Exabeam MCP Server for Developers
Overview
Exabeam offers an MCP (Model Context Protocol) server that enables AI assistants like Claude, ChatGPT, and Gemini to interact directly with Exabeam's API documentation. This integration helps developers explore APIs, understand request/response schemas, and generate code snippets—all through natural language conversation.
Think of it as an AI-powered API reference: instead of manually searching documentation, you can ask questions like "What parameters does the case search endpoint require?" and get accurate, structured answers.
What It Does
The MCP server exposes Exabeam's OpenAPI specifications to AI assistants, enabling:
- API Discovery – Browse all available Exabeam API endpoints across Search, Threat Center, Context Management, Correlation Rules, and more
- Schema Inspection – Retrieve detailed parameter definitions, request body structures, and response formats
- Code Generation – Generate code snippets in multiple languages for any endpoint
- Development Assistance – Troubleshoot API calls, validate request structures, and understand authentication requirements
What It Doesn't Do
This is a documentation-focused integration, not a live operational connection. The MCP server does not come pre-configured with authentication to your Exabeam environment. It helps you understand and build with the APIs—executing live queries against your tenant requires separate authentication setup.
Available APIs
The MCP server provides access to all public Exabeam APIs, including Threat Center, Search, Context Management, Correlation Rules, and more. For a complete up-to-date list, see the Exabeam Developer Portal.
Example Use Cases
Use Case | Example Prompt | Outcome |
|---|---|---|
Building Integrations with New-Scale |
| The assistant will walk you through the relevant Threat Center endpoints for searching cases, retrieving case details, and updating case status—helping you design a bidirectional sync without digging through documentation. |
Exploring an Unfamiliar API |
| The assistant will list all available paths with their HTTP methods and descriptions. |
Understanding Request Parameters |
| The assistant will return the full request body schema, including required fields like |
Generating Code Snippets |
| The assistant will produce working code using the correct endpoint, headers, and request structure. |
Validating Your Approach |
| The assistant will guide you to the Correlation Rules API and explain the required fields. |
Comparing Endpoints |
| The assistant will retrieve both schemas and highlight the differences. |
Building Integrations with New-Scale
"I'm building a ServiceNow integration that needs to sync tickets with Threat Center cases. What endpoints should I use to read case status and push updates back?"
The assistant will walk you through the relevant Threat Center endpoints for searching cases, retrieving case details, and updating case status—helping you design a bidirectional sync without digging through documentation.
Exploring an Unfamiliar API
"What endpoints are available in the Threat Center API?"
The assistant will list all available paths with their HTTP methods and descriptions.
Understanding Request Parameters
"What parameters do I need to search for cases in Threat Center?"
The assistant will return the full request body schema, including required fields like filter, fields, startTime, and endTime, along with example values.
Generating Code Snippets
"Generate a Python snippet to search for high-priority cases from the last 24 hours"
The assistant will produce working code using the correct endpoint, headers, and request structure.
Validating Your Approach
"I want to create a correlation rule that triggers when a user authenticates from two countries within an hour. Which API should I use and what's the request format?"
The assistant will guide you to the Correlation Rules API and explain the required fields.
Comparing Endpoints
"What's the difference between the v1 and v2 case creation endpoints?"
The assistant will retrieve both schemas and highlight the differences.
Setup Instructions
Prerequisites
- An AI assistant that supports MCP (e.g., Claude Desktop, Cursor, or another MCP-compatible client)
- Access to the Exabeam MCP server URL (provided by your Exabeam representative or available through the developer portal)
Configuration
-
Open your MCP client's configuration file (location varies by client)
-
Add the Exabeam MCP server to your configuration:
{
"mcpServers": {
"exabeam-api-docs": {
"url": "https://developers.exabeam.com/mcp/sse",
"transport": "sse"
}
}
}-
Restart your MCP client
-
Verify the connection by asking: "What Exabeam API specs are available?"
Available MCP Tools
Once connected, the following tools are available to the AI assistant:
| Tool | Purpose |
|---|---|
list-specs | List all available API specifications |
list-endpoints | Browse endpoints within a specific API |
get-endpoint | Get detailed info for a specific endpoint |
get-request-body | Retrieve request body schema |
get-response-schema | Retrieve response schema |
get-code-snippet | Generate code in a specified language |
search-specs | Search across all specs for a term |
list-security-schemes | View authentication requirements |
get-server-variables | Get available server URLs by region |
Tips for Effective Use
- Be specific – "Show me the request body for POST /threat-center/v1/search/cases" yields better results than "How do I search?"
- Ask for examples – Request example payloads to see realistic values
- Iterate – Start broad ("What can the Context API do?") then drill down ("How do I add records to a context table?")
- Request code in your language – The assistant can generate snippets in Python, JavaScript, cURL, and more
Support
For questions about the MCP server or Exabeam APIs, contact your Exabeam representative or visit the Exabeam Developer Portal.
Updated 27 days ago