Connect
Optimize
Secure
The #1 agentic semantic tool search: 91.6% first-try accuracy on S1 Search Bench • Explore Tool Discovery →
Connect your AI agent to StackOne's Lacework FortiCNAPP MCP server and give it 56 MCP tools out of the box. Auth, tool execution, and security all managed.
Coverage
Create, read, update, and delete across Lacework FortiCNAPP — and extend your agent's capabilities with custom actions.
Authentication
Per-user OAuth in one call. Your Lacework FortiCNAPP MCP server gets session-scoped tokens with zero credentials stored on your infra.
Agent Auth →Security
Every Lacework FortiCNAPP tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.
Prompt Injection Defense →Performance
Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Lacework FortiCNAPP call.
Tools Discovery →A Lacework FortiCNAPP MCP server lets AI agents read and write Lacework FortiCNAPP data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Lacework FortiCNAPP MCP server ships with 56 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, observability, and agent execution runtime. Connect it from MCP clients like Claude Desktop, Claude Code, Cursor, Goose, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.
Every action from Lacework FortiCNAPP's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.
Create an alert channel by specifying parameters in the request body.
Get a list of alert channels for the current user.
Get details about an alert channel.
Update an alert channel by specifying parameters in the request body.
Delete an alert channel.
Create an alert rule by specifying parameters in the request body.
List all alert rules in your Lacework instance.
Get details about an alert rule.
Update an alert rule by specifying parameters in the request body.
Delete an alert rule.
Get a list of alerts during the specified date range.
Search alerts.
Get details about an alert.
Create a cloud account by specifying parameters in the request body.
Get a list of cloud accounts for the current user.
Get details about a cloud account.
Update a cloud account by specifying parameters in the request body.
Delete a cloud account.
Create a container registry by specifying parameters in the request body.
Get details about a container registry.
Update a container registry by specifying parameters in the request body.
Delete a container registry.
Create a Lacework Query Language (LQL) policy by specifying parameters in the request body.
Get details about a single LQL policy.
Update an existing LQL policy registered in your Lacework instance by specifying parameters in the request body.
Delete an LQL custom policy registered in your Lacework instance.
Create a resource group by specifying parameters in the request body.
Get a list of all resource groups for the account.
Get details about a resource group.
Update a resource group by specifying parameters in the request body.
Delete a resource group.
Create a team member in your Lacework instance.
Get a list of team members in your Lacework instance.
Get details about a team member.
Optionally update the userName and userEnabled settings and the props sub-settings of the passed in team member.
Delete a team member.
Create a vulnerability exception by specifying parameters in the request body.
Get a list of all vulnerability exceptions for the account.
Delete a vulnerability exception.
Create a Lacework Query Language (LQL) query by specifying parameters in the request body.
Get audit logs.
Get a list of container registries for the current user.
Search for machines in your environment.
Search for users in your environment.
The Inventory API enables you to retrieve information about resources in your cloud integrations, such as virtual machines, S3 buckets, security groups, and more, using the following endpoint: By default, Lacework collects resource information once a day.
List all registered LQL policies in your Lacework instance.
List all registered LQL queries in your Lacework instance.
Get details about a single LQL query.
Retrieve a compliance report filtered by report type, severity, status, and format.
Search the scan (assessment), including the risk score and scan status, the vulnerabilities found in the scan, and statistics for those vulnerabilities.
Search the scan (assessment), including the risk score and scan status, vulnerabilities found in the scan, and statistics about those vulnerabilities.
Update an existing LQL query registered in your Lacework instance.
Delete a Lacework Query Language (LQL) query registered in your Lacework instance.
Post a user comment on an alert’s timeline.
Change the status of an alert to closed.
Run an existing LQL query registered in your Lacework instance.
One endpoint. Any framework. Your agent is talking to Lacework FortiCNAPP in under 10 lines of code.
Agent Frameworks
{
"mcpServers": {
"stackone": {
"command": "npx",
"args": [
"-y",
"mcp-remote@latest",
"https://api.stackone.com/mcp?x-account-id=<account_id>",
"--header",
"Authorization: Basic <YOUR_BASE64_TOKEN>"
]
}
}
}141+ actions
110+ actions
87+ actions
69+ actions
67+ actions
65+ actions
57+ actions
Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.
11 min
Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.
10 min
MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.
12 min
MCP vs A2A: what each protocol standardizes, how they differ, their shared security risks including indirect prompt injection, and when to use one, both, or a hybrid architecture.
12 min
MCP wraps APIs, it doesn't replace them. After building 200+ connectors that serve both, here's when each approach wins.
14 min read
origin_owner_id.All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.