Model Context Protocol

AI-Native
Security Operations.

Connect Claude and other AI assistants directly to Void. Investigate, triage, and respond in natural language -- backed by hundreds of typed tools across every module.

Request a Demo Licensing Details
Hundreds of Typed Tools
Every Module Covered
Real-time Live Data
Scoped Access Control

What Is the Void MCP Server?

A bridge that lets any MCP-compatible AI assistant operate the Void platform directly

hub

Standard Protocol

Implements the open Model Context Protocol so any MCP-compatible assistant connects without custom integration work.

api

Full Platform Surface

Read and act across incidents, alerts, queries, detections, and every module in the Void platform.

forum

Natural-Language Operations

Analysts ask questions and issue actions in plain language while the assistant maps intent to typed tool calls.

bolt

Live, Not Stale

Every call hits live platform data, never a cached export. Answers reflect the current state of your environment.

What Your Assistant Can Do

Typed tools span the full investigation and response workflow

manage_search

Query & Hunt

Run DSL, KQL, and SPL queries, search events, and pivot across entities and time to chase down activity.

account_tree

Investigate Incidents

Pull incident context, timelines, alerts, and attack graphs, then generate investigation notes.

fact_check

Triage Alerts

List, enrich, and update alert status, and record tuning feedback to sharpen detections over time.

shield

Threat Intelligence

Look up IOCs, enrich indicators, and check threat-intel feeds without leaving the conversation.

hub

Operate Modules

Reach IDR, AIDR, CDR, EDR, NDR, UEBA, SOAR, dashboards, and compliance tools through one interface.

rule

Run Detections

Inspect and manage correlation and detection rules to keep coverage aligned with the threat landscape.

How It Works

A single Go binary that bridges your assistant to the Void API

cable

stdio & HTTP Bridge

Run locally over stdio or as an HTTP service, depending on how your assistant connects.

lock

SIEM Authentication

Authenticates to the Void API with a dedicated service identity, keeping access controlled and attributable.

code

Typed Tool Schemas

Every tool has a strict typed schema so assistants call them correctly with validated parameters.

integration_instructions

Drop-In Configuration

Register the server in your assistant's MCP config and connect. No bespoke plumbing required.

Built for Safe Autonomy

Powerful access with the guardrails security operations demands

admin_panel_settings

Scoped Access

Tools run under a controlled identity with least privilege, so the assistant only reaches what you allow.

history

Audit Trail

Every action is attributable and logged, giving you a complete record of what the assistant did.

policy

Read or Act

Grant read-only insight or full operational control to match the trust level you are comfortable with.

verified_user

Human-in-the-Loop

Keep approval gates on sensitive actions so consequential changes stay under human review.

Use Cases

From conversational investigation to plain-language threat hunting

forum

Conversational Investigation

  • Ask what happened with an incident
  • Get correlated context across modules
  • Request a full timeline of events
  • Draft a report from the findings
fact_check

Automated Triage

  • Summarize new alerts at a glance
  • Enrich indicators with threat intel
  • Recommend an alert status
  • Flag likely false positives
travel_explore

Threat Hunting

  • Describe a hypothesis in plain language
  • Translate it into platform queries
  • Iterate on the results interactively
  • Promote findings into an investigation

Bring AI Into Your SOC

Request a demo or licensing details for the Void MCP server.

Request a Demo Contact Sales