AI-powered threat hunting and incident response MCP server for Elasticsearch/OpenSearch
Use this profile to copy client config, check auth requirements, review tools and resources, and compare related MCP servers before adding it to an AI client.
uvx crowdsentinel-mcp-server{
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_CLOUD_ID": "YOUR_VALUE_HERE",
"ELASTICSEARCH_API_KEY": "YOUR_SECRET_VALUE",
"ELASTICSEARCH_USERNAME": "YOUR_VALUE_HERE",
"ELASTICSEARCH_PASSWORD": "YOUR_SECRET_VALUE",
"ELASTICSEARCH_BEARER_TOKEN": "YOUR_SECRET_VALUE",
"VERIFY_CERTS": "false",
"REQUEST_TIMEOUT": "YOUR_VALUE_HERE"
}Add this server entry to the mcpServers object in your Claude Desktop config, then restart the app.
{
"mcpServers": {
"io-github-thomasxm-crowdsentinel-mcp-server": {
"command": "uvx",
"args": [
"crowdsentinel-mcp-server"
],
"env": {
"ELASTICSEARCH_HOSTS": "https://localhost:9200",
"ELASTICSEARCH_CLOUD_ID": "YOUR_VALUE_HERE",
"ELASTICSEARCH_API_KEY": "YOUR_SECRET_VALUE",
"ELASTICSEARCH_USERNAME": "YOUR_VALUE_HERE",
"ELASTICSEARCH_PASSWORD": "YOUR_SECRET_VALUE",
"ELASTICSEARCH_BEARER_TOKEN": "YOUR_SECRET_VALUE",
"VERIFY_CERTS": "false",
"REQUEST_TIMEOUT": "YOUR_VALUE_HERE"
}
}
}
}~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.jsonNo remote HTTP endpoint is advertised. Use the package or stdio setup shown in Install.
crowdsentinel-mcp-server is an MCP server for AI-powered threat hunting and incident response MCP server for Elasticsearch/OpenSearch. It supports STDIO transport.
Use the generated config in Install. This server runs with uvx crowdsentinel-mcp-server; add any required environment variables before starting your client.
Choose the Claude Desktop tab in Install and copy the config for uvx crowdsentinel-mcp-server. Add required environment variables before starting Claude Desktop.
Choose the Claude Code tab in Install and copy the config for uvx crowdsentinel-mcp-server. Add required environment variables before starting Claude Code.
Choose the Codex tab in Install and copy the config for uvx crowdsentinel-mcp-server. Add required environment variables before starting Codex.
Choose the Cursor or VS Code tab in Install and copy the config for uvx crowdsentinel-mcp-server. Add required environment variables before starting Cursor or VS Code.
crowdsentinel-mcp-server uses STDIO transport. Use the package or command config in Install.
crowdsentinel-mcp-server inventory is listed when the MCP endpoint exposes tools, resources, or prompts. Some servers require auth first.
crowdsentinel-mcp-server does not advertise a verified auth requirement. If discovery fails, it may still need provider login, an API key, a bearer token, or a session header.
| Package | Registry | Version | Inputs |
|---|---|---|---|
crowdsentinel-mcp-serverstdio | pypi | 0.5.6 | Env: ELASTICSEARCH_HOSTS Env: ELASTICSEARCH_CLOUD_ID Env: ELASTICSEARCH_API_KEY secret Env: ELASTICSEARCH_USERNAME Env: ELASTICSEARCH_PASSWORD secret Env: ELASTICSEARCH_BEARER_TOKEN secret Env: VERIFY_CERTS Env: REQUEST_TIMEOUT |