Skip to main content

Responses are generated using AI and may contain mistakes.

New-Scale Security Operations PlatformNew-Scale Security Operations Platform Administration Guide

Connect to Exabeam MCP Server

Exabeam offers a way to connect AI tools to an Exabeam MCP Server. With this connection, you can use your tool of choice to aid in discovering, retrieving, and acting on Exabeam data.

What is an MCP Server?

The Model Context Protocol (MCP) is an open standard for AI applications that acts as a bridge between an AI model and external data sources or tools. The main purpose of an MCP server is to make AI models more accurate and useful by providing access to internet-hosted tools and data. This offers real-time information and capabilities that were not part of their original training. Developers can build and host remote MCP servers that communicate with AI tools over the internet.

Getting Started

To get started, you will need the following pieces of information:

  • API Key

  • API Key Secret

  • Exabeam MCP Server URL (based on region)

    Exabeam Region

    Exabeam MCP Server URL

    US West

    https://api.us-west.exabeam.cloud/mcp

    US East

    https://api.us-east.exabeam.cloud/mcp

    Canada

    https://api.ca.exabeam.cloud/mcp

    Europe

    https://api.eu.exabeam.cloud/mcp

    Saudi Arabia

    https://api.sa.exabeam.cloud/mcp

    Singapore

    https://api.sg.exabeam.cloud/mcp

    Switzerland

    https://api.ch.exabeam.cloud/mcp

    Japan

    https://api.jp.exabeam.cloud/mcp

    Australia

    https://api.au.exabeam.cloud/mcp

Caution

Before connecting, consider the data you wish to share with your AI tool. Exabeam is not responsible for data you expose to your tool.

If you wish to disable this functionality, open a support request or contact your account team.

Connect Exabeam MCP Server to your AI Tool

  1. Follow the Create An API Key instructions to generate an API Key and Secret in the New-Scale Security Operations Platform.

    Note

    Ability to create API keys depends on your role. if you can't create a key, request from your administrator.

    The MCP will have the level of access granted to the key generated. All activity will be audited under the key so consider creating a key per user. Access to individual tools can be managed within an AI tool, if it supports it.

  2. Copy and note the API Key and Secret strings.

  3. In your AI tool's desktop or web UI, configure the connection to the Exabeam MCP server using the API Key, Secret, and MCP server url.

     

    Connection steps will vary depending on the tool. Investigate the steps needed for yours. Some examples of connection steps include:

  4. After connecting, you can start interacting with Exabeam data in your AI tool.

Example Queries

  • "Show me a list of critical severity cases from the last 7 days"

  • "Tell me which users were involved in xxxxx case"

  • "Run a search for IP address x.x.x.x and summarize the results

  • "What's the timeline for case xxxxx?"

  • "Pull alerts from the last 7 days that include MITRE tags"

Currently Supported Functionality

The list below details the currently supported functionality you can perform with the Exabeam MCP server. New functionality will be added as it becomes available. Access up to 1,000 records across:

  • Threat Center: search cases, get case details, get case timeline

  • Search: run searches, get search results

  • ASI: get entity information (users, devices)

Exabeam MCP Server for Developers

Exabeam also offers an MCP server for developers to interact directly with Exabeam's API documentation. For more information, see MCP Server for Developers.