# Using MCP for Security Operations Scanner's MCP integration enables three complementary approaches to security operations: ## Interactive Investigations Guided, real-time exploration of your security data. You ask questions, your AI queries Scanner iteratively, and you refine the investigation direction as findings emerge. **Best for:** Incident response, alert triage, threat hunting, following investigative leads → [Interactive Investigations](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations/interactive-investigations.md) ## Detection Engineering Write, test, and validate detection rules with your AI. Get rule suggestions, test them against your data, migrate rules from other platforms, and tune for your environment. **Best for:** Building new detections, tuning existing rules, migrating from other platforms, ensuring coverage → [Detection Engineering](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations/detection-engineering.md) ## Autonomous Workflows AI agents that run continuously to hunt threats, triage alerts, analyze coverage, and investigate IOCs 24/7. **Best for:** Continuous monitoring, scheduled hunting, automation at scale → [Autonomous Workflows](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations/autonomous-workflows.md) *** ## Getting Started New to Scanner MCP? Check out [setup instructions](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/getting-started.md) to connect Scanner and get running. Choose your approach based on your current need, or use all three together for comprehensive AI-driven security operations. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scanner.dev/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.