search
Book a DemoStart FreeContact Us

Install the Spyderbat MCP Server

Model Context Protocol (MCP) server for LLMs to interact with Spyderbat's API, enabling AI assistants to search, query, and manage Spyderbat resources.

hashtag
What is MCP?

The Model Context Protocol (MCP) is a standardized protocol that enables AI assistants and Large Language Models (LLMs) to securely connect to external data sources and tools. The Spyderbat MCP server implements this protocol to provide AI-powered tools with direct access to Spyderbat's API, allowing them to search, query, and manage Spyderbat resources including agents, analytics policies, investigations, notifications, and more.

By using the Spyderbat MCP server, AI assistants can help users interact with Spyderbat's platform through natural language, making it easier to investigate security events, manage agents, configure policies, and retrieve information without needing to navigate the UI or write API calls directly.

hashtag
Quick Start

Claude Code CLI:

claude mcp add --transport http -s project spyderbat https://api.spyderbat.com/mcp/v1/mcp --header "Authorization: Bearer <your-api-key>"

Cursor / Windsurf / Cline: Add to your MCP config:

{
  "mcpServers": {
    "spyderbat": {
      "url": "https://api.spyderbat.com/mcp/v1/mcp",
      "transport": "streamable-http",
      "headers": { "Authorization": "Bearer <your-api-key>" }
    }
  }
}

Restart your client, then try: "List my Spyderbat organizations"

hashtag
One-Click Install

Install the Spyderbat MCP server directly in your editor:

Install in Cursorarrow-up-right Install in VS Codearrow-up-right Add to LM Studioarrow-up-right

Note: You'll be prompted to enter your Spyderbat API key during installation. Create an API key if you don't have one.

hashtag
Prerequisites

Before configuring the Spyderbat MCP server, ensure you have:

  • A Spyderbat account with API access

  • A valid API key (How to create one)

  • An MCP-compatible client (Claude Code, Cursor, Windsurf, or VS Code with Cline/Continue)

Security Note: Never commit your API key to version control. API keys grant full access to your organization's Spyderbat data.

hashtag
MCP Server Endpoints

The Spyderbat MCP server is deployed and available at the following endpoints:

hashtag
Using MCP Inspector

MCP Inspector is a graphical tool that allows you to interact with and test the Spyderbat MCP server. It provides a user-friendly interface to explore available tools, test queries, and inspect responses.

hashtag
Installation

MCP Inspector can be installed from the official MCP Inspector repository or downloaded as a standalone application. Visit the MCP Inspector releases pagearrow-up-right to download the latest version for your operating system.

hashtag
Configuration

To connect MCP Inspector to the Spyderbat MCP server, follow these steps:

  1. Transport Type: Select Streamable HTTP

  2. URL: Enter the appropriate endpoint based on your organization's region:

    • US Region: https://api.spyderbat.com/mcp/v1/mcp

    • Mumbai Region: https://api.mum.prod.spyderbat.com/mcp/v1/mcp

  3. Connection Type: Select Via Proxy

  4. Authentication: Configure authentication using custom headers:

    • Enable Custom Headers

    • Add a header with:

      • Key: Authorization

      • Value: Bearer <your-api-key>

    Replace <your-api-key> with your actual Spyderbat API key. To create an API key, see How to Set Up Your Spyderbat API Key.

  5. Click Connect to establish the connection to the Spyderbat MCP server.

MCP Inspector interface showing connected state with tools list and authentication configuration
MCP Inspector connected to Spyderbat MCP server listing tools

Once connected, you can browse available tools, view their schemas, and test them directly from the MCP Inspector interface.

hashtag
Video Overview

Watch a demonstration of the Spyderbat MCP server: https://www.loom.com/share/1ba8c96999484d20a8f5b831c07cff6aarrow-up-right

hashtag
Using Claude Code CLI

Claude Code is Anthropic's official CLI for Claude. You can add the Spyderbat MCP server to use it within your terminal-based AI workflow.

hashtag
Installation

Run the following command to add the Spyderbat MCP server:

Command options:

  • --transport http: Use HTTP-based communication (streamable HTTP)

  • -s project: Add to the current project only (use -s user for global configuration)

  • spyderbat: The name for this MCP server

  • --header: Set the Authorization header with your API key

Replace <your-api-key> with your actual Spyderbat API key. To create an API key, see How to Set Up Your Spyderbat API Key.

After adding the server, restart Claude Code for the changes to take effect.

hashtag
Verifying the Connection

Once restarted, you can verify the MCP server is connected by asking Claude to list your organizations:

You should see a list of organizations your API key has access to.

hashtag
Using Cursor Agent

You can configure the Spyderbat MCP server to work with Cursor's AI agent, allowing you to interact with Spyderbat resources directly from your code editor.

hashtag
Configuration

To set up the Spyderbat MCP server in Cursor, you need to add the configuration to your Cursor settings. The MCP server configuration is typically located in your Cursor settings file (usually found in your user settings or workspace configuration).

Add the following configuration to your mcpServers settings:

Configuration details:

  • url: The Spyderbat MCP endpoint. Use the appropriate endpoint for your region:

    • US Region: https://api.spyderbat.com/mcp/v1/mcp

    • Mumbai Region: https://api.mum.prod.spyderbat.com/mcp/v1/mcp

  • transport: Must be "streamable-http" for HTTP-based communication

  • headers.Authorization: Replace <your-api-key> with your Spyderbat API key. See How to Set Up Your Spyderbat API Key.

After saving the configuration, restart Cursor to enable the MCP server connection.

hashtag
Using Windsurf

Windsurf supports MCP servers through its configuration file.

hashtag
Configuration

Add the following to ~/.codeium/windsurf/mcp_config.json:

Replace <your-api-key> with your Spyderbat API key and restart Windsurf.

hashtag
Using VS Code with Cline

Cline is a popular VS Code extension that supports MCP servers.

hashtag
Configuration

In VS Code, open Cline settings and add the MCP server configuration:

Replace <your-api-key> with your Spyderbat API key and reload VS Code.

hashtag
Example Prompts

Once connected, you can interact with Spyderbat using natural language. Here are some example prompts to get started:

hashtag
Organization & Agent Management

  • "List my Spyderbat organizations"

  • "Show me all agents in my organization"

  • "Get details about agent mach:abc123"

hashtag
Security Event Search

Search for security events (redflags) in your environment:

  • "Search for security events in the last 24 hours"

  • "Find all credential leakage events this week"

  • "Show me high severity security alerts from the last hour"

hashtag
Understanding Schemas

All searches in Spyderbat require a schema that defines the type of data you're querying. Before searching, you need to know which schema to use.

To discover available schemas, ask:

  • "What search schemas are available in my organization?"

  • "List the search schemas for org <org_uid>"

Common schemas include:

Schema
Description

event_redflag

Security events and alerts

event_opsflag

Operational events

model_process

Process execution data

model_container

Container data

model_k8s_cluster

Kubernetes cluster data

model_connection

Network connections

Once you know the schema, you can run searches like:

  • "Search for security alerts in the last 24 hours" → uses event_redflag

  • "Show me all running containers in the production namespace" → uses model_container

  • "Find processes running as root in my cluster" → uses model_process

  • "What network connections were made to external IPs today?" → uses model_connection

hashtag
Advanced Search Queries

The search_with_args tool supports powerful query syntax:

  • Wildcard search: * matches all records

  • Field filtering: severity = "high" or short_name = "credential_leakage"

  • Pattern matching: proc_name ~= "*kubelet*"

  • Compound queries: severity = "high" and cluster_name = "prod"

Example conversation:

hashtag
Troubleshooting

hashtag
Common Issues

401 Unauthorized

  • Verify your API key is valid and not expired

  • Ensure the Authorization header format is exactly: Bearer <your-api-key>

Connection Timeout

  • Check that your network can reach api.spyderbat.com

  • Verify the endpoint URL matches your organization's region

Tools Not Appearing

  • Restart your MCP client after configuration changes

  • For Claude Code: exit and restart the CLI

  • For Cursor: fully restart the application

Empty Search Results

  • Verify the organization UID is correct (use list_organizations first)

  • Check that your time range includes data (use get_current_time for current Unix timestamp)

  • Ensure you have permission to access the specified organization

hashtag
Getting Help

If you encounter issues not covered here, check the Spyderbat documentation or contact support.

Last updated

Was this helpful?