> For the complete documentation index, see [llms.txt](https://docs.scanner.dev/scanner/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.scanner.dev/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations.md). # Using MCP for Security Operations Scanner's MCP integration enables three complementary approaches to security operations: ## Interactive Investigations Guided, real-time exploration of your security data. You ask questions, your AI queries Scanner iteratively, and you refine the investigation direction as findings emerge. **Best for:** Incident response, alert triage, threat hunting, following investigative leads → [Interactive Investigations](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations/interactive-investigations.md) ## Detection Engineering Write, test, and validate detection rules with your AI. Get rule suggestions, test them against your data, migrate rules from other platforms, and tune for your environment. **Best for:** Building new detections, tuning existing rules, migrating from other platforms, ensuring coverage → [Detection Engineering](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations/detection-engineering.md) ## Autonomous Workflows AI agents that run continuously to hunt threats, triage alerts, analyze coverage, and investigate IOCs 24/7. **Best for:** Continuous monitoring, scheduled hunting, automation at scale → [Autonomous Workflows](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations/autonomous-workflows.md) *** ## Getting Started New to Scanner MCP? Check out [setup instructions](/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/getting-started.md) to connect Scanner and get running. Choose your approach based on your current need, or use all three together for comprehensive AI-driven security operations. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.scanner.dev/scanner/using-scanner-complete-feature-reference/mcp-and-ai-secops/using-mcp-for-security-operations.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.