Kibana MCP Server

MCPOpen SourceMIT37.5

by ggilligan12 • Analytics & Monitoring

An MCP server that lets AI assistants interact with Kibana Security to manage alerts, detection rules, and exception lists.

Example Use Cases

1
Fetch, filter, and review Kibana security alerts programmatically to prioritize triage workflows.
2
Tag alerts and update alert statuses (open/acknowledged/closed) as part of automated incident response.
3
Search detection rules, add exception items, create exception lists, and associate exceptions with rules to manage false positives.

Description

This repository provides a Model Context Protocol (MCP) server for Kibana Security that enables agents to fetch and manage security alerts, search and modify detection rules, and create or associate exception lists. It runs as a Docker container (or locally) and is designed to be added to MCP-enabled clients (e.g., Claude Desktop, Cursor) via environment-configured credentials. The server exposes tools to tag alerts, change alert status, find rules, and manage rule exceptions, streamlining automation of security triage and rule maintenance. It’s intended to simplify and secure automated interactions with Kibana using API keys or username/password authentication.

Quick Actions

View on GitHub

Security

Scanned 3 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D44/100

7/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

Ownerggilligan12

CategoryAnalytics & Monitoring

DependenciesStandalone