example-mcp-app-security
Health Uyari
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Uyari
- process.env — Environment variable access in .github/workflows/update-cursor-button.yml
- fs module — File system access in .github/workflows/update-cursor-button.yml
- process.env — Environment variable access in main.ts
- fs module — File system access in package.json
Permissions Gecti
- Permissions — No dangerous permissions requested
This tool is a reference Model Context Protocol (MCP) server that integrates with Elastic Security. It provides interactive dashboards for security operations centers (SOCs), allowing users to triage alerts, manage cases, and hunt threats directly within AI hosts like Claude or VS Code.
Security Assessment
Risk Rating: Medium. The application inherently deals with highly sensitive security data and requires an Elasticsearch API key to function. While it does not request dangerous local permissions or execute shell commands, the codebase accesses environment variables and the file system. These accesses are standard for reading configurations and packaging the application, and no hardcoded secrets were detected. However, because it handles API keys and fetches potentially confidential security telemetry, you must ensure your environment variables and Elastic credentials are managed securely.
Quality Assessment
The project is actively maintained, with repository pushes occurring as recently as today. It was developed by Elastic, a well-established company in the observability and security space, which adds a layer of organizational trust. However, community visibility is currently very low, with only 5 GitHub stars. The project's license is marked as "NOASSERTION," meaning it lacks a clearly defined open-source license in its metadata. This requires caution if you plan to use or modify it for commercial purposes.
Verdict
Use with caution — it is an active, official tool from a reputable vendor, but you must securely manage your Elastic API keys and acknowledge its early-stage, low-community adoption.
Reference MCP App for Elastic Security — interactive SOC dashboards inside Claude, Cursor, and other MCP hosts.
Elastic Security MCP App
An MCP App that brings interactive blue-team security operations directly into Claude, VS Code, and other MCP-compatible AI hosts. Built on the Model Context Protocol with interactive UI extensions that render inline in the conversation.
What are MCP Apps? MCP Apps extend the Model Context Protocol to let tool servers return interactive HTML interfaces — dashboards, forms, visualizations — that render inside the AI conversation. The LLM calls a tool, and instead of just returning text, an interactive UI appears alongside the response.
What This Does
This project provides six interactive security operations tools, each with a rich React-based UI that renders inline when Claude (or another MCP host) calls the tool:
| Tool | What It Does |
|---|---|
| Alert Triage | Fetch, filter, and triage security alerts with AI verdict cards, process tree, and network investigation |
| Attack Discovery | AI-powered correlated attack chain analysis with confidence scoring, entity risk, and MITRE mapping |
| Case Management | Create, search, and manage SOC investigation cases with AI-assisted actions |
| Detection Rules | Browse, tune, and manage detection rules with KQL search and noisy rules analysis |
| Threat Hunt | ES|QL workbench with clickable entities and a D3 investigation graph |
| Sample Data | Generate ECS security events for demos across 4 attack chain scenarios |
See docs/features.md for a full breakdown of each tool's capabilities.
Quick Start
[!TIP]
Just want to try it? Downloadexample-mcp-app-security.mcpband double-click it. No Node.js, no cloning, no config files.Claude Desktop handles the rest — you'll be prompted for your Elasticsearch URL, Kibana URL, and Elasticsearch API key during install. See Creating an API key if you need to generate one first.
For other hosts (Cursor, VS Code, Claude Code) or building from source, see Installation below.
How It Works
When a user asks Claude to triage alerts or run a threat hunt, Claude calls a model-facing tool on this server. The tool returns a compact text summary to Claude and an interactive React UI that renders inline in the conversation. The UI then calls app-only tools directly for all subsequent interactions — keeping the LLM context small while the UI has full data access.
See docs/architecture.md for details on how views are built, how the UI communicates with the server, and key design decisions.
Skills
The skills/ directory contains Claude Skills — SKILL.md files that teach Claude when and how to use the tools. See docs/setup-skills.md for installation instructions.
Installation
| Guide | Description |
|---|---|
| Add to Claude Desktop | Install the MCP app via one-click .mcpb or manual config |
| Add to Cursor | Connect the MCP app via npx or a locally running server |
| Add to VS Code | Connect the MCP app via npx or a locally running server |
| Add to Claude Code | Register the MCP app via the claude mcp add CLI |
| Add to Claude.ai | Expose the MCP app via a cloudflared tunnel |
| Build and run locally | Build the MCP server from source and run it on your machine |
| Install skills | Install skills via npx, local clone, or zip upload |
Development
npm run dev # Watch mode
npm run typecheck # Type-check only
npm run build:views # Build views only
npm run build:server # Build server only
Inspired By
- Elastic Agent Skills — SOC triage methodology and tool patterns
- MCP Apps Specification — Interactive UI extensions for MCP
License
Elastic-2.0
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi