4,500+ servers built on MCP Fusion
Vinkius
Elastic Security logo
Vinkius
Pydantic AI logo

How to Use the Elastic Security MCP in Pydantic AI

Build type-safe security agents with Pydantic AI to validate and execute Elastic Security rules without runtime failures.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

Elastic Security MCP on Cursor AI Code Editor MCP Client Elastic Security MCP on Claude Desktop App MCP Integration Elastic Security MCP on OpenAI Agents SDK MCP Compatible Elastic Security MCP on Visual Studio Code MCP Extension Client Elastic Security MCP on GitHub Copilot AI Agent MCP Integration Elastic Security MCP on Google Gemini AI MCP Integration Elastic Security MCP on Lovable AI Development MCP Client Elastic Security MCP on Mistral AI Agents MCP Compatible Elastic Security MCP on Amazon AWS Bedrock MCP Support
MCP Servers - Free for Subscribers
Pydantic AI

Connect Elastic Security MCP to Pydantic AI

Create your Vinkius account to connect Elastic Security to Pydantic AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers
Setup Elastic Security with Pydantic AI
ChatGPT ChatGPT Claude Claude Perplexity Perplexity

Type-Safe Alert Ingestion with Pydantic AI

The `search_signals` tool delivers raw threat alerts from your SIEM directly into your type-safe Pydantic AI agent. Because every field in the alert payload is validated at runtime against strict Pydantic schemas, you never have to worry about silent corruption or missing process tree data breaking your pipeline. If the Elastic API schema changes, the agent fails loud and fast, letting you catch integration issues during development instead of during an active incident. This strict validation ensures your security response logic always operates on clean, predictable data.

Validate SIEM Exceptions via the MCP Server

The `add_exception` tool lets your agent write hostname and IP bypass rules to prevent false positives on known-good systems. Pydantic AI validates the inputs to this tool before execution, making sure your agent doesn't write malformed exceptions that could break your rule logic. By using `list_exceptions`, the agent can inspect existing bypass rules and parse them into structured Python models. This lets you enforce strict compliance checks, ensuring that no unauthorized exceptions are added to your production environment.

Query and Audit Detection Rules Safely

The `get_rule` tool pulls specific configuration details, run intervals, and index scopes for any active detection rule in your system. Pydantic AI forces this data into a structured format, allowing your agent to safely evaluate whether the rule's query logic matches current threat intel. If you need to make changes, the agent uses `update_rule` to modify severity levels or disable noisy configurations. Every change is validated against your schema, ensuring your SIEM remains stable and properly configured.

Setup guide

Set up Elastic Security MCP in Pydantic AI

Prerequisites

  • Python 3.10+ installed
  • pydantic-ai-slim[fastmcp] package
  • Active Vinkius subscription with a valid endpoint token
  1. 1

    Install Pydantic AI with FastMCP

    Run pip install "pydantic-ai-slim[fastmcp]". The FastMCP toolset replaces the deprecated MCPServerHTTP class with full protocol support.

  2. 2

    Configure the FastMCPToolset

    Pass a JSON-style config dict to FastMCPToolset with your Vinkius URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. Supports Streamable HTTP, SSE, and Stdio transports.

  3. 3

    Create and run your agent

    Pass the toolset to Agent(toolsets=[toolset]) and call agent.run(). Swap openai:gpt-4o for any supported model — Anthropic, Google, Mistral, or Groq.

agent.py 
from pydantic_ai import Agent
from pydantic_ai.toolsets.fastmcp import FastMCPToolset

toolset = FastMCPToolset({
    "mcpServers": {
        "elastic-security-mcp": {
            "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
        }
    }
})

agent = Agent(
    "openai:gpt-4o",
    toolsets=[toolset],
    system_prompt="You have access to Elastic Security tools.",
)

result = await agent.run("List recent Elastic Security transactions")
print(result.output)
Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Elastic Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Elastic Security now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Elastic Security MCP in Pydantic AI

You set up the connection by passing the Vinkius MCP Server URL to the `MCPToolset` constructor. Pydantic AI automatically discovers the tools, including `list_detection_rules`, and validates their schemas at runtime.
Yes, when your agent calls `create_rule`, Pydantic AI checks the input parameters against the expected schema. This prevents malformed queries or incorrect severity scores from being sent to your SIEM.
If `search_signals` returns data that doesn't match the expected type annotations over the MCP connection, Pydantic AI raises a validation error immediately. This prevents your agent from acting on corrupt or incomplete alert telemetry.
Yes, you can use `get_prepackaged_rules_status` to see if your Elastic prebuilt rules are up to date. The agent parses the status response into a structured model to decide if updates are necessary.
Your Elastic credentials are never exposed to the LLM or stored in your code; Vinkius handles authentication in a secure sandbox. The telemetry data returned by `search_signals` is processed strictly in-memory during validation and is never cached or stored.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

Claude Desktop ide
Cursor ide
VS Code Copilot ide
Windsurf ide
Cline ide
Claude Code cli
OpenAI Agents SDK sdk-python
Google ADK sdk-python
Pydantic AI sdk-python
Vercel AI SDK sdk-typescript
Mastra AI sdk-typescript
Mastra AI
CrewAI framework
LangChain framework
LlamaIndex framework
LlamaIndex
AutoGen framework
AutoGen

Start using the Elastic Security MCP today

We host it, we monitor it, we maintain it. You just paste one token.

Get started
Built & Managed by Vinkius 30s setup 10 tools

We've already built the connector for Elastic Security. Just plug in your AI agents and start using Vinkius.

No hosting. No infrastructure. No complex setup.
All 10 tools are live and waiting. You're up and running in seconds.

Claude Claude
ChatGPT ChatGPT
Cursor Cursor
Gemini Gemini
Windsurf Windsurf
VS Code VS Code
JetBrains JetBrains
Vercel Vercel
+ other MCP clients

Vinkius gives your AI agents access to the full catalog of app connectors, all fully managed, secure, and enterprise-ready. One subscription, every tool you need.

Zero hosting required Full MCP catalog included Enterprise-grade security Auto-updated by Vinkius

Built, hosted, and secured by Vinkius. You just connect and go.