LimaCharlie MCP would be a great start to allow developers to create and integrate AI SOC functionalities across all of LimaCharlie’s APIs and Python CLI/SDK.
You read my mind, it’s going to be my weekend.
We’re also rewriting the ext-ai-agent-engine
to use the new Google Agent Development Kit. So lots of new AI Agent stuff coming soon.
Would you do me the honors to be the first external person to give it a try?
I’ve been using it internally with the rebuild of our ext-ai-agent-engine that I should be able to get out shortly.
Yes, I would love to test out the MCP Server
MCP server working! @maximelb
Its awesome!
I tried to set it up using OpenAI Agent SDK, works fine as well.
Guess its just a matter of adding the capabilities now
Nice!
Is there a y capabilities you’d like to see before others?
Me personally, since I’m trying to create an AI SOC on top of LC, I think the following would be nice:
The essentials maybe:
-create/set/push D&R rules —> can be combined with LC RAG Knowledge Base and the detection alert webhooks to expand on specific D&R rules
-Seal and Isolate sensors
Nice to haves:
-create/set/push FP rules —> automatically push the FP rules the same way, when we click the “Mark False Positive” button from the Detections module from the web GUI
-Replay or LCQL (maybe)
Not too sure but these are the main capabilities from the top of my head
Great, should be easy to add.
Hi @maximelb I was testing the get_mitre_report MCP tool, but keep getting this error:
{“error”: “Failed to get JWT from API key oid= uid=None: No API key set”}
Do I need to provide a UID as well?
I was able to authenticate the MCPSSEServer session properly and use the other tools, but when I try to use the get_mitre_report tool, it keeps failing and giving me that response for some reason.
Is there a specific way to hit the get_mitre_report tool?
Thank you
Nah pretty sure it’s just not a helpful message after a re-auth where you’re missing a permission. That API required dr.list
as a permission, can you check you have it? Will make a note to rework the SDK to make that error more obvious.