Connect to Exabeam MCP Server

Exabeam offers a way to connect AI tools to an Exabeam MCP Server. With this connection, you can use your tool of choice to aid in discovering, retrieving, and acting on Exabeam data.

What is an MCP Server?

The Model Context Protocol (MCP) is an open standard for AI applications that acts as a bridge between an AI model and external data sources or tools. The main purpose of an MCP server is to make AI models more accurate and useful by providing access to internet-hosted tools and data. This offers real-time information and capabilities that were not part of their original training. Developers can build and host remote MCP servers that communicate with AI tools over the internet.

Getting Started

To get started, you will need the following pieces of information:

API Key
API Key Secret

Exabeam MCP Server URL (based on region)

Exabeam Region	Exabeam MCP Server URL	Authorization and Token URLs (if required)
US West	`https://api.us-west.exabeam.cloud/mcp`	Auth URL: `https://api.us-west.exabeam.cloud/oauth/authorize`
US West	`https://api.us-west.exabeam.cloud/mcp`	Token URL: `https://api.us-west.exabeam.cloud/oauth/token`
US East	`https://api.us-east.exabeam.cloud/mcp`	Auth URL: `https://api.us-east.exabeam.cloud/oauth/authorize`
US East	`https://api.us-east.exabeam.cloud/mcp`	Token URL: `https://api.us-east.exabeam.cloud/oauth/token`
Canada	`https://api.ca.exabeam.cloud/mcp`	Auth URL: `https://api.ca.exabeam.cloud/oauth/authorize`
Canada	`https://api.ca.exabeam.cloud/mcp`	Token URL: `https://api.ca.exabeam.cloud/oauth/token`
Europe	`https://api.eu.exabeam.cloud/mcp`	Auth URL: `https://api.eu.exabeam.cloud/oauth/authorize`
Europe	`https://api.eu.exabeam.cloud/mcp`	Token URL: `https://api.eu.exabeam.cloud/oauth/token`
Saudi Arabia	`https://api.sa.exabeam.cloud/mcp`	Auth URL: `https://api.sa.exabeam.cloud/oauth/authorize`
Saudi Arabia	`https://api.sa.exabeam.cloud/mcp`	Token URL: `https://api.sa.exabeam.cloud/oauth/token`
Singapore	`https://api.sg.exabeam.cloud/mcp`	Auth URL: `https://api.sg.exabeam.cloud/oauth/authorize`
Singapore	`https://api.sg.exabeam.cloud/mcp`	Token URL: `https://api.sg.exabeam.cloud/oauth/token`
Switzerland	`https://api.ch.exabeam.cloud/mcp`	Auth URL: `https://api.ch.exabeam.cloud/oauth/authorize`
Switzerland	`https://api.ch.exabeam.cloud/mcp`	Token URL: `https://api.ch.exabeam.cloud/oauth/token`
Japan	`https://api.jp.exabeam.cloud/mcp`	Auth URL: `https://api.jp.exabeam.cloud/oauth/authorize`
Japan	`https://api.jp.exabeam.cloud/mcp`	Token URL: `https://api.jp.exabeam.cloud/oauth/token`
Australia	`https://api.au.exabeam.cloud/mcp`	Auth URL: `https://api.au.exabeam.cloud/oauth/authorize`
Australia	`https://api.au.exabeam.cloud/mcp`	Token URL: `https://api.au.exabeam.cloud/oauth/token`

Caution

Before connecting, consider the data you wish to share with your AI tool. Exabeam is not responsible for data you expose to your tool.

If you wish to disable this functionality, open a support request or contact your account team.

Connect Exabeam MCP Server to your AI Tool

Follow the Create An API Key instructions to generate an API Key and Secret in the New-Scale Security Operations Platform.
Note
Ability to create API keys depends on your role. if you can't create a key, request from your administrator.
The MCP will have the level of access granted to the key generated. All activity will be audited under the key so consider creating a key per user. Access to individual tools can be managed within an AI tool, if it supports it.
Copy and note the API Key and Secret strings.
In your AI tool's desktop or web UI, configure the connection to the Exabeam MCP server using the API Key, Secret, and MCP server url.

Connection steps will vary depending on the tool. Investigate the steps needed for yours. Some examples of connection steps include:
- Claude
- Microsoft Copilot (via Copilot Studio)
- ChatGPT (only supports custom connectors if your org has developer mode plus custom apps enabled).
After connecting, you can start interacting with Exabeam data in your AI tool.

Currently Supported Functionality

The list below details the currently supported functionality you can perform with the Exabeam MCP server. New functionality will be added as it becomes available.

Access up to 1,000 records across:

Application	Functionality
Threat Center	Search cases Get case details Get case timeline Create a case Update a case Create case notes Update an alert
Search	Run searches Get search results
Attack Surface Insights	Get entity information (users, devices)

Example Queries

"Show me a list of critical severity cases from the last 7 days."
"Tell me which users were involved in xxxxx case."
"Run a search for IP address x.x.x.x and summarize the results."
"What's the timelines for case xxxxx?"
"Pull alerts from the last 7 days that include MITRE tags."
"Create a case for this suspicious activity."
"Close case xxxxx as a false positive."

Exabeam MCP Server for Developers

Exabeam also offers an MCP server for developers to interact directly with Exabeam's API documentation. For more information, see MCP Server for Developers.

New-Scale Security Operations PlatformNew-Scale Security Operations Platform Administration Guide

Table of ContentsTable of Contents