Lacework Mcp Server

Created By

shashwat-sec3 months ago

Overview

Lacework Alerts MCP Server

An MCP (Model Context Protocol) server built with FastMCP that exposes Lacework API v2 alert operations as tools for AI agents and LLM integrations.

Quick Start (New Machine Setup)

# 1. Clone the repo
git clone <repo-url>
cd lacework_mcp_server

# 2. Create a virtual environment (Python 3.10+)
python3 -m venv .venv
source .venv/bin/activate

# 3. Install dependencies
pip install -e .
# or manually:
# pip install fastmcp httpx

# 4. Configure Lacework credentials (pick one)

# Option A – Config file
cat > ~/.lacework.json <<'EOF'
{
  "account": "yourcompany.lacework.net",
  "keyId": "YOUR_ACCESS_KEY_ID",
  "secret": "YOUR_SECRET_KEY"
}
EOF

# Option B – Environment variables
export LACEWORK_ACCOUNT="yourcompany"
export LACEWORK_KEY_ID="YOUR_ACCESS_KEY_ID"
export LACEWORK_SECRET="YOUR_SECRET_KEY"

# Environment variables take precedence over the config file.

# 5. Run the server
python lacework_mcp_server.py

Tools

Tool	Description
`list_alerts`	List alerts within an optional time range (supports relative times like `2h`, `last 2 hours`)
`search_alerts`	Search alerts with filters (severity, status, alert type) and flexible time inputs (`30m`, `last 2 hours`, `2024-06-01`)
`get_alert_details`	Get detailed info for a specific alert (Details, Investigation, Events, RelatedAlerts, Integrations, Timeline, ObservationTimeline)
`get_alert_timeline`	Shortcut – get the timeline for an alert
`get_alert_investigation`	Shortcut – get investigation details for an alert
`get_alert_entities`	List entities (machines, IPs) associated with an alert
`get_alert_entity_details`	Get enriched context for a specific entity (VirusTotal, network activity, etc.)
`post_alert_comment`	Post a comment on an alert's timeline
`close_alert`	Close an alert with a reason code

Running

Standalone (stdio – local)

source .venv/bin/activate
python lacework_mcp_server.py

Remote (SSE / Streamable HTTP)

Run the server on a remote host so AI agents can connect over HTTP and pass credentials per-request:

# SSE transport (default host 0.0.0.0, port 8000)
python lacework_mcp_server.py --transport sse --port 8000

# Streamable HTTP transport
python lacework_mcp_server.py --transport streamable-http --host 0.0.0.0 --port 9000

When running remotely, callers pass Lacework credentials as tool parameters instead of relying on server-side config:

{
  "name": "search_alerts",
  "arguments": {
    "start_time": "last 2 hours",
    "severity": "Critical",
    "lacework_account": "mycompany",
    "lacework_key_id": "MY_KEY_ID",
    "lacework_secret": "MY_SECRET"
  }
}

All three credential fields (lacework_account, lacework_key_id, lacework_secret) are optional on every tool. When omitted, the server falls back to its local config (env vars / ~/.lacework.json). Clients for different Lacework accounts are cached so tokens are reused across calls.

With Claude Desktop / VS Code

Add to your MCP settings (e.g. ~/.claude/claude_desktop_config.json or .vscode/mcp.json):

Local (with ~/.lacework.json present):

{
  "mcpServers": {
    "lacework": {
      "command": "/path/to/lacework_mcp_server/.venv/bin/python",
      "args": [
        "/path/to/lacework_mcp_server/lacework_mcp_server.py"
      ]
    }
  }
}

Local (without ~/.lacework.json – pass creds via env):

{
  "mcpServers": {
    "lacework": {
      "command": "/path/to/lacework_mcp_server/.venv/bin/python",
      "args": [
        "/path/to/lacework_mcp_server/lacework_mcp_server.py"
      ],
      "env": {
        "LACEWORK_ACCOUNT": "yourcompany",
        "LACEWORK_KEY_ID": "YOUR_KEY_ID",
        "LACEWORK_SECRET": "YOUR_SECRET"
      }
    }
  }
}

Remote (server running elsewhere via SSE):

{
  "mcpServers": {
    "lacework": {
      "url": "http://your-server-host:8000/sse"
    }
  }
}

For remote servers, credentials are passed as tool parameters on each call (lacework_account, lacework_key_id, lacework_secret).

API Reference

Based on the Lacework API v2 documentation:

Authentication: Uses POST /api/v2/access/tokens with automatic token refresh
Alerts: Full CRUD via /api/v2/Alerts endpoints
Rate limits: 480 requests/hour per functionality
Time ranges: Max 7 days per request; default is last 24 hours

Try in Playground

Server Config

{
  "mcpServers": {
    "lacework": {
      "command": "/path/to/lacework_mcp_server/.venv/bin/python",
      "args": [
        "/path/to/lacework_mcp_server/lacework_mcp_server.py"
      ]
    }
  }
}

Project Info

Created At

3 months ago

Updated At

3 months ago

Author Name

shashwat-sec

Star

Language

License

Recommend Servers

View All

Typeui

@Bergside

Build better interfaces with TypeUI design systems, UI prompts, and layout variations.

2 days ago

GBOX Android MCP

@babelcloud

GBOX provides environments for AI Agents to operate computer and mobile devices. Mobile Scenario: Your agents can use GBOX to develop/test android apps, or run apps on the Android to complete various tasks(mobile automation). Desktop Scenario: Your agents can use GBOX to operate desktop apps such as browser, terminal, VSCode, etc(desktop automation). MCP: You can also plug GBOX MCP to any Agent you like, such as Cursor, Claude Code. These agents will instantly get the ability to operate computer and mobile devices.

9 months ago

Bucket Feature Flags MCP Server

@bucketco

Flag features directly from chat in your code editor, including VS Code, Cursor, Windsurf, Claude Code—any IDE with MCP support.

a year ago

Aiimagemultistyle

@codecraftm

A Model Context Protocol (MCP) server for image generation and manipulation using fal.ai's Stable Diffusion model.

a year ago

EdgeOne Pages MCP

@TencentEdgeOne

An MCP service designed for deploying HTML content to EdgeOne Pages and obtaining an accessible public URL.

TypeScript

a year ago

Jina AI MCP Tools

@PsychArch

A Model Context Protocol (MCP) server that integrates with Jina AI Search Foundation APIs.

JavaScript

a year ago

EverArt

@modelcontextprotocol

AI image generation using various models

a year ago

Airtreks Mcp

@SEKeener

2 hours ago

MCP Server for Milvus

@zilliztech

The Milvus MCP server enables AI applications to interact with Milvus vector databases using natural language commands. It allows AI models to perform vector searches, manage collections, and retrieve data without writing custom database queries. This integration facilitates seamless access to vector data, enhancing the capabilities of AI tools like Claude Desktop and Cursor.

a year ago

Redis

@modelcontextprotocol

A Model Context Protocol server that provides access to Redis databases. This server enables LLMs to interact with Redis key-value stores through a set of standardized tools.

a year ago

Perplexity Ask MCP Server

@ppl-ai

A Model Context Protocol Server connector for Perplexity API, to enable web search without leaving the MCP ecosystem.

JavaScript

a year ago

Amap Maps

@amap

高德地图官方 MCP Server

a year ago

Playwright Mcp

@microsoft

Playwright MCP server

TypeScript

10 months ago

Filesystem

Secure file operations with configurable access controls

a year ago

AgentQL MCP Server

@tinyfish-io

Model Context Protocol server that integrates AgentQL's data extraction capabilities.

JavaScript

a year ago

Littleorange Video Mcp

@littleorange-ai

8 hours ago

Civilquants

6 minutes ago

Mailtrap Email Sending MCP

@Mailtrap

An MCP server that provides a tool for sending transactional emails via Mailtrap

a year ago

Qiniu MCP Server

@Qiniu

基于七牛云产品构建的 Model Context Protocol (MCP) Server，支持用户在 AI 大模型客户端的上下文中通过该 MCP Server 来访问七牛云存储资源、利用 Dora 服务进行图片操作等。如果有什么需求欢迎在下方评论，您也可以在 github 仓库中提 issue。

Python

a year ago

Test

@modelcontextprotocol

test

6 months ago

Fractera

@Roma Bolshiyanov (Armstromg)

Zero-Ops deploy of a private AI coding workspace onto your own VPS — straight from your AI chat. Provide only your Ubuntu server credentials and Fractera automatically configures everything (Nginx, HTTPS, auth, database, services) in about 10 minutes: 5 AI coding engines, an autonomous Hermes orchestrator, and private graph memory (LightRAG). No terminal, no DevOps. The deployment is IP-first and free; attaching a custom domain with HTTPS is an optional later step. The connector can register the user, recommend a VPS, run and monitor the full deploy, and answer questions about the project via get_project_info.

4 hours ago

Memory

@modelcontextprotocol

a year ago

Gpt Scrambler — Ai Text Humanization

@gptscrambler

GPT Scrambler is a free online tool that helps you rewrite AI-generated text and make it sound natural, human, and original. Whether it's a ChatGPT essay, blog post, or email — our AI writing scrambler helps you bypass AI detectors and create authentic content in seconds.

17 minutes ago

Github

@modelcontextprotocol

Repository management, file operations, and GitHub API integration

a year ago

Work With Alloy

@Alloy

Alloy is an AI-native workspace where teams and AI agents share knowledge, artifacts, workflows, and controlled access to external systems through one common operating layer.

2 days ago

Docgraph

@Detective-XH

A Go MCP server that indexes .md/.docx/.html/.pdf into a searchable knowledge graph and runs drift audits to flag stale, conflicting, or undocumented content — letting agents govern documents like code.

20 hours ago

AI SEO Magic Button

@AutomateLab-tech

Point it at your site, get a whole-site AEO/GEO audit plus a ready-to-run plan your agent can execute. Orchestrates the ai-seo and citation-intelligence MCPs. Ships as a Claude skill, Claude plugin, and MCP server. No API keys required for the core audit-to-plan flow.

3 hours ago

Zyvrox Socks5

@Zyvrox Socks 5 MCP -Powered by Zyvrox Protocol

Enterprise-grade MCP server for automated SOCKS5 proxy pool orchestration and dynamic SMTP port 25 connectivity analytics.

2 days ago

a day ago

Official MiniMax Model Context Protocol (MCP) server that enables interaction with powerful Text to Speech, image generation and video generation APIs.

Python

a year ago