Elastic MCP Apps bring security and observability workflows into AI tools

Elastic has announced MCP Apps for Elastic, delivering agent-native UI experiences for security and observability workflows across third-party coding tools and chat clients. The new MCP Apps enable teams to investigate threats, diagnose system behavior, and act on data directly within the AI tools they already use, without switching tools or stitching together separate systems.

Built on the Model Context Protocol (MCP) apps spec, the open standard co-authored by Anthropic and OpenAI, these apps allow AI assistants to return fully interactive user interfaces rendered directly within environments such as Claude, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.

Most AI integrations stop at conversational text. That works for simple queries, but breaks down for workflows that are inherently visual and interactive, including alert triage, investigation graphs, dashboards, and distributed traces. Elastic’s MCP Apps close that gap by supporting security and observability workflows in a live AI-native interface that users can explore, filter, and act on, allowing teams to manage threat detection or system diagnosis without leaving the conversation.

“The MCP App for Elastic Security bridges the gap between automated detection and manual hunting,” said Mandy Andress, CISO of Elastic. “By bringing our security data directly into a single interface within Claude Desktop, we surfaced ‘silent’ threats in under an hour, risks that didn’t trigger standard alerts but required immediate action. It’s a force multiplier for our analysts.”

“Our customers are increasingly working inside AI-native environments,” said Ken Exner, chief product officer at Elastic. “With our MCP Apps, Elastic meets them there by bringing security, observability, and search workflows into the AI tools that they are using so that teams can investigate threats and diagnose systems without switching tools. The answer is no longer a summary, it’s the workflow itself.”

While early MCP App adopters have focused on productivity tools like Amplitude, Asana, Figma, and Slack, the Elastic Security MCP App enables analysts to triage alerts, run ES|QL queries, investigate threats, and manage cases through interactive views rendered directly in the conversation. Workflows such as alert lists, process trees, and investigation graphs remain interactive, allowing analysts to move from question to action without tab switching or hand-offs.

The MCP App for Security provides core tasks for analysts, including:

• Alert triage: severity grouping, AI verdicts, process trees, and one-click case creation
• Attack discovery: correlated attack chains with MITRE ATT&CK mapping, risk scoring, and bulk case creation
• Threat hunting: an ES|QL workbench with auto-executed queries, clickable entities, and an investigation graph

The Elastic Observability MCP App enables teams to explore distributed traces, inspect service dependencies, and diagnose system health through interactive views rendered directly in the conversation, helping engineers move from detection to root cause analysis without switching tools.

The MCP App for Observability provides, end-to-end Kubernetes & APM incident investigation, including:

• Cluster & service health rollup: overall health badges, degraded services with reasons, top pod memory consumers, ML anomaly severity breakdown, and service throughput, all oriented in a single adaptive inline view
• Anomaly detection & dependency mapping: ML-powered anomaly explanations with actual vs. typical values and time-series context, plus interactive service topology graphs with per-edge call volume and latency, and node failure blast radius diagrams showing full-outage versus degraded deployments with rescheduling feasibility
• Live monitoring & alerting: ES|QL-backed observe mode for one-shot metric queries, live threshold watching, and ML anomaly triggers, alongside persistent Kibana alert rule creation and management directly from the conversation

Elastic also provides MCP Apps for search and data exploration. The Search MCP App enables users to explore data and build dashboards through natural language, with results rendered as interactive visualizations that can be edited and exported.

The MCP App for Search, includes:

• Dashboard creation: build dashboards from natural language with panels automatically generated from your data
• Data exploration: query and analyze data using ES|QL with results rendered inline
• Interactive editing: refine, rearrange, and export dashboards directly from the conversation

Elastic MCP Apps for Security, Observability, and Search are available now in public preview, with support across platforms including Claude, Claude Desktop, VS Code, GitHub Copilot, Goose, Postman, and MCPJam.