MCP servers on Tracecat

Connect security and IT agents to 50+ hosted MCP servers. No infra to manage.

Search and analyze security telemetry across the Elastic stack.

Investigate alerts and run detections on Panther.

Search indexes and triage events on Splunk (Cloud or on-prem).

Microsoft Sentinel

Query Sentinel's data lake and triage incidents across Microsoft Defender.

Query security data and run detections on RunReveal.

Google Cloud SecOps

Triage SIEM alerts and run SOAR workflows on Google Cloud SecOps.

Search logs and triage incidents on Sumo Logic Cloud SIEM and SOAR.

CrowdStrike Falcon

Investigate detections and devices on CrowdStrike Falcon.

SentinelOne Purple

Query Purple AI, alerts, and vulnerabilities on SentinelOne.

Manage Apple devices across Jamf Pro, Protect, and Security Cloud.

Manage Apple devices and inventory across Iru (formerly Kandji) endpoints.

Investigate browser and code editor extension risk.

Microsoft Defender XDR

Triage Defender XDR detections across endpoints, identity, and email.

Investigate cloud security findings, identities, and exposures on Wiz.

Call any of 15,000+ AWS APIs via the official AWS MCP server.

Microsoft Entra ID

Query users, groups, and access policies through Microsoft Graph.

Manage users, groups, apps, policies, and logs on Okta.

HashiCorp Vault

Read mounts, KV secrets, and PKI from HashiCorp Vault.

Control Cloudflare edge, DNS, WAF, and Zero Trust.

Query ZIA, ZPA, ZDX, and the rest of the Zscaler SASE stack.

Palo Alto Networks

Investigate incidents and assets on Cortex XSIAM and XDR.

Run SAST scans and review findings with Semgrep.

Scan code, dependencies, containers, and IaC with Snyk.

Review controls, tests, and risks across Vanta compliance frameworks.

Query controls, evidence, and audit data across Drata trust workflows.

Check IP context and trending vulnerabilities on GreyNoise.

Read curated threat intelligence feeds from Feedly.

Look up file, URL, IP, and domain reputation via Google Threat Intelligence.

Enrich people and companies on demand with Sixtyfour.

Query Datadog metrics, logs, traces, monitors, and incidents.

Search issues, events, and releases on Sentry.

Query dashboards, Prometheus, Loki, and alerts on Grafana.

Run SQL against ClickHouse analytical databases.

Query Snowflake via Cortex Agents and run SQL.

Query Databricks SQL, Vector Search, Genie, and Unity Catalog.

Create, search, and update Linear issues and projects.

Jira / Atlassian

Read and write Jira issues, Confluence pages, and Atlassian Cloud objects.

Search and act across Jira and Confluence via the Rovo agent endpoint.

Query and update ServiceNow ITSM records via the Zurich MCP server.

Read repos, issues, PRs, and code search on GitHub.

Read repos, issues, MRs, and pipelines on GitLab.

Create incidents, manage alerts, and respond to escalations on incident.io.

Read incidents, schedules, services, and on-call from PagerDuty.

Manage incidents and on-call rotations on Rootly.

Plan and apply infrastructure changes with Terraform.

Run playbooks and manage automation jobs on Ansible Automation Platform.

Search, label, and send mail through Gmail.

Read, create, and send mail through Microsoft 365.

Search messages, post to channels, and manage canvases on Slack.

Microsoft Teams

Send chats, manage channels, and run team operations on Microsoft Teams.

Microsoft user profiles

Read user, manager, and directory data through Microsoft Graph /me.

Create documents and comments in Microsoft Word.

Microsoft OneDrive

Search, share, and manage files on OneDrive.

Microsoft SharePoint

Work with sites, lists, drives, and files on SharePoint.

Search, read, and create files on Google Drive.

Google Calendar

Read events and schedule meetings on Google Calendar.

Read and write pages, databases, and comments on Notion.