Can I block a malicious IP address directly from my agent?

Yes. Using the `create_ip_acl_rule` tool, you can immediately add an IP or CIDR range to your global denylist (black list) to mitigate threats as soon as they are identified during your security audit.

Is it possible to triage vulnerabilities and change their status via chat?

Absolutely. You can use `update_vulnerability_status` to change a vulnerability's lifecycle status (e.g., to closed or false positive) once you have investigated it or applied remediation steps.

Wallarm MCP Server for LlamaIndex 10 tools — connect in under 2 minutes

Name: Wallarm
Availability: InStock
Author: Vinkius

docs.llamaindex.ai/en/stable/module_guides/tools/mcp

Built by Vinkius GDPR 10 Tools Framework

LlamaIndex specializes in data-aware AI agents that connect LLMs to structured and unstructured sources. Add Wallarm as an MCP tool provider through Vinkius and your agents can query, analyze, and act on live data alongside your existing indexes.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

python

import asyncio
from llama_index.tools.mcp import BasicMCPClient, McpToolSpec
from llama_index.core.agent.workflow import FunctionAgent
from llama_index.llms.openai import OpenAI

async def main():
    # Your Vinkius token. get it at cloud.vinkius.com
    mcp_client = BasicMCPClient("https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
    mcp_tool_spec = McpToolSpec(client=mcp_client)
    tools = await mcp_tool_spec.to_tool_list_async()

    agent = FunctionAgent(
        tools=tools,
        llm=OpenAI(model="gpt-4o"),
        system_prompt=(
            "You are an assistant with access to Wallarm. "
            "You have 10 tools available."
        ),
    )

    response = await agent.run(
        "What tools are available in Wallarm?"
    )
    print(response)

asyncio.run(main())

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About Wallarm MCP Server

Connect your Wallarm account to any AI agent and secure your API infrastructure through natural conversation.

LlamaIndex agents combine Wallarm tool responses with indexed documents for comprehensive, grounded answers. Connect 10 tools through Vinkius and query live data alongside vector stores and SQL databases in a single turn. ideal for hybrid search, data enrichment, and analytical workflows.

What you can do

Security Attacks — Monitor and search for active security attacks detected by Wallarm, grouped by vector (SQLi, XSS, etc.)
Granular Hits — Perform deep forensics by searching for individual malicious HTTP request hits with full payloads
Vulnerability Management — List and triage security vulnerabilities discovered in live API traffic directly from your agent
API Inventory — Retrieve the automatically discovered API inventory to see all exposed endpoints and methods
Filtering Nodes — Verify the health and heartbeat status of your deployed WAF and API gateway filtering nodes
IP Control — Audit and manage IP allowlist/denylist rules to immediately block malicious sources or allow trusted partners
Remediation Guidance — Access comprehensive diagnostic data and CWE mappings for specific vulnerabilities

The Wallarm MCP Server exposes 10 tools through the Vinkius. Connect it to LlamaIndex in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect Wallarm to LlamaIndex via MCP

Follow these steps to integrate the Wallarm MCP Server with LlamaIndex.

Install dependencies

Run pip install llama-index-tools-mcp llama-index-llms-openai

Replace the token

Replace [YOUR_TOKEN_HERE] with your Vinkius token

Run the agent

Save to agent.py and run: python agent.py

Explore tools

The agent discovers 10 tools from Wallarm

Why Use LlamaIndex with the Wallarm MCP Server

LlamaIndex provides unique advantages when paired with Wallarm through the Model Context Protocol.

Data-first architecture: LlamaIndex agents combine Wallarm tool responses with indexed documents for comprehensive, grounded answers

Query pipeline framework lets you chain Wallarm tool calls with transformations, filters, and re-rankers in a typed pipeline

Multi-source reasoning: agents can query Wallarm, a vector store, and a SQL database in a single turn and synthesize results

Observability integrations show exactly what Wallarm tools were called, what data was returned, and how it influenced the final answer

Wallarm + LlamaIndex Use Cases

Practical scenarios where LlamaIndex combined with the Wallarm MCP Server delivers measurable value.

Hybrid search: combine Wallarm real-time data with embedded document indexes for answers that are both current and comprehensive

Data enrichment: query Wallarm to augment indexed data with live information before generating user-facing responses

Knowledge base agents: build agents that maintain and update knowledge bases by periodically querying Wallarm for fresh data

Analytical workflows: chain Wallarm queries with LlamaIndex's data connectors to build multi-source analytical reports

Wallarm MCP Tools for LlamaIndex (10)

These 10 tools become available when you connect Wallarm to LlamaIndex via MCP:

create_ip_acl_rule

list_type must be "white" or "black". Adds an IP or CIDR range to the global allowlist or denylist

get_client_info

Retrieves details about the Wallarm account, subscription, and feature status

get_discovered_api_inventory

Retrieves the API inventory automatically discovered through passive traffic analysis

get_vulnerability_details

Retrieves comprehensive diagnostic data and exploit evidence for a specific vulnerability ID

list_filtering_nodes

Lists all deployed Wallarm WAF/API gateway filtering nodes

list_ip_acl_rules

Lists configured IP allowlist and denylist rules

search_security_attacks

Searches for security attacks detected by Wallarm, grouped by vector (SQLi, XSS, etc.)

search_security_hits

Shows full request headers and payloads for blocked traffic. Searches for granular individual malicious HTTP request hits intercepted by WAF nodes

search_vulnerabilities

Lists all open security vulnerabilities discovered in live API traffic

update_vulnerability_status

Valid statuses: open, closed, falsepositive. Changes the lifecycle status of a vulnerability (e.g., mark as closed or false positive)

Example Prompts for Wallarm in LlamaIndex

Ready-to-use prompts you can give your LlamaIndex agent to start working with Wallarm immediately.

"List all security attacks detected in the last hour."

"Block the malicious IP address 1.2.3.4 immediately."

"What vulnerabilities are currently open in our production API?"

Troubleshooting Wallarm MCP Server with LlamaIndex

Common issues when connecting Wallarm to LlamaIndex through the Vinkius, and how to resolve them.

BasicMCPClient not found

Install: pip install llama-index-tools-mcp

Wallarm + LlamaIndex FAQ

Common questions about integrating Wallarm MCP Server with LlamaIndex.

How does LlamaIndex connect to MCP servers?

Use the MCP client adapter to create a connection. LlamaIndex discovers all tools and wraps them as query engine tools compatible with any LlamaIndex agent.

Can I combine MCP tools with vector stores?

Yes. LlamaIndex agents can query Wallarm tools and vector store indexes in the same turn, combining real-time and embedded data for grounded responses.