How to Use the Elastic Security MCP in CrewAI

Q: Can a CrewAI team monitor Elastic Security for me?

Absolutely, you can deploy a crew with the searchsignals tool to watch for security alerts 24/7. They can filter and escalate incidents based on the logic you provide.

Q: How do I perform rule auditing with Elastic Security in CrewAI?

Use the finddetectionrules and getrule tools. Your agents can query these to audit specific threat tactics or review the exact logic of your active detection rules.

Q: Does CrewAI support managing exceptions in Elastic Security?

Yes, your agents can use listexceptions to review current bypass logic and addexception to update it. This allows your team to manage false positives autonomously.

Q: How can I see all my detection rules in CrewAI?

Call listdetectionrules to retrieve a full list of your configured rules. This provides the context your agents need to make informed decisions about your detection strategy.

Deploy a specialized crew of autonomous agents to manage Elastic Security and scale your threat detection operations.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Elastic Security MCP to CrewAI

Create your Vinkius account to connect Elastic Security to CrewAI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Elastic Security with CrewAI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Multi-Agent Threat Hunting

Assign a dedicated agent to monitor your SIEM with `search_signals`. While one agent watches for threats, another can use `list_detection_rules` to ensure your coverage is up to date. This role-based approach lets you handle massive alert volumes without missing critical events. Your agents collaborate to identify and act on threats faster than a single user ever could.

Autonomous Rule Maintenance

Have your agents use `get_prepackaged_rules_status` to stay ahead of new vulnerabilities. If a rule set is outdated, the agent can flag it for your review or initiate an update. This keeps your security baseline current without daily manual checks. It ensures your infrastructure is always defended against the latest known TTPs.

Scalable Exception Logic

Delegate the management of your exception lists to a specialized agent using `list_exceptions` and `add_exception`. It can verify if an alert matches a known-good pattern before deciding to whitelist it. This reduces the noise in your SOC and keeps your team productive. The agent acts as the first line of defense against false positive fatigue.

Setup guide

Set up Elastic Security MCP in CrewAI

Prerequisites

Python 3.10+ installed
crewai package (pip install crewai)
Active Vinkius subscription with a valid endpoint token

1

Install CrewAI
Run pip install crewai to install the framework. MCP support is built-in via the mcps parameter.
2

Add the MCP URL to your agent
Pass your Vinkius endpoint directly to the mcps list. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. CrewAI handles tool discovery and caching automatically.
3

Kick off your crew
Create a Crew with your agent and tasks. Call crew.kickoff() — the agent will automatically invoke Elastic Security tools as needed.

crew.py

from crewai import Agent, Task, Crew

agent = Agent(
    role="Elastic Security Analyst",
    goal="Access and analyze Elastic Security data via MCP.",
    backstory="Expert analyst with direct Elastic Security access.",
    mcps=[
        "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    ],
)

task = Task(
    description="List recent Elastic Security transactions",
    agent=agent,
    expected_output="A summary of recent activity",
)

crew = Crew(agents=[agent], tasks=[task])
result = crew.kickoff()
print(result)

Get your connection token →

Prerequisites

Python 3.10+ installed
crewai + crewai-tools packages
Active Vinkius subscription with a valid endpoint token

1

Install dependencies
Run pip install crewai crewai-tools. The MCPServerAdapter handles lifecycle management and tool conversion.
2

Connect with MCPServerAdapter
Use MCPServerAdapter as a context manager with SseServerParameters pointing to your Vinkius endpoint. The adapter automatically manages connection lifecycle.
3

Assign tools and run
Pass the returned mcp_tools to your agent's tools parameter. The adapter converts MCP tools to native BaseTool objects compatible with all CrewAI agents.

crew.py

from crewai import Agent, Task, Crew
from crewai_tools import MCPServerAdapter
from mcp import SseServerParameters

server_params = SseServerParameters(
    url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
)

with MCPServerAdapter(server_params) as mcp_tools:
    agent = Agent(
        role="Elastic Security Analyst",
        goal="Access and analyze Elastic Security data via MCP.",
        backstory="Expert analyst with direct Elastic Security access.",
        tools=mcp_tools,
    )

    task = Task(
        description="List recent Elastic Security transactions",
        agent=agent,
        expected_output="A summary of recent activity",
    )

    crew = Crew(agents=[agent], tasks=[task])
    result = crew.kickoff()
    print(result)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Elastic Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Elastic Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Elastic Security MCP in CrewAI

Absolutely, you can deploy a crew with the `search_signals` tool to watch for security alerts 24/7. They can filter and escalate incidents based on the logic you provide.

Use the `find_detection_rules` and `get_rule` tools. Your agents can query these to audit specific threat tactics or review the exact logic of your active detection rules.

Yes, your agents can use `list_exceptions` to review current bypass logic and `add_exception` to update it. This allows your team to manage false positives autonomously.

Call `list_detection_rules` to retrieve a full list of your configured rules. This provides the context your agents need to make informed decisions about your detection strategy.

The agents only interact with your SIEM signal telemetry and rule definitions. They process these logs to find threats, but no raw data is stored or moved outside your authorized access scope.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript