kibana-mcp

Name: kibana-mcp
Availability: InStock
Author: George Gilligan

Kibana MCPは、AIアシスタントを通じてKibana Securityのアラート、ルール、および例外を管理するためのサーバーです。Dockerを使用して簡単にセットアップでき、環境変数を介して認証情報を設定することができます。これにより、セキュリティ管理が効率化され、迅速な対応が可能になります。

GitHub

GitHubスター

ユーザー評価

未評価

フォーク

イシュー

閲覧数

お気に入り

README

Kibana MCP Server

Model Context Protocol (MCP) server for Kibana Security - manage alerts, rules, and exceptions via AI assistants.

Quick Start

1. Clone and Build

git clone https://github.com/ggilligan12/kibana-mcp.git
cd kibana-mcp
docker build -t kibana-mcp .

2. Configure MCP Client

Add to your MCP client config (Claude Desktop, Cursor, etc.):

Option A: Using Environment Variables (Recommended)

First, set your credentials:

export KIBANA_URL="https://your-kibana.example.com:5601"

# Option 1: API Key (recommended)
export KIBANA_API_KEY="your_base64_api_key"

# Option 2: Username/Password
# export KIBANA_USERNAME="your_username"
# export KIBANA_PASSWORD="your_password"

Then add to your MCP config:

{
  "mcpServers": {
    "kibana-mcp": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--network", "host", "-e", "KIBANA_URL", "-e", "KIBANA_API_KEY", "kibana-mcp"]
    }
  }
}

For username/password, use:

{
  "mcpServers": {
    "kibana-mcp": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "--network", "host", "-e", "KIBANA_URL", "-e", "KIBANA_USERNAME", "-e", "KIBANA_PASSWORD", "kibana-mcp"]
    }
  }
}

Option B: Direct Credentials (Easier for Claude Desktop)

Using API Key:

{
  "mcpServers": {
    "kibana-mcp": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm", "--network", "host",
        "-e", "KIBANA_URL=https://your-kibana.example.com:5601",
        "-e", "KIBANA_API_KEY=your_base64_api_key",
        "kibana-mcp"
      ]
    }
  }
}

Using Username/Password:

{
  "mcpServers": {
    "kibana-mcp": {
      "command": "docker",
      "args": [
        "run", "-i", "--rm", "--network", "host",
        "-e", "KIBANA_URL=https://your-kibana.example.com:5601",
        "-e", "KIBANA_USERNAME=your_username",
        "-e", "KIBANA_PASSWORD=your_password",
        "kibana-mcp"
      ]
    }
  }
}

Note: Option B is less secure but more convenient for tools like Claude Desktop where environment variables are harder to manage.

Available Tools

get_alerts - Fetch security alerts
tag_alert - Add tags to alerts
adjust_alert_status - Change alert status (open/acknowledged/closed)
find_rules - Search detection rules
get_rule_exceptions - Get rule exception items
add_rule_exception_items - Add exceptions to rules
create_exception_list - Create new exception lists
associate_shared_exception_list - Link exception lists to rules

Local Development

# Install dependencies
uv sync

# Set environment variables (see above)

# Run locally
uv run kibana-mcp

Test Environment

# Start local Kibana/Elasticsearch with test data
pip install -r testing/requirements-dev.txt
./testing/quickstart-test-env.sh

# Access at http://localhost:5601 (elastic/elastic)

作者情報

George Gilligan

Security Engineer, Ballroom Dancer, Chess Player and lover of all things caffeinated.

@thought-machine

GitHub

フォロワー

リポジトリ

Gist

貢献数

トップ貢献者

ggilligan12

タグ

Kibana MCP AI セキュリティアラート管理自動化 Docker ワークフロールール管理例外処理

スレッド