Elastic has introduced the Security MCP (Model Context Protocol) App, designed to bridge the gap between AI-driven analysis and the traditional SOC workflow. Instead of analysts switching between triage dashboards, threat hunting tools, and case management files, this extension allows interactive UIs to be rendered directly within environments like Claude Desktop, VS Code, and Cursor. By bringing Kibana-like capabilities into the AI conversation, analysts can perform high-level security operations without losing the context of their investigation.
The app features six specialized interactive dashboards: Alert Triage, Attack Discovery, Case Management, Detection Rules, Threat Hunt, and Sample Data generation. These tools return both a compact text summary for the LLM to reason over and a React-based interface for the analyst to act upon. Built on the open MCP standard, the tool connects directly to the user's Elasticsearch cluster, ensuring that all findings, cases, and queries are preserved within the existing security infrastructure while maintaining strict role-based access controls.
Top comments (0)