The Cortex MCP server enables you to leverage Cortex's powerful capabilities directly through natural language. Use built-in tools to manage cases and issues and conduct investigations, with the flexibility to create and customize new tools to fit specific use cases and workflows.
The Cortex MCP Server makes it easy to leverage Cortex's powerful features directly into your Large Language Model (LLM) apps. It uses the Model Context Protocol (MCP), a standard for how AI models work with other applications and tools, enabling you to communicate with your Cortex tenant using natural language.
Note
This feature is in Beta.
You can use the built-in tools to manage cases and issues and conduct investigations. You also have the flexibility to create, customize, and fine-tune tools to fit specific use cases and workflows.
The Cortex MCP Server is provided as a downloadable file that can be installed on a local machine or a container. This documentation contains instructions for configuring and using the Cortex MCP server. More detailed setup instructions are provided in a README file included in the download.
These instructions use Claude Desktop as the MCP client, but you can use any client that supports MCP.
Note
The Cortex MCP Server empowers you to integrate AI into your security workflows using natural language. When using LLM based suggestions, always review and approve actions suggested by the AI before they're executed. We recommend deploying the Cortex MCP server in a secure environment where access is limited to authorized users.
To install, configure, and use the Cortex MCP server: