The Cortex MCP server enables you to leverage Cortex's powerful capabilities directly through natural language. Use built-in tools to manage cases and issues and conduct investigations, with the flexibility to create and customize new tools to fit specific use cases and workflows.
The Cortex MCP Server enables you to access Cortex's powerful features directly within your Large Language Model (LLM) apps. Built on the Model Context Protocol (MCP), a standard for connecting AI models to work with other applications and tools, enabling you to query your Cortex tenant and conduct investigations using natural language.
Key capabilities
Investigate
Use the built-in tools to manage cases and issues, and conduct investigations.
Customize
Create, customize, and fine-tune tools to fit specific use cases and workflows.
Flexible client
The Cortex MCP Server is provided as a downloadable file that can be installed on a local machine or a container. While these instructions use Claude Desktop as the MCP client, you can use any client that supports MCP. More detailed setup instructions are provided in a README file included in the download.
Note
The Cortex MCP Server empowers you to integrate AI into your security workflows using natural language. When using LLM-based suggestions, always review and approve actions suggested by the AI before they're executed. We recommend deploying the Cortex MCP server in a secure environment where access is limited to authorized users.
To install, configure, and use the Cortex MCP server: