# LiteSOC — MCP Server Integration > Connect AI editors (Cursor, Claude, VS Code) directly to your live LiteSOC security data via the Model Context Protocol. - **Docs:** https://litesoc.io/docs/integrations/mcp - **Package:** `@litesoc/mcp-server` - **Source:** https://github.com/litesoc/litesoc-mcp - **Protocol:** Model Context Protocol (MCP) v1.x ## Overview The official LiteSOC MCP server gives AI tools direct, structured access to your security alerts and event logs. No copy-pasting. No context switching. Your AI agent can query, investigate, and resolve incidents from inside your editor. **Supported AI editors:** - Cursor (MCP beta) - Claude Desktop - VS Code with Cline extension ## Quick Setup (all editors) ```json { "mcpServers": { "litesoc": { "command": "npx", "args": ["-y", "@litesoc/mcp-server"], "env": { "LITESOC_API_KEY": "lsk_live_your_api_key_here" } } } } ``` - **Cursor:** Settings → Beta → MCP Servers → Add Server - **Claude Desktop:** `~/Library/Application Support/Claude/claude_desktop_config.json` - **Cline:** Cline panel → MCP Servers → Edit MCP Settings ## Available Tools | Tool | Plan | Description | |---|---|---| | `list_alerts` | Pro+ | Fetch open security alerts filtered by severity, type, or status | | `analyze_alert` | Pro+ | Full forensic detail — VPN/Tor, geolocation, ISP, Google Maps link | | `get_recent_events` | All plans | Latest raw security event logs with actor and severity filters | | `resolve_incident` | Pro+ | Resolve or dismiss an alert with SOC 2-compliant audit notes | ## Example Prompts - "@LiteSOC analyze my open alerts and suggest a fix." - "Are there any new threats detected in the last 10 minutes?" - "Show me auth.login_failed events from unusual countries." - "Resolve alert abc-123 — confirmed false positive, internal IP." - "Is user_456 acting suspiciously based on recent events?" ## Security - All queries are scoped to your organization — no cross-tenant access - API key is read from environment at runtime, never persisted - PII (emails, tokens) is automatically redacted in logs - Free plan: `network_intelligence` and `geolocation` fields are `null` - `resolve_incident` writes an immutable SOC 2 audit log entry (CC7.2) ## Prerequisites - Node.js ≥ 18 - LiteSOC API key from https://litesoc.io/dashboard/settings - Pro or Enterprise plan for alert tools