How to Use the Elastic Security MCP in Claude

Q: Can I use Elastic Security to stop alerts in Claude Desktop?

Yes. You can use updaterule to disable noisy rules or addexception to whitelist known-good behavior directly from the chat.

Q: How do I check if my rules are updated using Elastic Security and Claude Desktop?

Call getprepackagedrulesstatus. It tells you immediately if your environment is missing the latest threat models.

Q: Is it possible to list all rules with Elastic Security in Claude Desktop?

Absolutely. Use listdetectionrules to get a full dump of your SIEM configuration for quick auditing.

Manage your SIEM directly from Claude Desktop. Audit rules, whitelist hosts, and hunt threats without leaving your chat window.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Elastic Security MCP to Claude Desktop

Create your Vinkius account to connect Elastic Security to Claude Desktop and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Elastic Security with Claude Desktop

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Audit detection rules in Claude Desktop

Stop digging through UI dashboards to find rule logic. Use `list_detection_rules` to pull your entire active set, then run `get_rule` to inspect specific query logic and severity thresholds right inside your conversation. This gives you immediate visibility into what your SIEM is watching. You can compare your current coverage against MITRE tactics using `find_detection_rules` to see exactly where your gaps are.

Triage security alerts

When an alert fires, you need context fast. Call `search_signals` to pull the raw payload, including process trees and user profiles, so you can decide if it's a real threat or just noise. Once you confirm a false positive, call `add_exception` to whitelist the hostname. You'll clear the backlog without the usual manual overhead.

Maintain rules with Claude Desktop

Handle rule lifecycle management without switching tabs. Use `create_rule` to deploy new logic based on fresh threat intel, or use `update_rule` to silence noisy alerts during maintenance windows. If you find outdated logic, run `delete_rule` to clean up your environment. You keep your detection posture sharp and your analyst team focused on real incidents.

Setup guide

Set up Elastic Security MCP in Claude Web or Desktop

1

Open Claude Settings

Go to claude.ai, click your profile icon, then navigate to Customize → Connectors.
2

Add Custom Connector

Click the "+" button and select Add custom connector. Paste your Vinkius endpoint URL: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. For OAuth-protected servers, expand Advanced settings to add credentials.
3

Start a conversation

Open a new chat. The Elastic Security MCP tools are available immediately — no restart needed.

Endpoint URL

https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp

No configuration file needed — paste the URL directly in the Claude web interface.

Available on Free (1 connector), Pro, Max, Team, and Enterprise plans.

Prerequisites

Claude Desktop installed (macOS or Windows)
Active Vinkius subscription with a valid endpoint token

1

Open Claude Desktop Settings

Click the menu icon at the top-left corner, go to Settings → Developer → Edit Config. This opens claude_desktop_config.json in your default text editor.
2

Paste the Elastic Security MCP configuration

Copy the JSON snippet on the right into the mcpServers object. Replace [YOUR_TOKEN_HERE] with your endpoint token from cloud.vinkius.com.
3

Restart Claude Desktop

Close and reopen the application. Claude needs a full restart to load new MCPs — refreshing a conversation is not enough.
4

Verify the connection

Open a new conversation. Click the 🔌 icon at the bottom of the message input. You should see tools listed under elastic-security-mcp.

json

{
  "mcpServers": {
    "elastic-security-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Elastic Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Elastic Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Elastic Security MCP in Claude Desktop

It connects via the MCP standard. You configure your config file, and the tools appear as functions your agent can execute.

Yes. You can use `update_rule` to disable noisy rules or `add_exception` to whitelist known-good behavior directly from the chat.

Your agent only touches the security signals and rule definitions you explicitly request. No raw PII or sensitive logs are stored by the server.

Call `get_prepackaged_rules_status`. It tells you immediately if your environment is missing the latest threat models.

Absolutely. Use `list_detection_rules` to get a full dump of your SIEM configuration for quick auditing.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript

Mastra AI sdk-typescript

Start using the Elastic Security MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started