How to Use the Elastic Security MCP in VS Code Copilot
Deploy Elastic Security tools across your team in VS Code Copilot. Standardize threat hunting and rule management for every engineer.
Works with every AI agent you already use
…and any MCP-compatible client
Connect Elastic Security MCP to VS Code Copilot
Create your Vinkius account to connect Elastic Security to VS Code Copilot and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.
Team-wide security tools in VS Code Copilot
Commit your mcp.json to the repo so everyone on your team uses the same detection logic. Use `list_detection_rules` to ensure everyone is looking at the same security baseline. This keeps your SOC operations consistent. No more drift between what individual engineers see in their editors.
Manage exceptions via VS Code Copilot
When a build triggers a false positive, fix it globally for the team. Use `add_exception` to update your bypass lists directly from your IDE. It prevents everyone else from getting hit by the same noisy alert. Your team stays focused on actual development instead of incident cleanup.
Review threat status in VS Code Copilot
Check your environment health without leaving your editor. Use `get_prepackaged_rules_status` to verify that everyone's local rules align with official threat models. If something is outdated, you'll know immediately. It ensures your entire team is operating on the latest security intelligence.
Set up Elastic Security MCP in VS Code Copilot
Prerequisites
- VS Code 1.99 or later with GitHub Copilot extension
- Active Vinkius subscription with a valid endpoint token
- 1
Open MCP configuration
Open the Command Palette (
Cmd+Shift+P/Ctrl+Shift+P) and run "MCP: Add Server". Select HTTP (Streamable) as the server type. VS Code will create.vscode/mcp.jsonin your workspace. - 2
Add the Elastic Security MCP
Paste the JSON snippet shown on the right into your
.vscode/mcp.json. Replace[YOUR_TOKEN_HERE]with your endpoint token from cloud.vinkius.com. - 3
Switch to Agent mode
Open Copilot Chat (
Cmd+Shift+I/Ctrl+Shift+I) and switch to Agent mode using the dropdown. MCP tools are only available in Agent mode — they do not appear in Edit or Ask modes. - 4
Verify the connection
In the Copilot Chat input, type
#to list available tools. You should see the Elastic Security tools listed. Try asking: "List my recent Elastic Security transactions" and Copilot will invoke them automatically.
{
"mcpServers": {
"elastic-security-mcp": {
"url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
}
}
}Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Elastic Security. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
Why Choose Vinkius
Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.
Real-time monitoring
Live
visibility into every interaction
Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.
Built-in savings
60%
lower AI costs
Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.
Single dashboard
One
place for every integration
Every tool your AI connects to, managed from a single screen. One account, complete control.
Common questions about Elastic Security MCP in VS Code Copilot
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
Start using the Elastic Security MCP today
We host it, we monitor it, we maintain it. You just paste one token.
