ReferenceModel Context Protocol

Model Context Protocol

The Model Context Protocol (MCP) allows you to connect AI assistants like Claude and Cursor to external data sources and tools. This guide shows you how to set up RunReveal’s remote MCP server with both Claude and Cursor.

What is Remote MCP?

Remote MCP allows you to connect to MCP servers running on remote hosts over HTTP/HTTPS, rather than just local processes. This enables you to:

  • Access your RunReveal data and tools from any AI assistant that supports MCP
  • Share MCP servers across multiple team members
  • Run MCP servers in production environments
  • Centralize data access and permissions

Setting Up with Claude

Prerequisites

  • A RunReveal account with API access
  • Claude Desktop or Claude.ai account

Step 1: Add the Integration

  1. In Claude, go to Add integration (BETA)
  2. Enter the following details:
    • Integration Name: RunReveal
    • Server URL: https://api.runreveal.com/mcp

Claude MCP Setup Screen 1

Step 2: Trust the Integration

Claude will show a warning that this integration has not been verified by Anthropic. Click Add to proceed.

Step 3: Authorize with RunReveal

  1. You’ll be redirected to RunReveal’s authorization page
  2. Review the OAuth client information:
    • Client Name: claudeai
    • Client ID: (will be displayed)
  3. Select your workspace from the dropdown
  4. Click Continue to authorize the connection

Claude MCP Authorization

Step 4: Verify the Connection

Once authorized, you should see RunReveal listed in your Claude integrations with available tools:

Claude MCP Tools

The RunReveal MCP integration provides access to several tools:

  • detections_list - List all detection rules
  • detections_get - Get details for a specific detection
  • run_query - Execute SQL queries against your data
  • list_tables - View available data tables
  • get_table_schema - Get schema information for tables
  • detections_create - Create new detection rules

All currently available tools require Queries & Detection Read permissions, and the detections_create tool requires Queries & Detection Write permissions.

Claude MCP Available Tools

Setting Up with Cursor

Prerequisites

  • A RunReveal account with API access
  • Cursor IDE installed

Configuration

Click this link: Install MCP Server

Or, manually add this to your configuration:

{
  "mcpServers": {
    "RunReveal": {
      "url": "https://api.runreveal.com/mcp"
    }
  }
}

Authentication Flow

Similar to Claude, Cursor will redirect you to RunReveal’s OAuth authorization page where you can:

  1. Select your workspace
  2. Grant the necessary permissions
  3. Complete the OAuth flow

Available Tools and Capabilities

Once connected, both Claude and Cursor can help you with:

Data Analysis

  • Query your log data with natural language
  • Explore table schemas and relationships
  • Generate SQL queries for complex analysis

Detection Management

  • List and review existing detection rules
  • Create new detections based on your requirements
  • Get detailed information about specific detections

Security Operations

  • Investigate security events and incidents
  • Analyze patterns in your data
  • Generate reports and summaries

Example Usage

Once set up, you can ask your AI assistant questions like:

  • “Show me all failed login attempts from the last 24 hours”
  • “What detection rules do we have for privilege escalation?”
  • “Create a new detection for suspicious file downloads”
  • “What tables contain network traffic data?”

Troubleshooting

Connection Issues

  • Verify your RunReveal API credentials are valid
  • Check that you have the necessary permissions in your workspace
  • Ensure the MCP server URL is correct: https://api.runreveal.com/mcp

Authentication Problems

  • Clear your browser cookies and retry the OAuth flow
  • Make sure you’re selecting the correct workspace during authorization
  • Contact RunReveal support if you continue having issues

Tool Access Issues

  • Verify your RunReveal user has appropriate permissions for the tools you’re trying to use
  • Some tools may require specific roles or permissions within your workspace

Security Considerations

  • The MCP connection uses OAuth for secure authentication
  • Tools respect your existing RunReveal permissions and access controls
  • All data transmission is encrypted over HTTPS
  • You can revoke access at any time through your RunReveal workspace settings

Next Steps

With MCP set up, you can now leverage AI assistants to:

  • Streamline your security operations workflows
  • Get natural language insights from your data
  • Automate common detection and analysis tasks
  • Collaborate more effectively with your security team