4,500+ servers built on MCP Fusion
Vinkius
Cortex XSIAM logo
Vinkius
Windsurf logo

How to Use the Cortex XSIAM MCP in Windsurf

Let Cascade chain Cortex XSIAM incident response and XQL hunting directly inside your Windsurf workspace.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Cortex XSIAM MCP on Cursor AI Code Editor MCP Client Cortex XSIAM MCP on Claude Desktop App MCP Integration Cortex XSIAM MCP on OpenAI Agents SDK MCP Compatible Cortex XSIAM MCP on Visual Studio Code MCP Extension Client Cortex XSIAM MCP on GitHub Copilot AI Agent MCP Integration Cortex XSIAM MCP on Google Gemini AI MCP Integration Cortex XSIAM MCP on Lovable AI Development MCP Client Cortex XSIAM MCP on Mistral AI Agents MCP Compatible Cortex XSIAM MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Windsurf

Connect Cortex XSIAM MCP to Windsurf

Create your Vinkius account to connect Cortex XSIAM to Windsurf and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Cortex XSIAM with Windsurf
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Trigger Cortex XSIAM playbooks via Windsurf Cascade

`execute_playbook` triggers automated response workflows like resetting compromised credentials or blocking malicious IPs directly from your editor. When a high-severity alert pops up, Cascade doesn't just show you the JSON payload; it plans the containment steps and runs the playbook for you. You feed Cascade the incident ID, and the agent coordinates with the Cortex XSIAM MCP Server to execute the exact recovery sequence. You watch the terminal logs update in real-time as the threat is neutralized without leaving your workspace.

Isolate endpoints and trigger deep malware scans

`isolate_endpoint` cuts off network access for compromised machines to stop lateral movement before malware spreads. Cascade identifies the affected host from your alerts, schedules a threat scan using `scan_endpoint`, and quarantines the device immediately. Instead of jumping between security dashboards, you let Windsurf handle the host state transitions. Cascade chains these tools to verify the host status with `get_endpoints` and confirms isolation succeeds.

Run raw XQL queries inside your active workspace

`run_xql_query` executes raw Cortex Query Language strings to extract raw logs, network events, and process trees directly into Cascade. Windsurf takes your plain-text request, builds the exact XQL syntax, and runs the query via the MCP Server to parse the returned dataset. You get the exact threat telemetry you need without opening a web browser. Cascade uses the results to map out the attack timeline and highlight suspicious indicators.

Setup guide

Set up Cortex XSIAM MCP in Windsurf

Prerequisites

  • Windsurf IDE installed (macOS, Windows, or Linux)
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Open MCP configuration

    Click the Cascade assistant icon in the sidebar, then click the hammer icon (🔨) at the top of the panel. Select "Configure" to open ~/.codeium/windsurf/mcp_config.json.

  2. 2

    Add the Cortex XSIAM MCP

    Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.

  3. 3

    Refresh MCPs

    Go back to the hammer icon (🔨) in Cascade and click "Refresh". Windsurf will detect the new server. No full restart is needed — the connection is hot-reloaded.

  4. 4

    Verify in Cascade

    Start a new Cascade conversation and ask something like "Show my Cortex XSIAM payment history." If connected, Cascade will call the Cortex XSIAM tools directly. You will see a green dot next to the server name in the MCP panel.

mcp_config.json 
{
  "mcpServers": {
    "cortex-xsiam-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cortex XSIAM. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Cortex XSIAM now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Cortex XSIAM MCP in Windsurf

Cascade reads the incident context, selects the `execute_playbook` tool, and inputs the required arguments. It handles the API handshake via the MCP Server and reports the execution status in your chat panel.
Yes. Cascade uses `get_indicators` to pull live threat intelligence and matches it against your local workspace code or log files.
Add the server configuration to your `~/.codeium/windsurf/mcp_config.json` file under the `mcpServers` key. Cascade automatically discovers all nine security tools upon the next restart.
Cascade plans the isolation step using `isolate_endpoint` but asks for your confirmation before executing the network cut-off. This prevents accidental disruption of production workloads while maintaining speed.
All security alerts, endpoint details, and raw query payloads pass through a local, ephemeral V8 sandbox. Vinkius never stores your XQL results or incident histories, keeping your enterprise telemetry completely isolated.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Cortex XSIAM MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 9 tools

We've already built the connector for Cortex XSIAM. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 9 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.