Elastic Security MCP App
The Elastic Security MCP App brings interactive Elastic Security dashboards into Claude, Cursor, Visual Studio Code, and other Model Context Protocol (MCP) hosts. Use it to triage alerts, hunt threats, correlate attack chains, and open cases inside the AI conversation, with each action writing back to Elasticsearch and Kibana through the same APIs the product uses.
The app is a reference implementation that you install on your own machine. The elastic/example-mcp-app-security repository hosts the open-source project, including the source code, releases, and host-specific setup guides. The app is not a built-in Kibana feature.
The Elastic Security MCP App ships with the following tools, each backed by an interactive React UI that renders inline in the AI host conversation. Watch a demo of these tools in action.
| Tool | What it does |
|---|---|
| Alert Triage | Retrieve, filter, and triage Elastic Security alerts with AI-generated benign/suspicious/malicious classifications, a process tree, and network event details. |
| Attack Discovery | Run AI-correlated attack chain analysis on demand, with confidence scoring, entity risk, and MITRE ATT&CK mapping. |
| Case Management | Create, search, and manage SOC investigation cases, with AI-assisted summary, next-step, IOC extraction, and timeline actions. |
| Detection Rules | Browse, tune, and manage detection rules, with Kibana Query Language (KQL) search, query validation, and noisy-rule analysis. |
| Threat Hunt | Run an ES|QL workbench with clickable entities and an interactive investigation graph for pivot analysis. |
| Sample Data | Generate Elastic Common Schema (ECS)-compliant security events for four pre-built attack scenarios so you can demo or test without production data. |
For per-tool capabilities and screenshots, refer to the features overview in the repository.
The tools compose into an end-to-end SOC loop you can drive entirely from the AI conversation. A typical walkthrough looks like this:
- Generate sample data. Ask the agent to populate your cluster with one of the four pre-built attack scenarios (ransomware, lateral movement, credential theft, or data exfiltration). The Sample Data tool writes ECS-compliant events you can safely clean up later.
- Triage alerts. Ask the agent to triage by host, rule, user, or time window. The Alert Triage tool classifies each alert as benign, suspicious, or malicious above the raw alert list. Click any alert for the process tree, network events, related alerts, and MITRE ATT&CK tags.
- Hunt for threats. Ask the agent to hunt across your indices. The Threat Hunt tool returns an ES|QL workbench with the query pre-populated and auto-executed, plus an investigation graph for entity pivots.
- Run Attack Discovery. Ask the agent to correlate the alerts and findings into attack chains. The Attack Discovery tool calls the Attack Discovery API and returns ranked findings with MITRE tactics, risk scores, and impacted hosts and users.
- Open cases. Approve findings in bulk or ask the agent to open cases for specific alerts. The Case Management tool creates one case per finding, attaches the source alerts, and renders the live case list inline.
For the narrative version of this walkthrough, refer to the Elastic Security Labs blog post.
- A supported MCP host, such as Claude Desktop, Claude.ai, Cursor, Visual Studio Code with GitHub Copilot Chat, or Claude Code.
- The Elasticsearch URL, Kibana URL, and an Elasticsearch API key for an account with the required permissions.
- A configured large language model (LLM) connector in Kibana for any tool that calls Attack Discovery.
- Building from source requires Node.js 20 or later. Node.js is not required for the prebuilt
.mcpbbundle (a one-click installer for Claude Desktop).
The Elastic Security MCP App authenticates to Elasticsearch with an API key. Most users can start with a built-in Kibana role plus a small companion role for index access. Fully custom roles are also supported. For role and privilege requirements, including a Quickstart procedure with built-in roles, a fully scripted custom-role JSON, and troubleshooting for common 401 and 403 errors, refer to the repository's permissions guide.
The repository's permissions guide targets stateful deployments (Elastic Stack self-managed and Elastic Cloud Hosted). Serverless permissions guidance, including the role mapping for Elastic Security Serverless tiers such as t1_analyst and soc_manager, is pending. To request guidance, open an issue in the repository.
Install the app in your MCP host of choice.
The fastest path is the one-click .mcpb bundle, which includes everything the app needs and prompts you for your Elasticsearch URL, Kibana URL, and API key during install.
- Download
example-mcp-app-security.mcpbfrom the latest release. - Double-click the file. Claude Desktop opens the installer.
- When prompted, paste your Elasticsearch URL, Kibana URL, and API key.
- Restart Claude Desktop and ask the agent to generate sample data to confirm the install.
For manual configuration, updating to a newer release, and troubleshooting, refer to the Claude Desktop setup guide.
Connect the MCP app to Cursor through npx or by pointing Cursor at a locally running server. Follow the Cursor setup guide for the exact configuration block to add to your Cursor settings, including the environment variables for your Elasticsearch URL, Kibana URL, and API key.
Connect the MCP app to Visual Studio Code GitHub Copilot through npx or by pointing the editor at a locally running server. Follow the Visual Studio Code setup guide for the exact configuration block to add to your MCP settings.
Register the MCP app with the claude mcp add CLI. Follow the Claude Code setup guide for the exact command, including the environment variables for your Elasticsearch URL, Kibana URL, and API key.
Expose the MCP app to Claude.ai through a cloudflared tunnel that fronts your local server. Follow the Claude.ai setup guide for the tunnel configuration and the Claude.ai connector setup steps.
Next, install the optional Claude Skills that help your agent determine when to use each tool.
When you ask Claude (or another supported host) to triage alerts or run a threat hunt, the host calls a tool on the app's MCP server, which runs locally on your machine. The server returns a compact text summary that the model reasons over, plus an interactive React UI that renders inline in the conversation. From that point on, the UI handles all subsequent interactions directly, which keeps the LLM context small while the UI has full data access.
The LLM only ever receives compact summaries. The UI loads full investigation data through the same local server. Your Elasticsearch API key permissions apply to every action the app takes.
The app implements the MCP Apps extension to the Model Context Protocol.
- The app targets the
defaultKibana space only. Cross-space workflows aren't supported. - The app is a reference implementation, not a built-in Kibana feature. It's licensed under Elastic-2.0 and supported through the project repository, not Elastic support channels.
- Host support depends on the MCP host. Refer to the MCP Apps client matrix for the current list of compatible hosts.
- Attack Discovery: AI-powered attack chain correlation in Kibana.
- Elastic Agent Builder: An AI agent platform for Elastic Security in Kibana.
- LLM connectors: Configure a generative AI provider for Kibana.
- MCP Apps overview: The Model Context Protocol extension that lets MCP servers ship interactive UIs.
- Elastic Security Labs blog post: The release announcement, with screenshots, a narrative walkthrough, and a perspective from Elastic's Chief Information Security Officer.