How to Use the Lacework (Cloud Security & CNAPP) MCP in Claude

Q: How do I query security alerts with Lacework (Cloud Security & CNAPP) in Claude Desktop?

Use searchalerts inside Claude Desktop to fetch events matching anomalous Kubernetes executions or AWS IAM brute-forcing attempts. The tool returns structured JSON alerts directly into your chat, allowing you to ask follow-up questions or build remediation steps on the spot.

Q: Can I search for specific CVE exposures using Lacework (Cloud Security & CNAPP) on Claude Desktop?

Yes, this MCP Server lets you call searchcveexposure directly within your Claude Desktop workspace. You provide the CVE ID, and Claude Desktop scans your integrated host machines to tell you exactly which active instances are vulnerable.

Q: How do I check global cloud policies with Lacework (Cloud Security & CNAPP) on Claude Desktop?

Your Claude Desktop client runs listsecuritypolicies to review the active rules enforced across your infrastructure. It shows you exactly what triggers alerts, like exposing port 22 to the public internet, so you can fix drift immediately.

Q: What is the setup process for configuring this tool with my local Claude Desktop config file?

You add the configuration block to your local claudedesktopconfig.json file under the mcpServers key. Once saved, restart the desktop app to see the hammer icon in your chat window, indicating the tools are ready.

Get raw Lacework security telemetry and run custom LQL threat hunting queries directly inside your Claude Desktop chat workspace.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Lacework (Cloud Security & CNAPP) MCP to Claude Desktop

Create your Vinkius account to connect Lacework (Cloud Security & CNAPP) to Claude Desktop and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Lacework (Cloud Security & CNAPP) with Claude Desktop

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Hunt active threats inside Claude Desktop

`execute_query` lets your Claude Desktop client run custom Lacework Query Language (LQL) structures directly from your local system shell to pinpoint malicious activity in real-time. You pull active process spawn trees or track API keys that managed to bypass your IAM logic without leaving the chat interface. Claude Desktop handles the execution via this MCP Server as a local subprocess, feeding the raw LQL JSON payload straight into your active desktop chat window. This means you analyze complex behavior patterns and build incident timelines using live telemetry instead of copy-pasting raw logs.

Audit container and host vulnerability profiles

`list_container_vulnerabilities` exposes static image vulnerabilities detected in your registries, allowing Claude Desktop to cross-reference them with active EC2 or GCE nodes. Your agent cross-references these issues with running instances using `list_host_vulnerabilities` to see if a critical CVE is actively executing on a machine. This MCP Server setup gives Claude Desktop direct access to your cloud security posture, letting you spot things like active Log4j or Polkit exposures instantly. You skip the usual console hunting entirely.

Investigate security alerts and inventory changes

This MCP Server retrieves critical event details from your Kubernetes clusters, allowing Claude Desktop to parse AWS IAM brute-forcing attempts. When an alert flags an issue, `get_alert` extracts the exact behavioral payloads, container image SHAs, and anomalous IP addresses involved. Your Claude Desktop client maps these alerts against your live assets using `search_cloud_inventory` to find exposed S3 buckets or open network perimeters. You get the full picture of an incident without logging into multiple cloud consoles.

Setup guide

Set up Lacework (Cloud Security & CNAPP) MCP in Claude Web or Desktop

1

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
2

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.
3

Start a conversation

Open a new chat. The Lacework (Cloud Security & CNAPP) MCP tools are available immediately — no restart needed.

Endpoint URL

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

No configuration file needed — paste the URL directly in the Claude web interface.

Available on Free (1 connector), Pro, Max, Team, and Enterprise plans.

Prerequisites

Claude Desktop installed (macOS or Windows)
Active Vinkius subscription with a valid endpoint token

1

Open Claude Desktop Settings

Click the menu icon at the top-left corner, go to Settings → Developer → Edit Config. This opens claude_desktop_config.json in your default text editor.
2

Paste the Lacework (Cloud Security & CNAPP) MCP configuration

Copy the JSON snippet on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Desktop

Close and reopen the application. Claude needs a full restart to load new MCPs — refreshing a conversation is not enough.
4

Verify the connection

Open a new conversation. Click the 🔌 icon at the bottom of the message input. You should see tools listed under lacework-cloud-security-cnapp-mcp.

json

{
  "mcpServers": {
    "lacework-cloud-security-cnapp-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Lacework. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Lacework (Cloud Security & CNAPP) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Lacework (Cloud Security & CNAPP) MCP in Claude Desktop

Use `search_alerts` inside Claude Desktop to fetch events matching anomalous Kubernetes executions or AWS IAM brute-forcing attempts. The tool returns structured JSON alerts directly into your chat, allowing you to ask follow-up questions or build remediation steps on the spot.

Yes, this MCP Server lets you call `search_cve_exposure` directly within your Claude Desktop workspace. You provide the CVE ID, and Claude Desktop scans your integrated host machines to tell you exactly which active instances are vulnerable.

Your Claude Desktop client runs `list_security_policies` to review the active rules enforced across your infrastructure. It shows you exactly what triggers alerts, like exposing port 22 to the public internet, so you can fix drift immediately.

You add the configuration block to your local `claude_desktop_config.json` file under the `mcpServers` key. Once saved, restart the desktop app to see the hammer icon in your chat window, indicating the tools are ready.

Vinkius runs this connector inside an isolated V8 sandbox, ensuring your AWS account IDs, container SHAs, and LQL queries are never exposed or stored. All requests are ephemeral and execute using a single, secure token that manages your Lacework credentials safely.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript