mcp-server-elasticsearch-sl
Verified Safeby TocharianOU
Overview
Provides an AI-enabled interface to Elasticsearch for security analysis, threat detection, and incident investigation.
Installation
npx @tocharian/mcp-server-elasticsearch-slEnvironment Variables
- ES_URL
- ES_API_KEY
- ES_USERNAME
- ES_PASSWORD
- ES_CA_CERT
- NODE_TLS_REJECT_UNAUTHORIZED
- MCP_TRANSPORT
- MCP_HTTP_PORT
- MCP_HTTP_HOST
- MAX_TOKEN_CALL
Security Notes
The `execute_es_api` tool allows direct execution of any Elasticsearch API endpoint, which is powerful and could be misused if the MCP server or its client is compromised. Users are explicitly warned to use dedicated API keys with limited scope. The `NODE_TLS_REJECT_UNAUTHORIZED=0` option for SSL/TLS is clearly marked as unsafe for production and should only be used in development/testing. No `eval` or obvious malicious patterns were found in the provided source code, indicating generally clean implementation of its intended functionality, but the raw power of some tools necessitates careful deployment and credential management.
Similar Servers
mcp-server-elasticsearch
Connects Model Context Protocol (MCP) clients to Elasticsearch instances, enabling natural language queries and interactions with Elasticsearch indices and data.
mcp-server-wazuh
This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).
mcpcat-typescript-sdk
This SDK integrates analytics and telemetry capabilities into existing Model Context Protocol (MCP) servers, capturing user intentions, tool usage, and error patterns.
falcon-mcp
An MCP server providing AI agents programmatic access to CrowdStrike Falcon platform capabilities for intelligent security analysis and automation, integrating threat detection, incident response, and vulnerability management into agentic workflows.