How to Use the Lacework (Cloud Security & CNAPP) MCP in LangChain

Q: How do I connect the Lacework (Cloud Security & CNAPP) MCP Server to a LangChain agent?

Install langchain-mcp-adapters and langgraph via pip. Initialize the client using MultiServerMCPClient with the Vinkius HTTP endpoint, then pass the tools from client.gettools() directly to your agent creator.

Q: Can a LangChain agent run custom threat hunting queries using Lacework (Cloud Security & CNAPP)?

Yes, the agent can invoke executequery to run on-demand LQL queries. This lets your chain inspect active Kubernetes process trees or IAM bypass patterns dynamically during execution.

Feed real-time telemetry directly into your LangChain reasoning loops via this MCP Server to triage active infrastructure threats.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Lacework (Cloud Security & CNAPP) MCP to LangChain

Create your Vinkius account to connect Lacework (Cloud Security & CNAPP) to LangChain and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Lacework (Cloud Security & CNAPP) with LangChain

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Multi-step incident triage with LangChain agents

The `get_alert` tool extracts raw behavioral payloads, AWS accounts, and container image SHAs involved in an active security incident. Your agent uses this metadata to construct the next link in the chain, pulling deep telemetry without manual human intervention. LangSmith traces every step of this analysis, showing you exactly which API parameters were passed when investigating a compromise. By chaining this tool with downstream lookups, your agent builds a clear timeline of the attack path.

Automated vulnerability verification on active hosts

The `list_host_vulnerabilities` tool identifies running processes matched against critical CVEs like Log4j or Polkit on EC2 and GCE instances. This allows your LangChain agent to verify if a reported container vulnerability is actually executing in your live environment. Instead of reading through endless static reports, the agent passes these live host metrics directly to your notification chains. You get immediate confirmation of active risks without wasting cycles on dormant images. This MCP Server makes live verification a standard step in your CI/CD pipelines.

Custom LQL threat hunting inside LangChain loops

The `execute_query` tool runs custom Lacework Query Language (LQL) structures to track API key bypasses or anomalous Kubernetes process trees. LangChain chains feed the output of this tool directly into security analysis prompts to determine if an anomaly is a false positive. Your agent dynamically adjusts its search parameters based on the LQL results, querying adjacent logs in the same run. This approach turns static security policies into an active, self-correcting defense mechanism.

Setup guide

Set up Lacework (Cloud Security & CNAPP) MCP in LangChain

Prerequisites

Python 3.10+ installed
langchain-mcp-adapters + langgraph packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run pip install langchain-mcp-adapters langgraph langchain-openai. The MCP adapters package converts MCP tools into native LangChain BaseTool objects.
2

Connect via HTTP transport
Use MultiServerMCPClient with "transport": "http" pointing to your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.
3

Create a ReAct agent
Pass the discovered tools to create_react_agent() from LangGraph. The agent automatically routes Lacework (Cloud Security & CNAPP) tool calls through the MCP protocol.
4

Run with any LLM
Swap ChatOpenAI for ChatAnthropic, ChatGoogleGenerativeAI, or any LangChain-compatible model. The MCP tools work identically across all providers.

agent.py

from langchain_mcp_adapters.client import MultiServerMCPClient
from langgraph.prebuilt import create_react_agent
from langchain_openai import ChatOpenAI

async with MultiServerMCPClient({
    "lacework-cloud-security-cnapp-mcp": {
        "transport": "http",
        "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
    }
}) as client:
    tools = client.get_tools()

    agent = create_react_agent(
        ChatOpenAI(model="gpt-4o"),
        tools,
    )
    result = await agent.ainvoke({
        "messages": "List recent Lacework (Cloud Security & CNAPP) transactions"
    })
    print(result["messages"][-1].content)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Lacework. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Lacework (Cloud Security & CNAPP) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Lacework (Cloud Security & CNAPP) MCP in LangChain

Install `langchain-mcp-adapters` and `langgraph` via pip. Initialize the client using `MultiServerMCPClient` with the Vinkius HTTP endpoint, then pass the tools from `client.get_tools()` directly to your agent creator.

Yes, the agent can invoke `execute_query` to run on-demand LQL queries. This lets your chain inspect active Kubernetes process trees or IAM bypass patterns dynamically during execution.

LangSmith traces the exact inputs and outputs of tools like `search_alerts` or `list_container_vulnerabilities`. You can inspect latency, token usage, and the precise JSON payloads returned by the server.

Yes, you can register this server alongside database or vector store tools. This allows your agent to cross-reference active alerts with internal asset registers in one execution path.

All data remains isolated within secure V8 sandboxes. Your raw alert payloads and container vulnerability lists are never used for model training, keeping your cloud perimeter details strictly confidential.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript