One agent, three interfaces:
- Streamlit UI (standalone HTTPS web app; Docker/Compose ready)
- Slackbot (XSIAM-only; import integration and run as a long-running job)
- Task/Playbook (XSIAM-only; commands callable from playbooks/automations)
All variants auto-discover MCP tools, call them through Gemini/Vertex AI, and share the same backend logic; only the interface differs.
streamlit/— Streamlit chat UI. Seestreamlit/README.md(Dockerfile + docker-compose included).xsiam-slackbot/— Slack bot integration for Cortex XSIAM. Seexsiam-slackbot/README.md.xsiam-task/— Playbook/command integration for Cortex XSIAM. Seexsiam-task/README.md.
- Streamlit UI:
cd streamlit && pip install -r requirements.txt && streamlit run src/main.py(setGEMINI_API_KEYor Vertex creds plusMCP_URL/MCP_TOKEN; usedocker-compose.ymlfor a containerized run with the MCP server). - XSIAM Task: import
xsiam-task/integration.ymlinto XSIAM/XSOAR; configure MCP URL/token, Gemini model/API key or Vertex service account; call the command from a playbook. - Slackbot: import
xsiam-slackbot/integration.yml, set Slack bot/app tokens, platform API keys, MCP URL/token, and Gemini/Vertex creds; run as a long-running job in XSIAM.