Skip to main content

The #1 agentic semantic tool search: 91.6% first-try accuracy on S1 Search Bench Explore Tool Discovery

Live 56 Actions

Lacework FortiCNAPP MCP Server
for AI Agents

Connect your AI agent to StackOne's Lacework FortiCNAPP MCP server and give it 56 MCP tools out of the box. Auth, tool execution, and security all managed.

Lacework FortiCNAPP logo
Lacework FortiCNAPP MCP Server
Built by StackOne StackOne
DrataGPLocalyzeFlipMindtoolsScreenloop

Coverage

56 Agent Actions

Create, read, update, and delete across Lacework FortiCNAPP — and extend your agent's capabilities with custom actions.

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Lacework FortiCNAPP MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Lacework FortiCNAPP tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Lacework FortiCNAPP call.

Tools Discovery →

What is the Lacework FortiCNAPP MCP Server?

A Lacework FortiCNAPP MCP server lets AI agents read and write Lacework FortiCNAPP data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Lacework FortiCNAPP MCP server ships with 56 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, observability, and agent execution runtime. Connect it from MCP clients like Claude Desktop, Claude Code, Cursor, Goose, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Lacework FortiCNAPP MCP Tools

Every action from Lacework FortiCNAPP's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Alert Channels

  • Create Alert Channel

    Create an alert channel by specifying parameters in the request body.

  • List Alert Channels

    Get a list of alert channels for the current user.

  • Get Alert Channel

    Get details about an alert channel.

  • Update Alert Channel

    Update an alert channel by specifying parameters in the request body.

  • Delete Alert Channel

    Delete an alert channel.

Alert Rules

  • Create Alert Rule

    Create an alert rule by specifying parameters in the request body.

  • List Alert Rules

    List all alert rules in your Lacework instance.

  • Get Alert Rule

    Get details about an alert rule.

  • Update Alert Rule

    Update an alert rule by specifying parameters in the request body.

  • Delete Alert Rule

    Delete an alert rule.

Alerts

  • List Alerts

    Get a list of alerts during the specified date range.

  • Search Alerts

    Search alerts.

  • Get Alert

    Get details about an alert.

Cloud Accounts

  • Create Cloud Account

    Create a cloud account by specifying parameters in the request body.

  • List Cloud Accounts

    Get a list of cloud accounts for the current user.

  • Get Cloud Account

    Get details about a cloud account.

  • Update Cloud Account

    Update a cloud account by specifying parameters in the request body.

  • Delete Cloud Account

    Delete a cloud account.

Container Registrys

  • Create Container Registry

    Create a container registry by specifying parameters in the request body.

  • Get Container Registry

    Get details about a container registry.

  • Update Container Registry

    Update a container registry by specifying parameters in the request body.

  • Delete Container Registry

    Delete a container registry.

Policys

  • Create Policy

    Create a Lacework Query Language (LQL) policy by specifying parameters in the request body.

  • Get Policy

    Get details about a single LQL policy.

  • Update Policy

    Update an existing LQL policy registered in your Lacework instance by specifying parameters in the request body.

  • Delete Policy

    Delete an LQL custom policy registered in your Lacework instance.

Resource Groups

  • Create Resource Group

    Create a resource group by specifying parameters in the request body.

  • List Resource Groups

    Get a list of all resource groups for the account.

  • Get Resource Group

    Get details about a resource group.

  • Update Resource Group

    Update a resource group by specifying parameters in the request body.

  • Delete Resource Group

    Delete a resource group.

Team Members

  • Create Team Member

    Create a team member in your Lacework instance.

  • List Team Members

    Get a list of team members in your Lacework instance.

  • Get Team Member

    Get details about a team member.

  • Update Team Member

    Optionally update the userName and userEnabled settings and the props sub-settings of the passed in team member.

  • Delete Team Member

    Delete a team member.

Vulnerability Exceptions

  • Create Vulnerability Exception

    Create a vulnerability exception by specifying parameters in the request body.

