elasticsearch-mcp

[](https://www.npmjs.com/package/@tocharianou/elasticsearch-mcp) [](https://www.npmjs.com/package/@tocharianou/elasticsearch-mcp) [](https://deepwiki.com/TocharianOU/elasticsearch-mcp)

> Enhanced Elasticsearch MCP Server Solution - Security & Threat Analysis Focused

This is a professional security-focused solution maintained by TocharianOU. It enables comprehensive interaction with all Elasticsearch APIs, specifically optimized for security analysis, threat detection, and incident investigation. Features include advanced security monitoring, anomaly detection, threat hunting, root cause analysis, and comprehensive audit capabilities.

Key Security Features:

• Real-time threat detection and security monitoring
• Advanced machine learning for anomaly detection
• Root cause analysis and attack chain tracking
• Security incident investigation and forensics
• Compliance monitoring and audit reporting

---

Note: This solution requires a valid Elasticsearch license (trial, platinum, or enterprise) and is designed for security professionals, SOC teams, and threat analysts.

Connect to your Elasticsearch data directly from any MCP Client (such as Claude Desktop) using the Model Context Protocol (MCP). Interact with your Elasticsearch security data through natural language queries for advanced threat analysis and incident response.

• An Elasticsearch instance
• A valid Elasticsearch license (trial, platinum, enterprise) is required.
• Elasticsearch authentication credentials (API key or username/password)
• MCP Client (e.g. Claude Desktop) or HTTP client for remote access

> ⚠️ This project requires your Elasticsearch cluster to have a valid license. If you do not have a license, you can activate a trial licens