after cleaning a threat. Trigger a malware scan on a specific endpoint

Security & Code Integrity Audit

Every tool in the Cortex XSIAM MCP Server is continuously audited by the Vinkius Security Engine. We guarantee zero-trust payload isolation, strict data boundaries, and deterministic execution for enterprise-grade AI agents.

A+Score: 100

How Vinkius protects your data

Is there a risk of the AI "going crazy" and deleting important company data?

No. With Vinkius, the AI operates on "rails". It can only make the exact moves you authorized in the tool's settings. It cannot invent routes, access other networks in your company, or decide to delete random files. If the action isn't in the approved catalog, the attempt is blocked instantly.

How does the AI access my passwords and credentials?

It simply doesn't. On Vinkius, your passwords, API keys, and login details are kept in a secure vault. The AI (like ChatGPT or Claude) merely "asks" Vinkius to perform the task. Vinkius opens the door, does the work, and hands the result back to the AI. Your credentials are never seen, read, or learned by the artificial intelligence.

What happens if the underlying API rate limits my agent?

Our edge infrastructure automatically handles backoffs, queueing, and throttling. If an AI agent sends too many erratic requests, Vinkius manages the rate limits gracefully, ensuring your backend doesn't crash.

Does the AI train on my tools or API data?

No. Vinkius enforces a strict Zero-Retention policy. Your data simply passes through our secure servers to complete the requested action and is instantly forgotten. Nothing you do here is ever stored, logged, or used to train any artificial intelligence.

Cortex XSIAM. Runs on everything.

From IDE to framework. Every connection governed by Vinkius.

Claude DesktopIDE

Anthropic's native desktop app for Claude with built-in MCP support.

CursorIDE

AI-first code editor with integrated LLM-powered coding assistance.

VS Code CopilotIDE

GitHub Copilot in VS Code with Agent mode and MCP support.

WindsurfIDE

Purpose-built IDE for agentic AI coding workflows.

ClineIDE

Autonomous AI coding agent that runs inside VS Code.

Claude CodeCLI

Anthropic's agentic CLI for terminal-first development.

OpenAI Agents SDKSDK

Python SDK for building production-grade OpenAI agent workflows.

Google ADKSDK

Google's framework for building production AI agents.

Pydantic AISDK

Type-safe agent development for Python with first-class MCP support.

Vercel AI SDKSDK

TypeScript toolkit for building AI-powered web applications.

Mastra AISDK

TypeScript-native agent framework for modern web stacks.

CrewAIFramework

Python framework for orchestrating collaborative AI agent crews.

LangChainFramework

Leading Python framework for composable LLM applications.

LlamaIndexFramework

Data-aware AI agent framework for structured and unstructured sources.

AutoGenFramework

Microsoft's framework for multi-agent collaborative conversations.

Explore More MCP Servers

View all →

Coda

11 tools

Combine docs, spreadsheets, and apps into powerful all-in-one documents that grow with your team and automate routine work.

Kapwing

3 tools

Automate video and image rendering via Kapwing — create media from JSON, track render progress, and manage assets directly from any AI agent.

Coassemble

8 tools

Manage online training and LMS via Coassemble — track courses, monitor enrolments, and manage student groups directly from any AI agent.

Stark Bank

9 tools

Equip your AI with Brazil's enterprise Developer Bank. Automate corporate virtual cards, Boletos, Outbound Pix (Transfers), and statements inside chats.