Elastic Security MCP connector

Elastic Security is a SIEM and endpoint security solution built on the Elastic Stack for threat detection and response. The Elastic Security MCP connector allows AI agents to create and manage security cases, track case status and tags, and collaborate through case comments. It also supports retrieving case details, finding cases across your environment, and deleting cases when investigations are complete.

Authentication type

API Key - Requires a static API key to be configured before the agent can connect to the service.

Uses

Use the Elastic Security MCP connector to perform the following actions:

Track security incidents from detection to resolution with automated case management
Respond to threats faster by creating and updating cases without manual data entry
Organize security cases with tags and comments for team collaboration and audit trails
Monitor case status across your security team to prioritize investigations and response
Integrate threat detection workflows with external systems to automate incident handoffs
Document security findings by adding comments and building complete incident records
Configure connectors to route alerts and cases to third-party ticketing and communication tools

Example prompts

Use the following example prompts to invoke Elastic Security MCP connector tools from your AI assistant or Boomi Connect workflow:

Create a new security case in Elastic Security for a suspected malware infection.
Show me all open cases in Elastic Security from the past week.
Update the status of case 12345 to resolved in Elastic Security.
How many high-priority cases are currently open in Elastic Security?
Add a comment to the security case documenting the investigation findings.
Find all cases tagged with 'ransomware' in Elastic Security.
Delete duplicate cases from our Elastic Security instance.
List all tags currently assigned to cases in Elastic Security.
Get a count of cases by status to track our incident response progress.
Set up a connector in Elastic Security to send alerts to our Slack channel.

Elastic Security MCP connector tools

The Elastic Security MCP connector provides the following tools. Each tool maps to a specific action you can invoke from your AI agent or automation.

Tool	Description
createCase	Creates a new case with specified details and metadata.
updateCase	Modifies an existing case's information and properties.
deleteCase	Removes one or more cases from the system.
getCase	Retrieves detailed information about a specific case.
findCases	Searches and retrieves cases matching specified criteria.
getCaseStatus	Returns the count of cases grouped by status.
getCaseTags	Retrieves all unique tags associated with cases.
getAllCaseComments	Retrieves all comments attached to a specific case.
addCaseComment	Adds a new comment to an existing case.
updateCaseComment	Modifies the content of an existing case comment.
getCaseComment	Retrieves a specific comment from a case.
removeCaseComment	Deletes a comment from a case.
createConnector	Creates a new connector for integrating external systems.
findConnectors	Searches and retrieves connectors matching specified criteria.