How to Use the Datadog Cloud SIEM MCP in Claude Code

Q: How do I list alerts from Datadog Cloud SIEM in Claude Code?

Run a command to search signals, and the agent will call searchsignals to return the latest alerts for your review.

Q: Does Claude Code show Datadog Cloud SIEM security filters?

It does. You can use the listsecurityfilters tool to see exactly which logs are being excluded from your SIEM evaluation engine.

Q: How do I remove a rule in Datadog Cloud SIEM via Claude Code?

Use the deletedetectionrule tool with the rule ID. This action permanently deletes custom rules from your security setup.

Connect Claude Code to Datadog Cloud SIEM for headless security monitoring and automated log analysis from your terminal.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Datadog Cloud SIEM MCP to Claude Code

Create your Vinkius account to connect Datadog Cloud SIEM to Claude Code and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Datadog Cloud SIEM with Claude Code

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Automated Datadog Cloud SIEM log extraction

Pipe the output of `search_raw_logs` directly into your shell scripts for automated analysis. This allows you to build CI/CD checks that scan for security regressions in real-time. Use `get_raw_log_context` to capture specific bounds during an incident response. It is perfect for SREs who need to verify attacker footprints without manual intervention.

Headless Datadog Cloud SIEM rule management

Manage your security definitions via the CLI using `list_detection_rules` and `get_detection_rule`. You can audit your entire security posture from a single terminal session. If you need to update your logic, `create_detection_rule` allows you to push new queries based on your findings. It ensures your infrastructure stays defended against the latest threats.

Terminal-based Datadog Cloud SIEM signal triage

Keep your security signals in check by using `triage_signal` to archive alerts directly from your command line. It is the fastest way to clear your queue when you are deep in a terminal workflow. Check your API connectivity at any time with `security_system_ping`. It verifies your session is healthy, so your automated tasks never fail due to expired tokens.

Setup guide

Set up Datadog Cloud SIEM MCP in Claude Code

Prerequisites

Claude Code CLI installed (npm install -g @anthropic-ai/claude-code)
Active Vinkius subscription with a valid endpoint token

1

Run the add command

Open your terminal and run the command shown on the right. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com. Use --scope user to make it available across all projects.
2

Verify the connection

Start a Claude Code session and type /mcp to list connected servers. You should see datadog-cloud-siem-mcp with a green status indicator.
3

Start using tools

Ask Claude Code something like "Check my latest Datadog Cloud SIEM transactions." It will automatically discover and invoke the available Datadog Cloud SIEM tools.

Terminal

claude mcp add --transport http datadog-cloud-siem-mcp https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Get your connection token →

Prerequisites

Claude Code CLI installed
Active Vinkius subscription with a valid endpoint token

1

Open the config file

Create or edit .mcp.json in your project root for project-level scope, or ~/.claude.json for user-level scope.
2

Add the Datadog Cloud SIEM MCP

Paste the JSON snippet shown on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Code

Start a new Claude Code session. Type /mcp to confirm the server is connected. The tools will be automatically available in your conversation.

.mcp.json

{
  "mcpServers": {
    "datadog-cloud-siem-mcp": {
      "type": "url",
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Datadog Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Datadog Cloud SIEM now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Datadog Cloud SIEM MCP in Claude Code

Run a command to search signals, and the agent will call `search_signals` to return the latest alerts for your review.

Yes, you can query specific rules to see their underlying Lucene syntax. The agent uses `get_detection_rule` to dump the configuration directly into your terminal.

The MCP Server operates in an ephemeral memory space. It pulls your security logs on-demand and discards them as soon as the command finishes.

It does. You can use the `list_security_filters` tool to see exactly which logs are being excluded from your SIEM evaluation engine.

Use the `delete_detection_rule` tool with the rule ID. This action permanently deletes custom rules from your security setup.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python