Kibana MCP Server
by ggilligan12
This project provides a Model Context Protocol (MCP) server implementation that allows AI assistants to interact with Kibana Security alerts. It exposes tools to tag alerts, adjust their status, and fetch recent alerts.
Last updated: N/A
What is Kibana MCP Server?
The Kibana MCP Server is an implementation of the Model Context Protocol (MCP) that enables AI assistants to interact with Kibana Security alerts. It acts as a bridge, exposing Kibana alert functionalities to MCP clients.
How to use Kibana MCP Server?
To use the server, you need to configure it with your Kibana instance URL and authentication credentials (API key or username/password) via environment variables. Then, run the server. Finally, configure your MCP client (like Cursor or Claude Desktop) to connect to the server, providing the server's execution path and the necessary environment variables within the client's configuration file.
Key features of Kibana MCP Server
Tag alerts with custom tags
Adjust the status of alerts (open, acknowledged, closed)
Fetch recent alerts, optionally filtering by text and limiting the number of results
Supports API Key and Username/Password authentication
Provides a local development and testing environment using Docker Compose
Use cases of Kibana MCP Server
Automated alert triage by AI assistants
Enriching alerts with context from AI models
Streamlining security workflows by allowing AI to manage alert status
Integrating Kibana security alerts with other AI-powered security tools
FAQ from Kibana MCP Server
What is MCP?
What is MCP?
MCP stands for Model Context Protocol. It's a protocol that allows AI models to interact with external tools and services.
How do I choose between API Key and Username/Password authentication?
How do I choose between API Key and Username/Password authentication?
API Key authentication is the recommended and more secure method. Username/Password authentication should only be used if API Key authentication is not possible.
What permissions does the API Key need?
What permissions does the API Key need?
The API Key needs permissions to read and update security alerts/signals. It should have appropriate privileges for the Security Solution feature in Kibana.
How do I configure my MCP client to use this server?
How do I configure my MCP client to use this server?
You need to configure your MCP client's configuration file (e.g., ~/.cursor/mcp.json for Cursor) to point to the server's execution path and provide the necessary environment variables (KIBANA_URL and authentication credentials).
How do I run the local development environment?
How do I run the local development environment?
You need to have Docker and Docker Compose installed. Then, run the ./testing/quickstart-test-env.sh script from the project root directory.