Back to Apps
Elastic Security MCP App
Supports UIby elastic
Interactive SOC dashboards for alert triage, threat hunting, and case management inside AI hosts.
0 stars
0 views
Works in:CursorVS Code Copilot
Exposes:ToolsResources
What it does
This MCP App transforms the AI conversation into a security operations center (SOC). It renders interactive React-based UIs that allow analysts to triage security alerts, visualize attack chains, and manage investigation cases without leaving the chat interface.
Key features
- Alert Triage Dashboard: Interactive cards with AI verdicts, process trees, and network investigation tools.
- Attack Discovery: Correlated attack chain analysis with MITRE mapping and confidence scoring.
- Threat Hunt Workbench: ES|QL-powered exploration with D3 investigation graphs for clickable entities.
- Case Management: AI-assisted creation and management of SOC investigation cases.
- Detection Rule Tuning: KQL search and analysis of noisy rules to optimize detections.
Installation
- Claude Desktop: Download the
.mcpbfile from releases and double-click to install. You will be prompted for your Elasticsearch/Kibana URLs and API key. - Cursor/VS Code: Connect via
npxor by running the server locally and adding the endpoint to your MCP settings. - Claude Code: Use the command
claude mcp addto register the server.
Supported hosts
Confirmed support for Claude Desktop, Cursor, VS Code, and Claude Code.
Quick install
npx elastic-security-mcp-appInformation
- Pricing
- free
- Published
