VOOZH about

URL: https://glama.ai/mcp/servers/integrations/elastic

⇱ Elastic | Glama

  • Why this server?

    Converts Sigma rules to Elasticsearch Lucene queries for detection in Elasticsearch.

    A
    license
    A
    quality
    A
    maintenance
    Sigma detection rule writing, validation, and pySigma-based multi-backend conversion (Splunk, Elastic, Wazuh, Kibana) via 3 MCP tools and 3 Claude Code skills, backed by a 61-rule production corpus across 11 MITRE ATT\&CK tactic categories.
    Last updated
    3
    MIT

  • Why this server?

    Connects to Elastic products, specifically Elasticsearch, enabling natural language interaction with indices, mappings, and search capabilities.

    A
    license
    B
    quality
    D
    maintenance
    Connects to Elasticsearch databases using the Model Context Protocol, allowing users to query and interact with their Elasticsearch indices through natural language conversations.
    Last updated
    4
    3
    Apache 2.0

  • Why this server?

    Facilitates interaction with Elastic's search and analytics engine, providing capabilities for document indexing, search, index management, and cluster health monitoring.

    A
    license
    B
    quality
    C
    maintenance
    An MCP server that enables interaction with Elasticsearch and OpenSearch clusters for searching documents and managing indices. It provides tools for cluster health monitoring, index configuration, and general API requests.
    Last updated
    16
    Apache 2.0

  • Why this server?

    Provides detection lookup files for enrichment in Elasticsearch, enabling efficient threat detection queries using ES|QL ENRICH.

    A
    license
    A
    quality
    A
    maintenance
    Machine-readable detection lookups for SIEM enrichment and AI agents. Query 800+ LOLBAS and GTFOBins binaries plus process parent-child baselines — get risk levels, abuse categories, and MITRE ATT\&CK mappings without embedding data in prompts.
    Last updated
    6
    Apache 2.0

  • Why this server?

    Provides a comprehensive set of tools for security management, search operations, index management, and cluster monitoring within an Elasticsearch instance, allowing for management of users, roles, API keys, and execution of complex queries.

    F
    license
    B
    quality
    -
    maintenance
    Provides comprehensive tools for managing Elasticsearch clusters, including security management, search operations, and index administration. It enables users to monitor cluster health, handle InfoSec tasks, and execute complex queries using Elasticsearch Query DSL and ES|QL.
    Last updated
    37

  • Why this server?

    Provides tools for querying, summarizing, and tracing logs stored in Elasticsearch, enabling AI assistants to analyze observability data directly.

    A
    license
    -
    quality
    A
    maintenance
    An MCP server that connects Claude (or any MCP compatible client) to your existing log infrastructure. Query, summarize, and trace logs in plain English across GCP Cloud Logging, AWS CloudWatch, Azure Log Analytics, Grafana Loki, and Elasticsearch without writing filter expressions or leaving your editor.
    Last updated
    14
    2
    MIT

  • Why this server?

    Provides tools to manage and query a knowledge base within Elastic, including document ingestion, text chunking, and semantic search retrieval.

    F
    license
    A
    quality
    D
    maintenance
    An MCP server that indexes PDF documentation and text into Elasticsearch for semantic search and retrieval. It enables users to query knowledge bases, ingest new files, and dynamically update content through MCP-compatible clients like Claude Desktop and Cursor.
    Last updated
    4
    1

  • Why this server?

    Supports rendering diagrams for Elastic Cloud infrastructure.

    A
    license
    -
    quality
    C
    maintenance
    Enables generating cloud architecture diagrams, flowcharts, sequence diagrams, and more using three rendering engines: mingrammer/diagrams, Mermaid, and PlantUML.
    Last updated
    2
    MIT

  • Why this server?

    Enables searching security events, pivoting on indicators, and performing endpoint response actions like isolation and forensic collection.

    A
    license
    -
    quality
    D
    maintenance
    An AI-powered security operations platform that integrates with SIEM, EDR, and case management systems via MCP to automate incident response and investigation workflows. It provides specialized tools for alert triage, threat intelligence enrichment, and endpoint remediation across vendor-neutral APIs.
    Last updated
    36
    MIT