MCP Configuration#
Most users do not need to understand the underlying parameter names. Simply fill in the required information in the on-screen form.
Common fields to fill in#
Optional third-party connectors#
Applies to customer-selected services that require API keys or tokens.
Typically requires:
- API Key
- Occasionally a custom service URL
Use cases:
- Check whether an IP is malicious
- Check file hash detection rates
- Check URL or domain risk
AWS tools#
Applies to EC2, IAM, Lambda, S3, CloudTrail, CloudWatch, and others.
Typically requires:
- Access Key ID
- Secret Access Key
- Default Region
- Session Token (if your organization uses temporary credentials)
Use cases:
- Check resource exposure
- Investigate account activity
- Query logs and security findings
SIEM tools#
Applies to Elasticsearch, Kibana, Splunk.
Typically requires:
- Service URL
- API Key, or username/password
- Some platforms also require a Space, port, or timeout setting
Use cases:
- Search alerts and logs
- Check dashboards
- Track attack timelines
Ticketing and knowledge base tools#
Applies to Jira, Confluence.
Typically requires:
- Platform URL
- Email or username
- API Token / Personal Access Token
Use cases:
- Create incident tickets
- Add investigation comments
- Read or update knowledge base pages
Configuration tips#
- Use read-only or least-privilege credentials wherever possible
- Run a connection test after configuring before starting real use
- If a tool returns an error, check whether credentials have expired
- If using a shared team configuration, confirm with your admin what permissions are in scope
Verifying after saving#
The simplest way to verify a configuration is to run a small query, for example:
- "Use available threat intelligence to check this hash"
- "List my AWS S3 buckets"
- "Search the last 10 failed login events"
If results are returned successfully, the tool is working.