MCP Server

The LogPulse MCP server is a remote Model Context Protocol server. It lets AI agents — Claude Code, Cursor, Codex, or any MCP-capable client — call typed LogPulse tools directly: search and investigate logs, query the risk-based SIEM, check service health, and walk the cross-domain entity graph. The agent reasons over structured results instead of scraping the dashboard or writing raw SQL.

The tools reuse the same in-process registry, LPQL engine, and namespace RBAC the product uses internally, so an agent never gets more access than the token holder. The surface is read-only by default; the one write tool creates disabled drafts for a human to review.

Note

Connecting an agent needs a Personal Access Token. See Personal Access Tokens to create one.

Endpoint & transport

The server is exposed at a single endpoint over Streamable HTTP (stateless, JSON responses). All requests are POST and must be authenticated — an unauthenticated request is rejected with 401 before any tool is exposed.

Endpoint

POST https://api.logpulse.io/mcp

The endpoint and an authentication header are everything an MCP client needs; the client discovers the available tools, resources, and prompts automatically after it connects.

Authentication

Two authentication methods resolve to the same identity (organization, user, scopes): a Personal Access Token as a bearer credential, or OAuth 2.1 for interactive sign-in.

Personal access token

Create a token in Settings → Access Tokens, grant it the scopes the agent needs, and send it as a bearer token. A token is tied to you and one organization and never grants more than your own access.

Authorization header

Authorization: Bearer lpat_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4

OAuth 2.1

Interactive clients can connect with OAuth 2.1 (PKCE, dynamic client registration, and browser consent on the LogPulse scopes), so a user authorizes the agent without handling a token by hand. The agent registers itself, the user signs in and consents, and LogPulse issues a scoped access token bound to the agent and organization. Connected agents are listed — and can be revoked — under Settings → Connections.

Tip

Use a PAT for CI and headless automation; use OAuth for interactive, per-user connections from a developer's editor.

Scopes

Scopes follow a resource:action convention. A token only sees the tools its scopes allow — a tool the token can't reach is invisible in tools/list and cannot be called. Follow least privilege and grant only what the agent needs.

Scope	Grants
`logs:read`	Log search and investigation, plus control-plane reads (alerts, pipelines, dashboards, agents, saved queries) and the onboarding data model
`siem:read`	Risk events, risk summary, notables, detections, UEBA baselines, MITRE coverage, and IOC lookups
`services:read`	Service health, KPI anomalies, dependencies, services, and incidents
`entities:read`	Entity 360, blast radius, and entity risk timeline (cross-domain graph)
`siem:write`	Create detection rules. New rules are created disabled — a human reviews and enables them.

Warning

siem:write is the only write scope. Grant it only when you want an agent to draft detections. Everything it creates is disabled until a human enables it.

Connecting an agent

Any MCP client that supports remote servers over HTTP connects the same way: the endpoint plus a bearer token. Below are the three most common clients.

Claude Code

Add LogPulse with the Claude CLI:

Terminal

claude mcp add logpulse --transport http \
  https://api.logpulse.io/mcp \
  --header "Authorization: Bearer lpat_your_token_here"

The LogPulse tools appear immediately in any Claude Code session. Verify with /mcp or by asking Claude to list its LogPulse tools.

Cursor

Add LogPulse as an HTTP MCP server in Cursor's MCP settings, or edit ~/.cursor/mcp.json directly:

~/.cursor/mcp.json

{
  "mcpServers": {
    "logpulse": {
      "url": "https://api.logpulse.io/mcp",
      "headers": {
        "Authorization": "Bearer lpat_your_token_here"
      }
    }
  }
}

Codex & other clients

Codex, Continue, and custom agents all connect with the same three values. Point your client at the endpoint over Streamable HTTP with a bearer token:

Connection values

Endpoint:  https://api.logpulse.io/mcp
Transport: Streamable HTTP
Auth:      Authorization: Bearer lpat_your_token_here

Tool catalog

Tools are grouped by the scope that unlocks them. The catalog mirrors the depth your team uses in the dashboard.

Search & investigate (logs:read)

Tool	Description
`search_logs`	Run an LPQL search and return matching events
`count_patterns`	Group and count events by a field or pattern
`timeline_analysis`	Bucket events over time to spot spikes and gaps
`compare_timeranges`	Compare two time windows for the same query
`get_field_values`	List the distinct values of a field
`search_similar_historical`	Find historical events similar to a reference
`system_health`	Snapshot of ingest and platform health
`lpql_help`	LPQL reference for building queries
`list_* / get_*`	Control-plane reads: alerts, pipelines, dashboards, agents, lookups, saved queries, evaluations, maintenance windows
`get_data_model`	Canonical / OCSF field model for building connectors

Security monitoring (siem:read)

Tool	Description
`search_risk_events`	Search the stream of risk events by entity, MITRE tag, score, or time
`get_risk_summary`	Top-risk-entity leaderboard and risk breakdown
`list_notables / get_notable`	List and inspect notables (with investigation state)
`list_detections / get_detection`	Browse and read detection rules
`get_ueba_baselines`	Behavioral baselines for an entity
`mitre_coverage`	MITRE ATT&CK coverage from enabled content
`lookup_ioc`	IOC reputation lookup against threat-intel feeds
`get_siem_settings`	Read the risk-scoring configuration

Service intelligence (services:read)

Tool	Description
`get_service_health`	Service status rolled up from its KPIs
`list_anomalies`	KPI anomalies across services
`list_dependencies`	Upstream/downstream dependency graph
`list_services`	Services in the estate
`list_incidents`	Open and recent incidents

Entity graph (entities:read)

Tool	Description
`get_entity`	Entity 360 across security and observability
`get_blast_radius`	What an entity connects to and could affect
`get_entity_risk_timeline`	An entity's risk over time

Write tools (siem:write)

Tool	Description
`create_detection`	Save the agent’s finding as a detection rule — created DISABLED for human review

Note

detection_help (under logs:read) explains how detections and KPIs map onto the data model, so an agent can draft a correct rule before calling create_detection.

Resources & prompts

Beyond callable tools, the server exposes MCP resources for read-grounding and prompts that steer the agent through a workflow.

Resources include an LPQL cheat sheet and a detection guide (available with any valid token), plus your data models and saved queries (gated by logs:read). A resource the token can't reach is hidden from resources/list.

Prompts include triage_notable, is_ip_malicious, onboard_connector, and service_health_check — each guides the agent through the right sequence of read-only tools for that task.

Security model

The MCP surface is governed by design:

Read-only by default. Only read tools are exposed. Writes are an explicit allowlist, each behind its own *:write scope; today that is just create_detection, which inserts a disabled rule.

Scoped & RBAC-aware. A token holds only the scopes you grant, and the token holder's namespace RBAC is applied to every query — an agent can never read across tenants or outside the user's teams.

Audited & rate-limited. Every tool call is written to the audit log (denied calls included) and rate-limited per token.

Usage is a detection. Each call is also emitted to an internal log stream and watched by built-in detections — abnormal call volume or an agent write raises a notable on your own engine.

Untrusted data stays data. Tool output is treated as data, not instructions, as a guard against prompt injection through your own logs. There is no auto-execute and no write without a human in the loop. Data stays EU-hosted and AI evaluation runs in the EU.

Rate limits & auditing

The endpoint is rate-limited to 120 requests/min per token. Exceeding it returns 429; back off and retry. Each successful call updates the token's "last used" timestamp in Settings, and every call is recorded in the organization's audit log with the user, scope, and whether it was a write.

Note

MCP access is part of your LogPulse plan and governed by the per-token rate limit. Pricing stays flat — billed per plan, not per query or per agent.

Troubleshooting

Symptom	Cause & fix
401 on connect	Missing or invalid token. Confirm the Authorization header is Bearer lpat_… and the token is not revoked or expired.
A tool is missing from the list	The token lacks that tool’s scope. Create a token with the right scope (for example siem:read for notables).
403 calling a tool	The token is valid but missing the required scope for that specific tool.
429 responses	Per-token rate limit (120/min) exceeded. Reduce call volume or back off and retry.
create_detection rule does nothing	Expected — new detections are created disabled. Enable it in the dashboard after review.

Still stuck? See Personal Access Tokens for token errors, or contact us.