kibana-mcp
6
The Kibana MCP Server is designed to enable AI assistants to interact with Kibana Security features, efficiently managing alerts, rules, and exceptions. Its robust toolset allows for comprehensive alert handling and exception rule management within Kibana environments.
Kibana MCP Server
This project provides a Model Context Protocol (MCP) server implementation that allows AI assistants to interact with Kibana Security functions, including alerts, rules, and exceptions.
Features
- Tag Alert: Tag Kibana security alert signals.
- Adjust Alert Status: Change status of alerts.
- Get Alerts: Retrieve recent alert signals.
- Get Rule Exceptions: Retrieve exceptions related to a detection rule.
- Add Rule Exception Items: Add exceptions to a detection rule.
- Create Exception List: Create new exception lists.
- Associate Shared Exception List: Link shared exception lists with detection rules.
- Find Rules: Locate detection rules with filtering.
Configuration
Requires setting environment variables such as KIBANA_URL. Provides two authentication methods: API Key (recommended) and Username/Password (less secure).
Quickstart: Running the Server
- Set environment variables.
- Navigate to project directory.
- Start server with
uv run kibana-mcp.
Connecting an MCP Client
Configuration details for integrating with MCP clients (Cursor, Claude Desktop) are provided.