How to Use the IBM QRadar MCP in Pydantic AI

Q: Can I perform an AQL search in IBM QRadar with Pydantic AI?

Absolutely. You define a tool call to executeaql, and the framework verifies that the resulting query search ID and subsequent results conform to your code's expectations.

Q: Is it possible to modify IBM QRadar offenses via Pydantic AI?

Yes, you use updateoffense as part of your toolset. You can define a Pydantic model for the update parameters to ensure your changes are valid before they hit the QRadar API.

Bring strict, type-safe control to your IBM QRadar operations using the Pydantic AI framework.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect IBM QRadar MCP to Pydantic AI

Create your Vinkius account to connect IBM QRadar to Pydantic AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup IBM QRadar with Pydantic AI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Type-safe offense retrieval

Your agent fetches data from `get_offenses` and immediately validates the structure against your Pydantic models. You never deal with malformed JSON or unexpected nulls. If the data doesn't match your schema, the agent stops before processing bad information. This keeps your incident response pipeline clean and reliable.

Structured AQL execution

Trigger `execute_aql` and define your expected response model in your agent code. The server returns the result, and your agent validates the fields against your strict types. It handles `get_aql_results` and `get_aql_status` with the same rigor. You get consistent data structures every time you perform a security search.

Metadata validation for security

Your agent queries `get_log_sources` and `get_network_hierarchy` to build your security context. It enforces specific data types for every field returned. By checking `get_rules` and `get_reference_sets` through these validated calls, the agent ensures your environment settings are correctly understood. This prevents logic errors during complex security analysis.

Setup guide

Set up IBM QRadar MCP in Pydantic AI

Prerequisites

Python 3.10+ installed
pydantic-ai-slim[fastmcp] package
Active Vinkius subscription with a valid endpoint token

1

Install Pydantic AI with FastMCP
Run pip install "pydantic-ai-slim[fastmcp]". The FastMCP toolset replaces the deprecated MCPServerHTTP class with full protocol support.
2

Configure the FastMCPToolset
Pass a JSON-style config dict to FastMCPToolset with your Vinkius URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. Supports Streamable HTTP, SSE, and Stdio transports.
3

Create and run your agent
Pass the toolset to Agent(toolsets=[toolset]) and call agent.run(). Swap openai:gpt-4o for any supported model — Anthropic, Google, Mistral, or Groq.

agent.py

from pydantic_ai import Agent
from pydantic_ai.toolsets.fastmcp import FastMCPToolset

toolset = FastMCPToolset({
    "mcpServers": {
        "ibm-qradar-mcp": {
            "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
        }
    }
})

agent = Agent(
    "openai:gpt-4o",
    toolsets=[toolset],
    system_prompt="You have access to IBM QRadar tools.",
)

result = await agent.run("List recent IBM QRadar transactions")
print(result.output)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by IBM QRadar. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect IBM QRadar now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about IBM QRadar MCP in Pydantic AI

The MCP toolset automatically maps the API output to your Pydantic models. If the IBM QRadar data structure changes unexpectedly, the agent throws a validation error instead of passing corrupt data.

Absolutely. You define a tool call to `execute_aql`, and the framework verifies that the resulting query search ID and subsequent results conform to your code's expectations.

Yes, you use `update_offense` as part of your toolset. You can define a Pydantic model for the update parameters to ensure your changes are valid before they hit the QRadar API.

The server supports both Streamable HTTP and SSE transports. You select the connection method in your Pydantic AI toolset initialization to match your network requirements.

Access is restricted to authenticated sessions using your endpoint token. All traffic is encrypted in transit, and no raw security logs are persisted by the server after the request completes.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript