LimaCharlie MCP would be a great start to allow developers to create and integrate AI SOC functionalities across all of LimaCharlie’s APIs and Python CLI/SDK.
You read my mind, it’s going to be my weekend. 
We’re also rewriting the ext-ai-agent-engine to use the new Google Agent Development Kit. So lots of new AI Agent stuff coming soon.
2 Likes
Would you do me the honors to be the first external person to give it a try?
I’ve been using it internally with the rebuild of our ext-ai-agent-engine that I should be able to get out shortly.
Yes, I would love to test out the MCP Server 
MCP server working! @maximelb
Its awesome!
I tried to set it up using OpenAI Agent SDK, works fine as well.
Guess its just a matter of adding the capabilities now 
Nice!
Is there a y capabilities you’d like to see before others?
Me personally, since I’m trying to create an AI SOC on top of LC, I think the following would be nice:
The essentials maybe:
-create/set/push D&R rules —> can be combined with LC RAG Knowledge Base and the detection alert webhooks to expand on specific D&R rules
-Seal and Isolate sensors
Nice to haves:
-create/set/push FP rules —> automatically push the FP rules the same way, when we click the “Mark False Positive” button from the Detections module from the web GUI
-Replay or LCQL (maybe)
Not too sure but these are the main capabilities from the top of my head 
Great, should be easy to add.
1 Like
Hi @maximelb I was testing the get_mitre_report MCP tool, but keep getting this error:
{“error”: “Failed to get JWT from API key oid= uid=None: No API key set”}
Do I need to provide a UID as well?
I was able to authenticate the MCPSSEServer session properly and use the other tools, but when I try to use the get_mitre_report tool, it keeps failing and giving me that response for some reason.
Is there a specific way to hit the get_mitre_report tool?
Thank you
Nah pretty sure it’s just not a helpful message after a re-auth where you’re missing a permission. That API required dr.list as a permission, can you check you have it? Will make a note to rework the SDK to make that error more obvious.
1 Like
Hi @maximelb I’m seem to be having issues with the “isolate_network” tool in the MCP.
It returns me:
2025-05-09 00:03:47,275 - INFO - Calling MCP tool isolate_network with parameters: {“sid”: “”}
2025-05-09 00:03:47,685 - INFO - HTTP Request: POST https://mcp.limacharlie.io/messages/?session_id=<session_id> “HTTP/1.1 202 Accepted”
2025-05-09 00:03:47,750 - INFO - Raw result from ‘isolate_network’ call: {‘tool’: ‘isolate_network’, ‘status’: ‘success’, ‘data’: {}, ‘parameters_used’: {‘sid’: ‘’}}
But then in the LimaCharlie Dashboard, I don’t see the sensor being isolated.
I also did a verification process using the “is_isolated” after that “isolate_network” tool call:
2025-05-09 00:03:47,750 - INFO - Calling MCP tool is_isolated with parameters: {“sid”: “”}
2025-05-09 00:03:48,172 - INFO - HTTP Request: POST https://mcp.limacharlie.io/messages/?session_id=<session_id>“HTTP/1.1 202 Accepted”
2025-05-09 00:03:48,240 - INFO - Post-isolation verification check: {‘status’: ‘success’, ‘is_isolated’: False, ‘sid’: ‘’}
Not too sure what’s happening in the background, no error messages
PS: I removed the sensitive information, but all the SIDs were correct.
1 Like
Further testing also shows that even when I manually isolate the sensor via the web GUI.
Then run “is_isolated” it still shows me FALSE.
When you run “is_isolated”, that’s from the MCP too? Trying to narrow down if the issue is on Set or on Get.
Yeap, all was ran through the MCP
Ok cool, taking a look.
So I tried to replicate and it worked for me. Would you be able to DM me the SID (SensorID) and timestamp of the box where you tried this so I can see from our logs what was happening?
Hi @maximelb yea I think there was a mistake on my code. I was able to get it to work using a simple test script now.
1 Like