Last updated
March 16, 2026
MCP profile
Elasticsearch
Elasticsearch MCP Server with multi-version support (ES 5.x-9.x) for security analysis and threats.
Data & AnalyticsPackageJavaScript/TypeScriptOpen SourceExternal
Visibility
Public
ByRegistry
About This MCP Server
1. The MCP Client analyzes your request and determines which Elasticsearch operations are needed. 2. The MCP server comunicate with ES. 3. The MCP Client processes the results and presents them in a user-friendly format, including highlights, aggregation summaries, and anomaly insights.
Tools & Endpoints
Example Workflow
• "Analyze brute force attack attempts in the past 24 hours"
• "Detect abnormal login behavior and suspicious IP addresses in the system"
• "Identify potential SQL injection attack patterns and malicious requests"
• "Discover DDoS attack signatures and traffic anomalies in network flows"
• "Trace the complete attack chain and impact scope for specific security incidents"
• "Analyze root causes and propagation paths of system failures"
• "Identify data breach sources and involved sensitive information"
• "Investigate user privilege abuse incidents with timeline and operation records"
• "Create machine learning models to detect zero-day attacks and unknown threats"
• "Establish behavioral baselines and identify activities deviating from normal patterns"
• "Analyze threat levels and attack history of malicious domains and IP addresses"
• "Detect behavioral characteristics and attack patterns of Advanced Persistent Threats (APT)"
What Problems It Solves
- "Analyze brute force attack attempts in the past 24 hours"
- "Detect abnormal login behavior and suspicious IP addresses in the system"
- "Identify potential SQL injection attack patterns and malicious requests"
- "Discover DDoS attack signatures and traffic anomalies in network flows"
- "Trace the complete attack chain and impact scope for specific security incidents"
- "Analyze root causes and propagation paths of system failures"
- "Identify data breach sources and involved sensitive information"
- "Investigate user privilege abuse incidents with timeline and operation records"
- "Create machine learning models to detect zero-day attacks and unknown threats"
- "Establish behavioral baselines and identify activities deviating from normal patterns"
- "Analyze threat levels and attack history of malicious domains and IP addresses"
- "Detect behavioral characteristics and attack patterns of Advanced Persistent Threats (APT)"
Specifications
Status
live
Industry
Data & Analytics
Category
General
Server type
Package
Language
JavaScript/TypeScript
License
Open Source
Verified
Yes
Requirements
- An Elasticsearch instance
- A valid Elasticsearch license (trial, platinum, enterprise) is required.
- Elasticsearch authentication credentials (API key or username/password)
- MCP Client (e.g. Claude Desktop) or HTTP client for remote access
Hosting
Hosting Options
- Package
API
Integrate this server into your application. Choose a connection method below.
1
Install
Install command
JavaScript/TypeScript
npm install -g @tocharianou/elasticsearch-mcpPerformance
Usage
Quick Reference
- Name
- Elasticsearch
- Function
- Elasticsearch MCP Server with multi-version support (ES 5.x-9.x) for security analysis and threats.
- Transport
- Package
- Language
- JavaScript/TypeScript
- Install
- npm install -g @tocharianou/elasticsearch-mcp
- Source
- External (Registry)
- License
- Open Source
Get started
Ready to integrate this MCP server?
Book a demo to see how this server fits your workflow, or explore the full catalog.