MCP.so
登录
L

Lacework Mcp Server

@shashwat-sec

关于 Lacework Mcp Server

暂无概览

基本信息

分类

其他

传输方式

stdio

发布者

shashwat-sec

提交者

Shashwat Singh

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "lacework": {
      "command": "/path/to/lacework_mcp_server/.venv/bin/python",
      "args": [
        "/path/to/lacework_mcp_server/lacework_mcp_server.py"
      ]
    }
  }
}

工具

9

List alerts within an optional time range (supports relative times like `2h`, `last 2 hours`)

Search alerts with filters (severity, status, alert type) and flexible time inputs (`30m`, `last 2 hours`, `2024-06-01`)

Get detailed info for a specific alert (Details, Investigation, Events, RelatedAlerts, Integrations, Timeline, ObservationTimeline)

Shortcut – get the timeline for an alert

Shortcut – get investigation details for an alert

List entities (machines, IPs) associated with an alert

Get enriched context for a specific entity (VirusTotal, network activity, etc.)

Post a comment on an alert's timeline

Close an alert with a reason code

概览

What is Lacework Mcp Server?

An MCP server built with FastMCP that exposes Lacework API v2 alert operations as tools for AI agents and LLM integrations. Designed for security teams who want to query, investigate, and manage Lacework alerts through natural language interfaces.

How to use Lacework Mcp Server?

Clone the repo, set up a Python 3.10+ virtual environment, install dependencies with pip install -e ., and configure Lacework credentials via ~/.lacework.json or environment variables (LACEWORK_ACCOUNT, LACEWORK_KEY_ID, LACEWORK_SECRET). Run the server with python lacework_mcp_server.py for stdio (local) or with --transport sse / --transport streamable-http for remote HTTP access. Credentials can also be passed as tool parameters per request when running remotely.

Key features of Lacework Mcp Server

  • Nine alert‑focused tools: list, search, details, timeline, investigation, entities, comments, close.
  • Supports flexible time ranges (e.g., 2h, last 2 hours, specific dates).
  • Environment or config‑file based credential loading with fallback.
  • Per‑request credentials for multi‑tenant or remote scenarios.
  • Automatic token refresh using Lacework API v2 authentication.
  • Client caching reuses tokens across calls for the same account.
  • Multiple transport modes: stdio, SSE, Streamable HTTP.

Use cases of Lacework Mcp Server

  • List recent alerts within a custom time window.
  • Search alerts by severity, status, or alert type.
  • Retrieve full alert details including investigation and timeline.
  • Post comments or close alerts directly from an AI assistant.
  • Get enriched entity context (e.g., VirusTotal, network activity).

FAQ from Lacework Mcp Server

How do I configure Lacework credentials?

Two options: a config file at ~/.lacework.json with account, keyId, secret; or environment variables LACEWORK_ACCOUNT, LACEWORK_KEY_ID, LACEWORK_SECRET. Environment variables take precedence.

Can I run the server remotely?

Yes. Use --transport sse or --transport streamable-http to serve over HTTP. Callers then pass lacework_account, lacework_key_id, and lacework_secret as optional parameters on each tool call.

What are the rate limits and time range constraints?

Lacework API v2 enforces 480 requests per hour per functionality. Time ranges are limited to a maximum of 7 days per request.

How does authentication work?

The server uses POST /api/v2/access/tokens to obtain tokens and automatically refreshes them as needed. Tokens are cached per account for reuse across calls.

What transports are supported for integrating with MCP clients?

The server supports stdio (for local use with Claude Desktop, VS Code), SSE (Server‑Sent Events), and Streamable HTTP. Remote clients connect via a URL like http://your-server-host:8000/sse.

评论

其他 分类下的更多 MCP 服务器