Lacework (Cloud Security & CNAPP) MCP Server
Secure your cloud via Lacework — search security alerts, monitor vulnerabilities, and audit cloud asset inventory.
Ask AI about this MCP Server
Vinkius supports streamable HTTP and SSE.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
What is the Lacework MCP Server?
The Lacework MCP Server gives AI agents like Claude, ChatGPT, and Cursor direct access to Lacework via 10 tools. Secure your cloud via Lacework — search security alerts, monitor vulnerabilities, and audit cloud asset inventory. Powered by the Vinkius - no API keys, no infrastructure, connect in under 2 minutes.
Built-in capabilities (10)
Tools for your AI Agents to operate Lacework
Ask your AI agent "Search for all Critical alerts from the last 24 hours" and get the answer without opening a single dashboard. With 10 tools connected to real Lacework data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.
Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by the Vinkius - your credentials never touch the AI model, every request is auditable. Connect in under two minutes.
Why teams choose Vinkius
One subscription gives you access to thousands of MCP servers - and you can deploy your own to the Vinkius Edge. Your AI agents only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure and security, zero maintenance.
Build your own MCP Server with our secure development framework →Vinkius works with every AI agent you already use
…and any MCP-compatible client
Lacework (Cloud Security & CNAPP) MCP Server capabilities
10 toolsProduces bespoke output matrices tracking API keys bypassing IAM logic, anomalous login patterns, or Kubernetes process spawn trees. Execute an LQL Threat Hunting Query on-demand
Extracts precisely what baseline behavior was deviated from, providing deep contextual metadata such as explicit AWS Accounts involved, offending Container Image SHAs, and correlated external IP anomalies. Get exact behavioral payloads and telemetry for an Alert
Examines ECR/DockerHub registries or direct cluster deployments for images carrying critical inherited CVEs at the filesystem level before CI/CD promotion blocks. List static image vulnerabilities detected in Container Registries
Identifies running processes strictly matched against Critical or High CVEs (e.g., Log4j, Polkit) directly active inside EC2 or GCE instances. List known vulnerabilities executing natively on Cloud Hosts/VMs
These extract precise cloud telemetry fields mapping user-defined compliance checks directly against the underlying dataset. List all Lacework Query Language (LQL) structures
Helps define what constitutes "Production" vs "Staging" in Policy evaluation engines. List logical Resource Groups managing Lacework architectures
Confirms whether Lacework will alert directly if an engineer violates structural norms (e.g., exposing port 22 directly to 0.0.0.0/0). List all global Cloud Security Policies enforced by Lacework
Fetches events mapping to anomalous Kubernetes executions, AWS IAM brute-forcing attempts, and massive container network exfiltrations spanning the specified time filter. Search Cloud Security alerts dynamically across Lacework
Used to dynamically enumerate running instances, active networking perimeters, or unrestricted S3 buckets discovered by cross-account role polling. Query the real-time Lacework Cloud Control-Plane Asset Inventory
Directly filters the entire cloud infrastructure footprint determining exactly which specific nodes (Machines) are currently vulnerable to the designated CVE (e.g. "CVE-2026-0001"). Search all integrated Machines/Instances for a specific CVE
What the Lacework (Cloud Security & CNAPP) MCP Server unlocks
Connect your Lacework (FortiCNAPP) account to any AI agent and take full control of your cloud security posture and threat hunting through natural conversation.
What you can do
- Alert Orchestration — Search and retrieve deep behavioral telemetry for security alerts, identifying anomalous Kubernetes executions or AWS IAM brute-forcing attempts directly from your agent
- Vulnerability Management — List critical CVEs executing on cloud hosts and monitor static image vulnerabilities in your container registries (ECR, DockerHub)
- Emergency Incident Response — Instantly search your entire infrastructure for specific CVE exposure (e.g., Log4j) to identify vulnerable nodes during zero-day events
- Asset Inventory Audit — Query the real-time cloud control-plane to enumerate running instances, unrestricted S3 buckets, and active networking perimeters
- Threat Hunting (LQL) — Execute specialized Lacework Query Language (LQL) requests to analyze vast datasets for anomalous login patterns or API key abuse
- Compliance Monitoring — List and audit global cloud security policies to ensure your infrastructure remains within regulatory and organizational norms
How it works
1. Subscribe to this server
2. Enter your Lacework Account, Key ID, and Secret
3. Start monitoring your cloud security from Claude, Cursor, or any MCP-compatible client
Who is this for?
- Security Analysts — hunt for threats and investigate polygraph alerts through natural conversation without manual dashboard filtering
- DevOps & SREs — monitor container and host vulnerabilities to ensure only secure images are promoted through the CI/CD pipeline
- Compliance Officers — audit security policies and unrestricted cloud assets to maintain a robust organizational security posture
Frequently asked questions about the Lacework (Cloud Security & CNAPP) MCP Server
Can I search for specific CVE exposure across my whole cloud environment?
Yes. Use the search_cve_exposure tool and provide the official CVE ID (e.g. CVE-2023-1234). Your agent will filter the entire cloud footprint to determine exactly which specific nodes or machines are currently vulnerable.
How do I investigate the behavioral telemetry of a specific security alert?
The get_alert tool extracts precisely what baseline behavior was deviated from for a specific Alert ID. Your agent will return detailed contextual metadata, including offending container SHAs and correlated IP anomalies.
Can my agent run custom threat hunting queries using LQL?
Absolutely. Use the execute_query tool to run specialized Lacework Query Language (LQL) blocks. This allows your agent to perform complex mathematical analysis on cloud telemetry to identify deep security patterns.
More in this category
Brex
10 toolsEquip your AI to navigate your Brex suite. Spin up virtual cards, route new team members, and check daily cash allocations through natural chat.
Censys
9 toolsSearch internet-connected hosts, SSL certificates and attack surface — discover exposed services and vulnerabilities.
Atlassian Crowd
10 toolsEquip your AI agent to manage users, groups, and directory memberships via the Atlassian Crowd API.
You might also like
Ortto (formerly Autopilot)
10 toolsManage your CDP, customer data, and marketing automations via Ortto — orchestrate journeys natively via AI.
Everhour Time Tracking
10 toolsEquip your AI agent to track time, manage projects, and monitor budgets via the Everhour API.
Road511 Trucking
10 toolsAccess trucking data via Road511 — track truck routes, bridge clearances, weigh stations, truck stops, parking, and weight restrictions across US and Canada from any AI agent.
Connect Lacework (Cloud Security & CNAPP) with your favorite client
Step-by-step setup guides for every MCP-compatible client and framework:
Anthropic's native desktop app for Claude with built-in MCP support.
AI-first code editor with integrated LLM-powered coding assistance.
GitHub Copilot in VS Code with Agent mode and MCP support.
Purpose-built IDE for agentic AI coding workflows.
Autonomous AI coding agent that runs inside VS Code.
Anthropic's agentic CLI for terminal-first development.
Python SDK for building production-grade OpenAI agent workflows.
Google's framework for building production AI agents.
Type-safe agent development for Python with first-class MCP support.
TypeScript toolkit for building AI-powered web applications.
TypeScript-native agent framework for modern web stacks.
Python framework for orchestrating collaborative AI agent crews.
Leading Python framework for composable LLM applications.
Data-aware AI agent framework for structured and unstructured sources.
Microsoft's framework for multi-agent collaborative conversations.
Give your AI agents the power of Lacework MCP Server
Production-grade Lacework (Cloud Security & CNAPP) MCP Server. Verified, monitored, and maintained by Vinkius. Ready for your AI agents — connect and start using immediately.