Get the FREE Ultimate OpenClaw Setup Guide →

kibana

MCP Server for Kibana SecOps

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio ggilligan12-kibana-mcp docker run -i --rm --network host -e KIBANA_URL -e KIBANA_API_KEY kibana-mcp \
  --env KIBANA_URL="https://your-kibana.example.com:5601" \
  --env KIBANA_API_KEY="your_base64_api_key"

How to use

This MCP server integrates Kibana Security with the Model Context Protocol to manage alerts, rules, and exception lists via AI assistants. It exposes tools such as get_alerts, tag_alert, adjust_alert_status, find_rules, get_rule_exceptions, add_rule_exception_items, create_exception_list, and associate_shared_exception_list, enabling you to fetch alerts, tag or update statuses, search and manage detection rules, and handle exception lists directly from your MCP client. To use it, configure the Kibana MCP server in your MCP client (Claude Desktop, Cursor, etc.) with the Kibana URL and an API key. The recommended setup runs the server via Docker with network access to Kibana, exporting KIBANA_URL and KIBANA_API_KEY so the MCP client can authenticate and query Kibana.

How to install

Prerequisites:

  • Docker installed on the host where you run the MCP server
  • Access to a Kibana instance (URL and API key)
  • Optional: an existing MCP client configuration to reference the server

Installation steps:

  1. Build the Kibana MCP server image (assuming you have the repository checked out locally):
git clone https://github.com/ggilligan12/kibana-mcp.git
cd kibana-mcp
docker build -t kibana-mcp .
  1. Run the server (provide Kibana URL and API key via environment variables):
export KIBANA_URL="https://your-kibana.example.com:5601"
export KIBANA_API_KEY="your_base64_api_key"
docker run -it --rm --network host \
  -e KIBANA_URL \
  -e KIBANA_API_KEY \
  kibana-mcp
  1. Add the MCP server to your client configuration (example):
{
  "mcpServers": {
    "kibana-mcp": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--network", "host", "-e", "KIBANA_URL", "-e", "KIBANA_API_KEY", "kibana-mcp"]
    }
  }
}
  1. If you prefer using a direct environment-variable setup, you can also embed the values in the config as shown in the README examples.

Additional notes

Notes and tips:

  • The recommended setup uses Docker with environment variables KIBANA_URL and KIBANA_API_KEY. If you use username/password authentication instead, you can replace KIBANA_API_KEY with KIBANA_USERNAME and KIBANA_PASSWORD in the env or config.
  • Ensure your Kibana instance accepts API key authentication and that the API key has sufficient privileges to read alerts, search rules, and manage exceptions.
  • When running in a shared environment, avoid printing credentials in logs. Use secure methods to pass env vars (e.g., secret management or container orchestration secrets).
  • If you encounter connectivity issues, verify that the host network access and Kibana URL are correct, and that the MCP client can reach the container.
  • The server exposes tools for common security operations; consult Kibana and MCP client documentation for advanced usage and parameter details.

Related MCP Servers

web-eval-agent

1.2k

An MCP server that autonomously evaluates web applications.

mcp-neo4j

911

Neo4j Labs Model Context Protocol servers

Gitingest

136

mcp server for gitingest

zotero

132

Model Context Protocol (MCP) server for the Zotero API, in Python

fhir

96

FHIR MCP Server – helping you expose any FHIR Server or API as a MCP Server.

unitree-go2

73

The Unitree Go2 MCP Server is a server built on the MCP that enables users to control the Unitree Go2 robot using natural language commands interpreted by a LLM.

Sponsor this space

Reach thousands of developers