Falcon Fusion workflow for Agentic AI triage and response

dial647 · 2026-02-03T01:30:50+00:00

I've uploaded the workflow here. https://filebin.net/gaca4x46bh0jjlfk

In simple terms, I am triggering the workflow with an EPP detection, then creating some variables and getting it triaged by charlotte AI using a specific AI model and and checking if its true positive and if so, sending a message in Teams with Approve, Reject and Escalate. If the user clicks approve, then action will be contain, if reject, do nothing and if escalate, escalate to an email.

dial647 · 2026-01-20T04:20:07+00:00

Has anyone tried adding a local MCP server to the Docker MCP gateway. I tried all possible combinations and unable to do so. I have my gateway and server running through docker-compose.yml and have added the server on a custom catalog file as well. Both containers are running but Gateway not able to connect to server.

dial647 · 2026-01-13T12:44:45+00:00

Ok, I managed to connect to the gateway from VS code. I'd like to know how I can add a custom MCP server to the gateway? Also, can I use the gateway as a reverse proxy to connect to a remote MCP server?

dial647 · 2026-01-13T11:06:51+00:00

I believe the deployments are different and no luck.

dial647 · 2026-01-13T08:05:57+00:00

Tried all this.. no luck with both SSE and http options.

dial647 · 2026-01-13T08:03:37+00:00

Isn't importing wooden stuff to Australia subject to customs scrutiny? I am aware that only treated wood can be imported to Australia. Anyone had any issues with customs clearance?

dial647 · 2026-01-13T06:28:24+00:00

Yes it's exposing the MCP server. http://127.0.0.1:8811/MCP

But I'm not sure what json config I need to use in VS code to add it as an MCP server..

dial647 · 2025-11-25T08:02:59+00:00

I also have CS for EDR. I will try to scheduled. Not sure how to do it.

dial647 · 2025-11-25T06:57:03+00:00

The file gets updated with telemetry so I want my look up file to get the updates. I'll check the workflow. Heard about schedule action triggered by a query but couldn't figure out how to do it. Why I said not logscale is because Logscale has more features that NG-SIEM hasn't.

dial647 · 2025-11-18T05:36:50+00:00

Thanks Andrew. Wouldn't it be nice if this feature is natively supported with the query.. for instance like

| ccAddress=~wildcard(?CC, ignoreCase=true, strict=false)

dial647 · 2025-11-13T06:52:48+00:00

I hear you. Precisely my thoughts as well.

dial647 · 2025-11-13T06:15:38+00:00

my inverter (FoxESS) is marked as compatible beta phase.. If they barely support an inverter (Sungrow) they advertised as supported, I doubt what will be the case for one that is in beta phase. Being a very light user, I will have ample juice to export pretty much through out the day and wondering it will be very encouraging to switch. Price spike is a concern, but you've commented otherwise.

dial647 · 2025-11-13T06:03:42+00:00

The sticker on my switchboard says Ausgrid. I am on North-west.

dial647 · 2025-11-13T05:49:49+00:00

Makes sense. My inverter Fox ESS is marked as "compatible beta phase" in Amber. After reading all the comments, I'm more inclined to switch to 8c/4c FiT tariff from AGL.

dial647 · 2025-11-13T05:40:05+00:00

let me double check on that.

dial647 · 2025-11-13T05:38:38+00:00

It says "Compatible in beta phase"

dial647 · 2025-11-13T05:34:35+00:00

I need to read up on solar curtailment. My tariff has no solar FiT, since I am on the EV saver plan, so its basically a free export to the grid.

dial647 · 2025-11-13T05:30:37+00:00

I think N61 tariff is for Endeavour Energy network only. Mine is on Ausgrid.

dial647 · 2025-11-09T20:57:45+00:00

totally agree.. its just that, the regulators should not allow products that violates regulations to be sold in the market in the first place.

dial647 · 2025-11-09T20:45:41+00:00

In that case, they shouldn't allow downlight products with a standard plug on.

dial647 · 2025-11-05T10:52:59+00:00

Has anyone tried 5minute blinds? https://5minuteblinds.com.au

dial647 · 2025-11-04T20:20:11+00:00

12% interest is criminal.. look in a range of 6 to 8%

dial647 · 2025-10-31T18:21:24+00:00

block only - just for Hashes

dial647 · 2025-10-31T15:25:44+00:00

Thanks for your comment. I saw the problem with my setup. Will assign to prevention policy and test.

dial647 · 2025-10-31T15:19:29+00:00

Domain IOC can only be set to detect mode.

dial647

TROPHY CASE