4,500+ servers built on MCP Fusion
Vinkius
Elastic Security logo
Vinkius
Google ADK logo

How to Use the Elastic Security MCP in Google ADK

Analyze millions of security signals using Google ADK and Gemini to automate your Elastic Security threat hunting.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Elastic Security MCP on Cursor AI Code Editor MCP Client Elastic Security MCP on Claude Desktop App MCP Integration Elastic Security MCP on OpenAI Agents SDK MCP Compatible Elastic Security MCP on Visual Studio Code MCP Extension Client Elastic Security MCP on GitHub Copilot AI Agent MCP Integration Elastic Security MCP on Google Gemini AI MCP Integration Elastic Security MCP on Lovable AI Development MCP Client Elastic Security MCP on Mistral AI Agents MCP Compatible Elastic Security MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Google ADK

Connect Elastic Security MCP to Google ADK

Create your Vinkius account to connect Elastic Security to Google ADK and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Elastic Security with Google ADK
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Correlate SIEM Alerts with BigQuery via Google ADK

The `search_signals` tool fetches raw security alerts directly into your Google ADK runtime for immediate analysis. Gemini's million-token context window lets you feed weeks of alert history, process trees, and user profiles into a single prompt to spot slow-burning, multi-stage attacks. Because the ADK integrates natively with Google Cloud, your agent can cross-reference these security signals with historical logs stored in BigQuery. This allows you to build a threat hunting pipeline that connects external network telemetry with your internal Elastic SIEM data.

Audit Your Security Posture with this MCP Server

The `list_detection_rules` tool pulls your entire SIEM configuration into your Google ADK agent to audit your MITRE ATT&CK coverage. The agent reads the index scopes and query logic to find gaps in your Windows, Linux, and Cloud telemetry setups. By combining this list with `get_prepackaged_rules_status`, the agent determines if you need to pull down the latest threat models from Elastic. This automated audit runs entirely within the Vinkius secure runtime, protecting your infrastructure details from exposure.

Manage Exceptions and Stop Alert Fatigue

The `list_exceptions` tool retrieves the global bypass lists that prevent your detection rules from triggering on authorized administrative behavior. Your Gemini-powered agent can review these exceptions to ensure no legacy entries are leaving backdoors open in your network. If a legitimate tool starts triggering false positives, the agent uses `add_exception` to quickly whitelist the hostname. This immediate feedback loop stops alert fatigue in its tracks, keeping your SOC focused on actual incidents.

Setup guide

Set up Elastic Security MCP in Google ADK

Prerequisites

  • Python 3.10+ installed
  • google-adk package (pip install google-adk)
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install Google ADK

    Run pip install google-adk to install the Agent Development Kit. MCP support is included via the McpToolset class.

  2. 2

    Connect via SSE transport

    Use McpToolset.from_server() with SseServerParams pointing to your Vinkius endpoint. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com.

  3. 3

    Create an LlmAgent

    Pass the returned mcp_tools list directly to LlmAgent(tools=mcp_tools). The ADK maps each MCP tool to a native Gemini function call — no manual schema definitions required.

  4. 4

    Run with any Gemini model

    The agent works with any Gemini model (gemini-2.0-flash, gemini-2.5-pro, etc.). Copy the full example on the right to get started with Elastic Security tools in your ADK agent.

agent.py 
from google.adk.agents import LlmAgent
from google.adk.tools.mcp_tool.mcp_toolset import McpToolset
from google.adk.tools.mcp_tool.mcp_session_manager import SseServerParams

# Connect to the MCP via SSE
mcp_tools, exit_stack = await McpToolset.from_server(
    connection_params=SseServerParams(
        url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    )
)

# Create your agent with auto-discovered tools
agent = LlmAgent(
    name="Elastic Security_agent",
    model="gemini-2.0-flash",
    instruction="You have access to Elastic Security tools via MCP.",
    tools=mcp_tools,
)
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Elastic Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Elastic Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Elastic Security MCP in Google ADK

You initialize the connection using the `McpToolset` class in your Python code, pointed to the Vinkius MCP Server HTTP endpoint. This exposes all Elastic Security tools to your Gemini models with zero manual schema definition.
Yes, your agent can use `update_rule` to turn off rules that are generating excessive false alerts. You can also restrict the agent's access by using a tool name filter in the ADK setup.
The ADK uses Gemini's long-context window to process massive outputs from `search_signals`. This lets the model analyze complex process trees and user profiles across thousands of alerts simultaneously.
Your agent can call `delete_rule` over the MCP connection to remove custom rules, but it cannot delete global Elastic prepackaged rules. This safety boundary prevents accidental deletion of core security logic.
Data transmission is protected by TLS encryption, and Vinkius runs the server in an ephemeral sandbox. Only the specific fields from your alert payloads and rule definitions are processed by the Gemini model during tool execution.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Elastic Security MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for Elastic Security. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.