Prisma Access MCP for AI. Audit your network policies and threat logs in a single query.

Q: How do I check if an old user account is still active using getusers?

Run getusers and filter the results by last login date. This tool lists all connected remote users, so you can quickly identify accounts that haven't logged in recently or are flagged as inactive.

Q: Can I check if my security policies are blocking a specific type of traffic?

Yes. First, use getpolicies to list the rules. Then, you can compare those policies against what is being captured in your network flow data via gettrafficlogs to find potential gaps.

Q: What should I check if users complain about slow connections?

Check connectivity in steps: 1) Run gettunnels for tunnel status. 2) Check getserviceendpoints to validate local PoP health. 3) Review gettrafficlogs to see if bandwidth is maxed out.

Q: How do I check for a recent breach event?

The quickest way is running getthreatlogs. This tool pulls the most critical data, including severity and attack details. If you spot an ID, run getusers to see which user owned that connection.

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Connect to your AI in seconds.

Prisma Access connects network security audits to any AI agent via MCP. It lets you run complex checks on your entire SASE environment, from auditing security policies (`get_policies`) to checking global PoP connectivity (`get_service_endpoints`).

Use it to review threat logs, analyze traffic patterns, and verify which remote users are connected right now.

What your AI can do

Get locations

Lists mobile user locations and remote networks for topology review or routing troubleshooting.

Get policies

Retrieves a list of all security policies enforced in Prisma Access, useful for auditing SASE compliance.

Get service endpoints

Lists the global service endpoints (PoPs) available through Prisma Access to check regional connectivity.

+ 4 more capabilities included

Audit Network Policies

Lists all security policies currently enforced by Prisma Access, letting you check for compliance gaps.

Retrieve Threat Logs

Pulls recent threat detection data. You get the severity, details of the attack, and what action was taken against it.

Monitor Network Flow

Gets network traffic logs to analyze usage patterns or debug why certain users can't access resources.

Verify Global Connectivity

Lists Prisma Access service endpoints (PoPs), confirming regional reach and connectivity options.

Review Network Topology

Lists mobile user locations and remote networks, giving you a map of your current network footprint.

Track User Status

Retrieves a list of all remote users currently connected to the Prisma Access system.

Ask an AI about this

Prisma Access: 7 Tools for Network & Security Audits

These seven tools let you audit every layer of the network stack—from user identity to global service endpoint status—without leaving your AI chat.

Make your AI actually useful.

Add this MCP to Claude, Cursor, or Windsurf and your AI stops guessing. It gets real tools to look things up, take action, and handle the stuff you keep doing by hand.

Start using Prisma Access on Vinkius

Get Locations

Lists mobile user locations and remote networks for topology review or routing troubleshooting.

Get Policies

Retrieves a list of all security policies enforced in Prisma Access, useful for...

Get Service Endpoints

Lists the global service endpoints (PoPs) available through Prisma Access to check...

Get Threat Logs

Pulls recent threat detection logs, including severity and action taken, for...

Get Traffic Logs

Retrieves network traffic logs to help analyze usage patterns or debug access issues...

Get Tunnels

Lists active SD-WAN and network tunnels, helping monitor connectivity status or diagnose tunnel drops.

Get Users

Lists all remote users connected to Prisma Access for auditing access or identifying inactive accounts.

Security and governance baked right in.

Pick your AI client below to get set up. Just create a Vinkius account, subscribe, and you're instantly up and running. We handle the entire backend infrastructure, delivering out-of-the-box support for HTTPS Streamable, SSE, and OAuth2—zero messy routing required.

Claude AI

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL:

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.

Start a conversation

Open a new chat. The Prisma Access integration is available immediately — no restart needed.

Antigravity

Configure Agent Environment

Open your Antigravity agent's workspace configuration or mcp-servers.json file.

Bind the Endpoint

Add the Vinkius endpoint URL to your agent's MCP connections list:

"mcp_servers": {
  "prisma-access": {
    "serverUrl": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
  }
}

Provide your secure token in place of [YOUR_TOKEN_HERE] to ensure your agent requests are authenticated.

Execute

Start your Antigravity session. The agent will autonomously discover and utilize the Prisma Access tools with full Vinkius guardrails applied.

VS Code Copilot

⚡

One-Click Install (Recommended)

In your Vinkius Dashboard, simply click the Add to VS Code button for this server. We'll automatically configure your local workspace.

Or configure manually

Open MCP Settings

Open VS Code, press Ctrl/Cmd + Shift + P, and search for GitHub Copilot: MCP Servers.

Add Server Config

Add the Vinkius endpoint configuration to your mcp-servers.json file:

"prisma-access": {
  "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}

Ensure you replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

LangChain

Install Dependencies

Install the LangChain MCP adapters for your environment:

pip install langchain-mcp-adapters

Connect the Server

Use the SSEClient in LangChain to connect to the Vinkius managed endpoint:

from langchain_mcp_adapters.client import SSEClient

# Connect to Vinkius
client = SSEClient(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")
tools = client.get_tools()

CrewAI

Define the Tool

Load the Vinkius MCP tools into your CrewAI agents:

from crewai import Agent
from mcp_crewai import MCPTool

# Connect securely to Vinkius
vinkius_tools = MCPTool(url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp")

# Assign to Agent
researcher = Agent(
    role='Data Researcher',
    tools=vinkius_tools.get_all()
)

Execute Task

Run your CrewAI process. The agent will autonomously route tasks to the Vinkius managed server.

Choose How to Get Started

Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.

Build Your Own

Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.

Import from OpenAPI, Swagger, or YAML specs
Create Agent Skills with progressive disclosure
Deploy to edge with MCPFusion framework
Built in DLP, auth, and compliance on every call
Real time usage dashboard and cost metering
Publish to catalog or keep private

Start building

Make Your AI Do More

Start with Prisma Access, then connect any of our 5,100+ other servers whenever your AI needs more. One click, no limits.

Use this MCP plus 5,100+ others, all in one place
Add new capabilities to your AI anytime you want
Every connection is secured and compliant automatically
Track usage and costs across all your servers
Works with Claude, ChatGPT, Cursor, and more
New servers added to the catalog every week

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Prisma Access. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

VINKIUS INFRASTRUCTURE

Cloud Hosted

Managed infra

V8 Isolated

Sandboxed per request

Zero-Trust Proxy

No stored credentials

DLP Enforced

Policy on every call

GDPR Compliant

EU data residency

Token Compression

~60% cost reduction

Your data is protected. See how we built it.

Works with Claude, ChatGPT, Cursor, and more

The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.

This connection provides 7 powerful capabilities that interface natively with Claude, ChatGPT, Cursor, and other compatible AI platforms. No middleware. No custom integration required.

Checking network status used to mean jumping through five different web dashboards.

You know the drill. A user reports a connection error, so you check the VPN dashboard for active users. Then you open the policy console to verify the rules. After that, you have to jump to the global PoP map to see if the region is even supported. You spend twenty minutes copy-pasting IDs and checking timestamps across three different screens.

With Prisma Access MCP Server, your agent handles this whole sequence in one shot. Need to know who’s connected AND what rules apply? Just ask. The agent executes `get_users` and `get_policies`, giving you the correlated data set without leaving the chat.

Prisma Access MCP Server: Get a full audit of policies, threats, and endpoints.

Before this server, checking threat logs meant manually correlating timestamps between `get_threat_logs` and the actual user identity list. It was slow, error-prone work that required deep knowledge of the system's internal IDs.

Now, you just ask for 'all security violations involving remote users.' The agent handles the joins, running the relevant tools to deliver a single, clean report. It’s instant network visibility—no more dashboard clicking.

Support 24/7 support@vinkius.com ↗

Security Vinkius Trust Center ↗

SLA Service Level Agreement ↗

Report Listing Send Report ↗

What your AI can actually do with this

Prisma Access lets your AI agent punch through your network security data. Forget logging into a dozen different dashboards just to check if everything's running right. This server gives your agent direct access to run complex checks across your entire SASE environment, letting you audit policies, track threats, and verify who’s connected—all from one place.

Auditing Network Policies: You can use get_policies to pull a full list of every security rule Prisma Access enforces. This is critical for compliance audits; it lets you check for any gaps or rules that might be too permissive across your setup.

Tracking User Status and Connectivity: Your agent uses get_users to pull a current list of all remote users connected to the system, helping you audit access immediately or spot accounts sitting there doing nothing. To monitor how those connections are actually running, it calls get_tunnels, which lists all active SD-WAN and network tunnels, letting you check connectivity status or diagnose if a tunnel just dropped.

Mapping Network Topology: If you need to know where your users are operating from, the agent runs get_locations. This tool lists mobile user locations and remote networks, giving you an instant map of your current network footprint for routing troubleshooting or general topology review.

Monitoring Traffic Flow: To figure out why someone can't access a resource or just analyze how much bandwidth people are using, the agent runs get_traffic_logs. This retrieves detailed network traffic logs so you can analyze usage patterns or debug specific access issues quickly.

Investigating Threats and Service Health: When something goes wrong, your agent hits the data hard. It calls get_threat_logs to pull recent threat detection records. These logs give you the severity level of an attack, the details of what was compromised, and what action Prisma Access actually took against it. For regional reach checks, the agent uses get_service_endpoints, which lists all global service endpoints (PoPs) available through Prisma Access; this confirms your regional connectivity options across the board.

Comprehensive Data Retrieval: You can also check the overall health of the system using get_policies for a comprehensive view of enforcement rules, and you can run get_service_endpoints to verify that all global points of presence are active. It’s designed so your agent doesn't have to jump between tools; it pulls everything together.

This setup gives your AI client the raw data—the policies, the logs, the connections—so you don't gotta waste time clicking around in a dozen different web consoles. You just tell it what you need, and it gets the facts.

Built · Hosted · Managed by Vinkius Prisma Access MCP Server - Audit Network & Security

Server ID 019d75f9-97de-71a1-ae4b-928eeaec57d1

Vinkius Inspector

Compliance Grade A+

Score 100/100

Report View Report ↗

Here's how it actually works

The bottom line is: instead of running three different scripts or checking three separate dashboards, your agent runs all necessary network and security checks using one prompt.

Tell your AI client what you need: 'Check for suspicious activity on user accounts.'

The agent recognizes this is a networking task and invokes get_threat_logs and get_users in sequence.

Your client receives structured data containing the list of active users alongside recent threat detections, allowing you to review anomalies immediately.

Who is this actually for?

Security Engineers who spend too much time clicking through multiple vendor dashboards. Network Architects needing to verify global PoP status against compliance rules. Compliance Officers who have to prove that every remote connection is logged and policy-checked.

Security Engineer

Uses get_threat_logs and get_policies together to investigate an incident, quickly verifying if the attack falls outside established security rules.

Network Architect

Runs get_locations and get_service_endpoints to map out network gaps or validate connectivity plans for new office deployments.

Compliance Officer

Uses get_users and get_policies to generate an audit report, confirming that all remote accounts adhere to current company security standards.

What Changes When You Connect

See who’s connected right now: Use get_users to instantly list all remote clients. This is faster than checking the VPN console, especially during an incident.

Verify global coverage: Run get_service_endpoints to confirm if a new region has available PoPs before deployment. You can't plan without knowing your physical reach.

Deep dive into attacks: Combine get_threat_logs with get_policies. The agent shows you not just what happened, but whether the action violated an existing rule.

Debug connectivity quickly: If users complain about slowness, run get_traffic_logs and then check get_tunnels to see if the flow is blocked or failing at the tunnel level. It saves hours of manual troubleshooting.

Audit network shape: Use get_locations to map out your entire remote footprint in minutes. This helps you identify any unexpected, unauthorized endpoints accessing your resources.

See it in action

01 01

Investigating a suspected data breach

A security engineer gets an alert about unusual activity. They ask their agent to run get_threat_logs and then cross-reference the timestamps with get_traffic_logs. The agent finds suspicious outbound traffic patterns linked to specific user IDs, narrowing down the scope of the breach instantly.

02 02

Verifying compliance for a new region

A network architect needs to connect an office in a new country. They run get_service_endpoints first to confirm local PoP availability, then use get_policies to ensure the existing corporate security rules will apply correctly to that endpoint.

03 03

Debugging intermittent VPN drops

A field team reports constant tunnel disconnects. The agent runs get_tunnels and sees multiple flapping links. They then check get_users to see if a sudden spike in connected users correlates with the tunnel instability, pointing to potential capacity issues.

04 04

Onboarding an executive account

A compliance officer needs to confirm the new exec's access is minimal. They run get_policies to review all rules and then use get_users to ensure only their specific credentials are logged as active, preventing over-privileging.