  • List Vulnerability Exceptions

    Get a list of all vulnerability exceptions for the account.

  • Delete Vulnerability Exception

    Delete a vulnerability exception.

Other (17)

  • Create Query

    Create a Lacework Query Language (LQL) query by specifying parameters in the request body.

  • List Audit Logs

    Get audit logs.

  • List Container Registries

    Get a list of container registries for the current user.

  • Search Machines

    Search for machines in your environment.

  • Search Users

    Search for users in your environment.

  • Search Inventory

    The Inventory API enables you to retrieve information about resources in your cloud integrations, such as virtual machines, S3 buckets, security groups, and more, using the following endpoint: By default, Lacework collects resource information once a day.

  • List Policies

    List all registered LQL policies in your Lacework instance.

  • List Queries

    List all registered LQL queries in your Lacework instance.

  • Get Query

    Get details about a single LQL query.

  • List Reports

    Retrieve a compliance report filtered by report type, severity, status, and format.

  • Search Container Vulnerabilities

    Search the scan (assessment), including the risk score and scan status, the vulnerabilities found in the scan, and statistics for those vulnerabilities.

  • Search Host Vulnerabilities

    Search the scan (assessment), including the risk score and scan status, vulnerabilities found in the scan, and statistics about those vulnerabilities.

  • Update Query

    Update an existing LQL query registered in your Lacework instance.

  • Delete Query

    Delete a Lacework Query Language (LQL) query registered in your Lacework instance.

  • Comment Alert

    Post a user comment on an alert’s timeline.

  • Close Alert

    Change the status of an alert to closed.

  • Execute Query

    Run an existing LQL query registered in your Lacework instance.

Set Up Your Lacework FortiCNAPP MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Lacework FortiCNAPP in under 10 lines of code.

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

Check More Security MCP Servers

Cloudflare

141+ actions

OneLogin

110+ actions

Auth0

87+ actions

Sentinel XS

69+ actions

JumpCloud

65+ actions

Drata

57+ actions

Lacework FortiCNAPP MCP Server FAQ

Does StackOne have a Lacework FortiCNAPP MCP server?
Yes. StackOne offers a hosted Lacework FortiCNAPP MCP server with 56 pre-built actions, and every action is tested and QA'd by StackOne. Connect it to Claude, Cursor, and any other MCP client, or to any agent framework through the AI Action SDK. It ships with managed agent authentication, prompt injection defense, and tool discovery with server-side execution that preserve your agent's context window and keep reasoning performance.
Lacework FortiCNAPP MCP server vs direct API integration — what's the difference?
A Lacework FortiCNAPP MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Lacework FortiCNAPP. A Lacework FortiCNAPP MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Lacework FortiCNAPP at runtime. StackOne provides both.
How does Lacework FortiCNAPP authentication work for AI agents?
Lacework FortiCNAPP authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Lacework FortiCNAPP account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Lacework FortiCNAPP MCP tools vulnerable to prompt injection?
Yes — Lacework FortiCNAPP MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Lacework FortiCNAPP agent and how do I avoid it?
Context bloat happens when Lacework FortiCNAPP tool schemas and API responses eat your Lacework FortiCNAPP agent's memory, preventing it from reasoning effectively. A single Lacework FortiCNAPP query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Lacework FortiCNAPP agent can access?
Yes — you can limit which actions your Lacework FortiCNAPP agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Lacework FortiCNAPP MCP server?
Yes — you can create custom agent actions for your Lacework FortiCNAPP MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Lacework FortiCNAPP's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Lacework FortiCNAPP MCP server?
Skip a Lacework FortiCNAPP MCP server if your integration is purely software-to-software — direct Lacework FortiCNAPP API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Lacework FortiCNAPP actions at runtime.
What AI frameworks and AI clients does the StackOne Lacework FortiCNAPP MCP server support?
The StackOne Lacework FortiCNAPP MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.