豆豆友情提示:这是一个非官方 GitHub 代理镜像,主要用于网络测试或访问加速。请勿在此进行登录、注册或处理任何敏感信息。进行这些操作请务必访问官方网站 github.com。 Raw 内容也通过此代理提供。
Skip to content

Elastic Security MCP App v1.0.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 20 Apr 15:49
· 2 commits to main since this release
v1.0.0
16db4b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.0.0 — Elastic Security MCP App

Initial release of the Elastic Security MCP App — an MCP App that brings interactive blue-team security operations directly into Claude, Cursor, VS Code, and other MCP-compatible AI hosts.

Tools

Six interactive security operations tools, each with a rich React-based UI that renders inline in the AI conversation:

Alert Triage — Fetch, filter, and triage security alerts with AI verdict cards, process tree visualization, network investigation, and MITRE ATT&CK mapping. Claude acts as a senior analyst with intent-aware filtering and structured Malicious/Suspicious/Benign classifications.

Attack Discovery — On-demand AI-powered correlated attack chain analysis using Elastic's Attack Discovery API. Includes confidence scoring, entity risk assessment, attack flow diagrams, MITRE tactics mapping, and approve/reject triage workflows.

Case Management — Create, search, and manage SOC investigation cases via the Kibana Cases API. Features tabbed detail views, AI action buttons (summarize, suggest next steps, extract IOCs, generate timeline), auto-attach alerts, and markdown-rendered comments.

Detection Rules — Browse, tune, and manage detection rules with KQL search, severity indicators, MITRE tags, query validation, and noisy rules analysis with alert volume bar charts.

Threat Hunt — ES|QL query workbench with a D3 investigation graph. Progressive entity expansion, hover-to-trace connections, draggable nodes, clickable entities, and real Elasticsearch data on click.

Sample Data Generator — Generate ECS-compliant security events across four attack chain scenarios: Windows Credential Theft, AWS Privilege Escalation, Okta Identity Takeover, and Ransomware Kill Chain. All data tagged for safe cleanup.

Installation

Multiple installation options available:

  • Claude Desktop: One-click install via .mcpb package
  • Cursor / VS Code: Via npx, local stdio, or HTTP connection
  • Claude Code: Via claude mcp add CLI
  • Claude.ai: Via cloudflared tunnel

See the installation guides for details.

Skills

Includes five Agent Skills that teach Claude when and how to use each tool: alert triage, attack discovery triage, case management, detection rule management, and sample data generation. Install via npx, local clone, or zip upload.

Requirements

  • Node.js 22+
  • Elasticsearch 8.x or 9.x with Security enabled
  • Kibana 8.x or 9.x (for cases, rules, and attack discovery)
  • An Elasticsearch API key (how to create one)
Assets 10
Loading