Three options depending on your setup. All use the claude mcp add CLI command.
Requires Node.js 22+. The server is downloaded and run automatically by Claude Code.
claude mcp add elastic-security \
-e 'CLUSTERS_JSON=[{"name":"primary","elasticsearchUrl":"https://your-cluster.es.cloud.example.com","kibanaUrl":"https://your-cluster.kb.cloud.example.com","elasticsearchApiKey":"your-api-key"}]' \
-- npx -y https://github.com/elastic/example-mcp-app-security/releases/latest/download/elastic-security-mcp-app.tgz --stdioPinning a version: Replace
elastic-security-mcp-app.tgzwithelastic-security-mcp-app-<version>.tgz(e.g.,elastic-security-mcp-app-0.2.0.tgz).Keeping secrets out of shell history: swap
CLUSTERS_JSONforCLUSTERS_FILE=/absolute/path/to/clusters.jsonpointing at a JSON file with the same array. See Creating an API key and Cluster configuration.Permissions: For production use, create a scoped role instead of using
superuser. See Minimum required permissions for ready-to-paste role definitions.
Requires the project to be built locally. Claude Code launches the server process directly.
claude mcp add elastic-security \
-e 'CLUSTERS_JSON=[{"name":"primary","elasticsearchUrl":"https://your-cluster.es.cloud.example.com","kibanaUrl":"https://your-cluster.kb.cloud.example.com","elasticsearchApiKey":"your-api-key"}]' \
-- node /path/to/example-mcp-app-security/dist/main.js --stdioRequires the server to be running locally at http://localhost:3001/mcp. Claude Code connects over HTTP — the server process runs independently.
claude mcp add elastic-security \
--transport http \
--url http://localhost:3001/mcpclaude mcp list # List registered servers
claude mcp remove elastic-security # Remove the serverScope: Add
-s userto register the server globally across all projects, or-s project(the default) to scope it to the current project.