The honest tradeoffs

Looking at logs without context

Anti-pattern

Running only get_traffic_logs and seeing a high volume of data. The user assumes it's malicious but doesn't know if the traffic is authorized or expected.

The Fix

First, run get_policies. Check if the observed traffic type (e.g., SSH) is allowed by policy. Then, verify who generated that traffic using get_users to assign accountability.

Assuming all endpoints are covered

Anti-pattern

A developer assumes their branch office uses a primary PoP simply because the main HQ does. They miss regional connectivity gaps.

The Fix

Always run get_service_endpoints to get a comprehensive list of global Points of Presence (PoPs). This verifies your actual network coverage, not just what you expect.

Ignoring account status

Anti-pattern

Finding an anomaly in get_threat_logs and immediately assuming it’s a breach. The threat could be from an authorized, but currently inactive, user.

The Fix

Always cross-reference the suspicious activity against get_users. This confirms if the account was active within the expected window before the incident occurred.

Questions you might have

How do I check if an old user account is still active using get_users? +

Run get_users and filter the results by last login date. This tool lists all connected remote users, so you can quickly identify accounts that haven't logged in recently or are flagged as inactive.

Can I check if my security policies are blocking a specific type of traffic? +

Yes. First, use get_policies to list the rules. Then, you can compare those policies against what is being captured in your network flow data via get_traffic_logs to find potential gaps.

What should I check if users complain about slow connections? +

Check connectivity in steps: 1) Run get_tunnels for tunnel status. 2) Check get_service_endpoints to validate local PoP health. 3) Review get_traffic_logs to see if bandwidth is maxed out.

How do I check for a recent breach event? +

The quickest way is running get_threat_logs. This tool pulls the most critical data, including severity and attack details. If you spot an ID, run get_users to see which user owned that connection.

How can I use get_locations to map out our remote network topology? +

This tool lists mobile user locations and remote networks. You get a clear view of every connected endpoint, letting you audit your overall coverage area and understand where users are physically connecting from.

What should I check with the get_tunnels tool if we suspect intermittent network drops? +

It lists all active SD-WAN and network tunnels. You can monitor connectivity status here, verifying tunnel links and identifying exactly which connections are dropping or showing instability.

How do I use get_service_endpoints to verify our PoP list for DNS routing? +

This tool lists all Prisma Access service endpoints (PoPs). You confirm the physical locations and services available, which is necessary for setting up optimal regional connectivity and verifying DNS records.

If a user reports an access issue, how does running get_traffic_logs help me debug the connection? +

It retrieves recent network traffic logs. You analyze this data to pinpoint specific usage patterns or determine exactly at which point the connection is failing.

Connect to your AI in seconds.

Get locations

Get policies

Get service endpoints

Prisma Access: 7 Tools for Network & Security Audits

Make your AI actually useful.

Get Locations

Get Policies

Get Service Endpoints

Get Threat Logs

Get Traffic Logs

Get Tunnels

Get Users

Security and governance baked right in.

Claude AI

Open Claude Settings

Add Custom Connector

Start a conversation

Claude Code

Open your terminal

Add the MCP Server

Start coding

Cursor

One-Click Install (Recommended)

Open Cursor Settings

Add New Server

Use in Composer

Antigravity

Configure Agent Environment

Bind the Endpoint

Execute

VS Code Copilot

One-Click Install (Recommended)

Open MCP Settings

Add Server Config

Windsurf

One-Click Install (Recommended)

Open Windsurf Settings

Add Server Endpoint

LangChain

Install Dependencies

Connect the Server

CrewAI

Define the Tool

Execute Task

Choose How to Get Started

Build Your Own

Make Your AI Do More

Works with Claude, ChatGPT, Cursor, and more

Checking network status used to mean jumping through five different web dashboards.

Prisma Access MCP Server: Get a full audit of policies, threats, and endpoints.

What your AI can actually do with this

Here's how it actually works

Who is this actually for?

What Changes When You Connect

See it in action

Investigating a suspected data breach

Verifying compliance for a new region

Debugging intermittent VPN drops

Onboarding an executive account

The honest tradeoffs

Looking at logs without context

Assuming all endpoints are covered

Ignoring account status

When It Fits, When It Doesn't

Questions you might have