Integrate Elastic Security with Claude, Cursor, Chatbots & AI Agents MCP Server

Manage SIEM and SOC operations via Elastic Security — monitor detection rules, search security alerts (Signals), handle whitelisting, and audit threat coverage directly from any AI agent.

GDPR Free for Subscribers

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

add

Add exception on Elastic Security

name value to the target exception container, implicitly ignoring telemetry matched on this field for any rule bound to the list. Use explicitly to resolve false positives. Whitelist a hostname inside an existing Exception List

create

Create rule on Elastic Security

Defines immediate risk scores multiplying against asset valuations, generating Elastic Signals tracking MITRE TTPs upon match. Create a new Log Detection Rule tracking malicious Elastic telemetry

delete

Delete rule on Elastic Security

Cannot be applied to Elastic Pre-built rules which are managed globally via package updates. Irreversible. Hard-delete a custom Elastic detection rule completely

find

Find detection rules on Elastic Security

Expedites SOC auditing when evaluating coverage for newly reported CVEs or specific localized threats. Search for specific Elastic rules by name, tag or MITRE tactic

get

Get prepackaged rules status on Elastic Security

Identifies if the environment is lacking the latest official threat models targeting Windows, Linux, and Cloud environments. Check if official Elastic prepackaged rules need updates

get

Get rule on Elastic Security

Displays run intervals, severity assignment, index scopes, and explicit reference URLs matching threat intel reports. Get exact details, intervals, and query logic for a distinct Rule

list

List detection rules on Elastic Security

g., logs-endpoint*, winlogbeat*). Vital for mapping MITRE ATT&CK coverage against the Elastic schema. List all detection rules configured within the Elastic SIEM

list

List exceptions on Elastic Security

These lists logically bypass specific rules, preventing SIEM alerts from triggering on known-good administrative behavior like vulnerability scanners. List global exception lists managing detection bypass logic

Search signals on Elastic Security

Signals consolidate the triggering payload structure, enriching it with Hostname, User profiles, IP geolocations, and process trees. Search raw generated Elastic Security alerts (Signals)

update

Update rule on Elastic Security

Used explicitly to disable noisy rules triggering false positives across large organizational units, or to re-enable them post-tuning. Enable or Disable an existing Elastic Detection Rule

Security & Code Integrity Audit

Every tool in the Elastic Security MCP Server is continuously audited by the Vinkius Security Engine. We guarantee zero-trust payload isolation, strict data boundaries, and deterministic execution for enterprise-grade AI agents.

A+Score: 100

How Vinkius protects your data

Is there a risk of the AI "going crazy" and deleting important company data?

No. With Vinkius, the AI operates on "rails". It can only make the exact moves you authorized in the tool's settings. It cannot invent routes, access other networks in your company, or decide to delete random files. If the action isn't in the approved catalog, the attempt is blocked instantly.

How do I whitelist a hostname to resolve a false positive via chat?

Use the 'add_exception' mutation. Provide the Exception List ID and the hostname string. The agent will update the container, implicitly ignoring telemetry matched on this host for any bound rule.

What happens if the underlying API rate limits my agent?

Our edge infrastructure automatically handles backoffs, queueing, and throttling. If an AI agent sends too many erratic requests, Vinkius manages the rate limits gracefully, ensuring your backend doesn't crash.

What if the AI ends up reading customer data or confidential information?

We have a built-in digital "bodyguard" called DLP (Data Loss Prevention). If a tool fetches data and the response contains social security numbers, credit cards, or personal customer info, Vinkius magically blocks and erases that information before it is delivered to the AI. The AI works only with what is strictly necessary, and your sensitive data never leaks.

How Chatbots Interact with Elastic Security

Integrate Elastic Security to provide your custom AI agents with direct read and write access to the capabilities listed below.

Autonomous siem via AI

The Elastic Security MCP manages API routing for siem. This enables AI agents like Claude Code to execute structured fort knox queries.

Cursor Copilot for threat detection

Integrate the Elastic Security server to handle threat detection requests natively. It provides the schemas required for ChatGPT and Cursor to manage fort knox data.