LimaCharlie MCP

LimaCharlie MCP would be a great start to allow developers to create and integrate AI SOC functionalities across all of LimaCharlie’s APIs and Python CLI/SDK.

You read my mind, it’s going to be my weekend. :slight_smile:

We’re also rewriting the ext-ai-agent-engine to use the new Google Agent Development Kit. So lots of new AI Agent stuff coming soon.

2 Likes

Would you do me the honors to be the first external person to give it a try? :slight_smile:
I’ve been using it internally with the rebuild of our ext-ai-agent-engine that I should be able to get out shortly.

Yes, I would love to test out the MCP Server :smiley:

MCP server working! @maximelb

Its awesome!

I tried to set it up using OpenAI Agent SDK, works fine as well.

Guess its just a matter of adding the capabilities now :raising_hands:

Nice!
Is there a y capabilities you’d like to see before others?

Me personally, since I’m trying to create an AI SOC on top of LC, I think the following would be nice:

The essentials maybe:

-create/set/push D&R rules —> can be combined with LC RAG Knowledge Base and the detection alert webhooks to expand on specific D&R rules
-Seal and Isolate sensors

Nice to haves:

-create/set/push FP rules —> automatically push the FP rules the same way, when we click the “Mark False Positive” button from the Detections module from the web GUI
-Replay or LCQL (maybe)

Not too sure but these are the main capabilities from the top of my head :sweat_smile:

Great, should be easy to add.

1 Like

Hi @maximelb I was testing the get_mitre_report MCP tool, but keep getting this error:

{“error”: “Failed to get JWT from API key oid= uid=None: No API key set”}

Do I need to provide a UID as well?

I was able to authenticate the MCPSSEServer session properly and use the other tools, but when I try to use the get_mitre_report tool, it keeps failing and giving me that response for some reason.

Is there a specific way to hit the get_mitre_report tool?

Thank you :smiley:

Nah pretty sure it’s just not a helpful message after a re-auth where you’re missing a permission. That API required dr.list as a permission, can you check you have it? Will make a note to rework the SDK to make that error more obvious.

1 Like