A practical guide to building an observable Phishing Triage Assistant with MCP and structured logging
TLDR: We show structured logging of AI Agents with MCP to tackle Phishing Triage, allowing continuous security monitoring in a SIEM and automated remediation in a SOAR.
This code is a companion to our technical blog post, published by Realm.Security.
See the technical blog for more details.
mcp_server.pyprovides the MCP server using FastMCP, instrumented with client-side loggingagent_client.pyprovides the AI agent using LangGraph, with structured logging across both agent and tools
Ensure uv is installed to manage the Python dependencies.
Run the MCP server:
uv run -- python mcp_server.pyThen, in a separate terminal, run the AI agent.
uv run -- python agent_client.pyThe agent requires access to a Large Language Model (LLM), and is set up to use Anthropic Claude Sonnet 3.7 through AWS Bedrock by default. Ensure your access credentials are available to the LangChain API.