LimaCharlie MCP

Timothy_christ · April 17, 2025, 11:21am

LimaCharlie MCP would be a great start to allow developers to create and integrate AI SOC functionalities across all of LimaCharlie’s APIs and Python CLI/SDK.

maximelb · April 19, 2025, 12:59am

You read my mind, it’s going to be my weekend.

We’re also rewriting the ext-ai-agent-engine to use the new Google Agent Development Kit. So lots of new AI Agent stuff coming soon.

maximelb · April 22, 2025, 5:55pm

Would you do me the honors to be the first external person to give it a try?
I’ve been using it internally with the rebuild of our ext-ai-agent-engine that I should be able to get out shortly.

Timothy_christ · April 23, 2025, 12:49am

Yes, I would love to test out the MCP Server

Timothy_christ · April 23, 2025, 12:53pm

MCP server working! @maximelb

Its awesome!

I tried to set it up using OpenAI Agent SDK, works fine as well.

Guess its just a matter of adding the capabilities now

maximelb · April 23, 2025, 12:57pm

Nice!
Is there a y capabilities you’d like to see before others?

Timothy_christ · April 23, 2025, 2:06pm

Me personally, since I’m trying to create an AI SOC on top of LC, I think the following would be nice:

The essentials maybe:

-create/set/push D&R rules —> can be combined with LC RAG Knowledge Base and the detection alert webhooks to expand on specific D&R rules
-Seal and Isolate sensors

Nice to haves:

-create/set/push FP rules —> automatically push the FP rules the same way, when we click the “Mark False Positive” button from the Detections module from the web GUI
-Replay or LCQL (maybe)

Not too sure but these are the main capabilities from the top of my head

maximelb · April 23, 2025, 2:08pm

Great, should be easy to add.

Timothy_christ · April 24, 2025, 4:11pm

Hi @maximelb I was testing the get_mitre_report MCP tool, but keep getting this error:

{“error”: “Failed to get JWT from API key oid= uid=None: No API key set”}

Do I need to provide a UID as well?

I was able to authenticate the MCPSSEServer session properly and use the other tools, but when I try to use the get_mitre_report tool, it keeps failing and giving me that response for some reason.

Is there a specific way to hit the get_mitre_report tool?

Thank you

maximelb · April 24, 2025, 4:14pm

Nah pretty sure it’s just not a helpful message after a re-auth where you’re missing a permission. That API required dr.list as a permission, can you check you have it? Will make a note to rework the SDK to make that error more obvious.

Topic		Replies	Views
AI Updates General ai	0	15	April 26, 2025
AI Agent Engine Platform Updates	0	26	March 30, 2025
Exploring security for AI - a fireside chat with Eoin Wickens - April 18th, 2025 Defender Fridays	1	20	April 18, 2025
RSAC debrief with the LimaCharlie team - May 2nd, 2025 Defender Fridays	1	4	May 2, 2025
Updates to Web App, CLI, and EDR Agent Release Notes	0	8	February 21, 2025

LimaCharlie MCP

Related topics