Soc Copilot

v1.0.0

A powerful MCP server built with NitroStack

Connection Setup

Add via Cursor Settings UI (Settings > Features > MCP > Add New MCP Server):

{
  "mcpServers": {
    // your other mcp servers
    "soc-copilot": {
      "url": "https://lucid-6a5b217a-squad-secure-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Connect remote tools directly via Claude's Web UI:

Add custom connector BETA
Connect Claude to your data and tools. Learn more about connectors or get started with pre-built ones.
Advanced settings
Only use connectors from developers you trust. Anthropic does not control which tools developers make available and cannot verify that they will work as intended or that they won't change.

Configure custom tools directly via ChatGPT's Web UI:

New App
PNG only. Best results at 256 x 256 px or larger. Max file size: 10 KB
Custom MCP servers introduce risk. Learn more
OpenAI hasn't reviewed this MCP server. Attackers may attempt to steal your data or trick the model into taking unintended actions, including destroying data.

Add the following configuration block under mcpServers in your Antigravity configuration file (~/.gemini/config/mcp_config.json):

{
  "mcpServers": {
    // your other mcp servers
    "soc-copilot": {
      "serverUrl": "https://lucid-6a5b217a-squad-secure-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"
    }
  }
}

Add the following configuration block to your Codex configuration file (~/.codex/config.toml):

[mcp_servers.soc-copilot]
url = "https://lucid-6a5b217a-squad-secure-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp"

Connect directly using the Server-Sent Events endpoint:

https://lucid-6a5b217a-squad-secure-amrita-university-amritapuri-campus.app.nitrocloud.ai/mcp
Available Tools
list_alerts

List all current alerts awaiting triage

enrich_alert

Enrich a flagged transaction/alert with device risk, geo anomaly, MITRE ATT&CK tags, and IOC-style reputation data

correlate_activity

Find related account activity (logins, resets, prior transactions) for a given account

classify_risk

Return the risk verdict, confidence score, MITRE ATT&CK mapping, counterfactual explanation, and reasoning for an alert

recall_similar_cases

Query the Investigation Memory Engine for past cases similar to this alert. Returns past investigations with matching indicators, human verdicts, and analyst learnings. Use this BEFORE classifying a new alert to leverage institutional knowledge.

check_watchlist

Check if an account is on known bad-actor, sanctions, or fraud watchlists

draft_ticket

Generate a structured incident ticket from an alert, ready for ITSM submission (ServiceNow, Jira, etc.)

memory_stats

Get analytics from the Investigation Memory Engine — AI accuracy over time, false positive rates, and key learnings

investigate_alert

Runs a full investigation on a flagged alert: MEMORY RECALL (queries past similar cases), enrichment, account correlation, risk classification, and SELF-CRITIQUE (reviews own reasoning). Use task augmentation to watch progress live including memory retrieval. Pass `task: {}` in your tools/call request to get a task handle, then poll with tasks/get and retrieve the report with tasks/result.

escalate_to_l2

Drafts and submits a structured escalation packet to L2, including MITRE ATT&CK mapping and memory references. This tool REQUIRES task augmentation — you must pass `task: {}` in your tools/call request. Poll with tasks/get and retrieve your handoff packet via tasks/result.

review_alert

Review a flagged alert with simplified, plain-English explanations for business owners. Includes counterfactual reasoning explaining exactly why this was flagged.

action_transaction

Take action on a suspicious transaction: confirm it was you, block and secure, or get human help