Model Context Protocol
The Model Context Protocol (MCP) allows you to connect AI assistants like Claude and Cursor to external data sources and tools. This guide shows you how to set up RunReveal’s remote MCP server with both Claude and Cursor.
What is Remote MCP?
Remote MCP allows you to connect to MCP servers running on remote hosts over HTTP/HTTPS, rather than just local processes. This enables you to:
- Access your RunReveal data and tools from any AI assistant that supports MCP
- Share MCP servers across multiple team members
- Run MCP servers in production environments
- Centralize data access and permissions
Setting Up with Claude
Prerequisites
- A RunReveal account with API access
- Claude Desktop or Claude.ai account
Step 1: Add the Integration
- In Claude, go to Add integration (BETA)
- Enter the following details:
- Integration Name: RunReveal
- Server URL:
https://api.runreveal.com/mcp
Step 2: Trust the Integration
Claude will show a warning that this integration has not been verified by Anthropic. Click Add to proceed.
Step 3: Authorize with RunReveal
- You’ll be redirected to RunReveal’s authorization page
- Review the OAuth client information:
- Client Name: claudeai
- Client ID: (will be displayed)
- Select your workspace from the dropdown
- Click Continue to authorize the connection
Step 4: Verify the Connection
Once authorized, you should see RunReveal listed in your Claude integrations with available tools:
The RunReveal MCP integration provides access to several tools:
detections_list
- List all detection rulesdetections_get
- Get details for a specific detectionrun_query
- Execute SQL queries against your datalist_tables
- View available data tablesget_table_schema
- Get schema information for tablesdetections_create
- Create new detection rules
All currently available tools require Queries & Detection Read permissions, and
the detections_create
tool requires Queries & Detection Write permissions.
Setting Up with Cursor
Prerequisites
- A RunReveal account with API access
- Cursor IDE installed
Configuration
Or, manually add this to your configuration:
{
"mcpServers": {
"RunReveal": {
"url": "https://api.runreveal.com/mcp"
}
}
}
Authentication Flow
Similar to Claude, Cursor will redirect you to RunReveal’s OAuth authorization page where you can:
- Select your workspace
- Grant the necessary permissions
- Complete the OAuth flow
Available Tools and Capabilities
Once connected, both Claude and Cursor can help you with:
Data Analysis
- Query your log data with natural language
- Explore table schemas and relationships
- Generate SQL queries for complex analysis
Detection Management
- List and review existing detection rules
- Create new detections based on your requirements
- Get detailed information about specific detections
Security Operations
- Investigate security events and incidents
- Analyze patterns in your data
- Generate reports and summaries
Example Usage
Once set up, you can ask your AI assistant questions like:
- “Show me all failed login attempts from the last 24 hours”
- “What detection rules do we have for privilege escalation?”
- “Create a new detection for suspicious file downloads”
- “What tables contain network traffic data?”
Troubleshooting
Connection Issues
- Verify your RunReveal API credentials are valid
- Check that you have the necessary permissions in your workspace
- Ensure the MCP server URL is correct:
https://api.runreveal.com/mcp
Authentication Problems
- Clear your browser cookies and retry the OAuth flow
- Make sure you’re selecting the correct workspace during authorization
- Contact RunReveal support if you continue having issues
Tool Access Issues
- Verify your RunReveal user has appropriate permissions for the tools you’re trying to use
- Some tools may require specific roles or permissions within your workspace
Security Considerations
- The MCP connection uses OAuth for secure authentication
- Tools respect your existing RunReveal permissions and access controls
- All data transmission is encrypted over HTTPS
- You can revoke access at any time through your RunReveal workspace settings
Next Steps
With MCP set up, you can now leverage AI assistants to:
- Streamline your security operations workflows
- Get natural language insights from your data
- Automate common detection and analysis tasks
- Collaborate more effectively with your security team