Three options depending on your setup.
Requires Node.js 22+. The server is downloaded and run automatically by Cursor.
Click to install:
After clicking, Cursor opens its MCP settings with
CLUSTERS_JSONpre-filled. Replace the placeholder URLs and API key with your real values. See Creating an API key for how to generate your credentials.Permissions: For production use, create a scoped role instead of using
superuser. See Minimum required permissions for ready-to-paste role definitions.
Or add manually to .cursor/mcp.json:
{
"servers": {
"elastic-security": {
"command": "npx",
"args": [
"-y",
"https://github.com/elastic/example-mcp-app-security/releases/latest/download/elastic-security-mcp-app.tgz",
"--stdio"
],
"env": {
"CLUSTERS_JSON": "[{\"name\":\"primary\",\"elasticsearchUrl\":\"https://your-cluster.es.cloud.example.com\",\"kibanaUrl\":\"https://your-cluster.kb.cloud.example.com\",\"elasticsearchApiKey\":\"your-api-key\"}]"
}
}
}
}Pinning a version: Replace
elastic-security-mcp-app.tgzwithelastic-security-mcp-app-<version>.tgz(e.g.,elastic-security-mcp-app-0.2.0.tgz).Keeping secrets out of
mcp.json: replaceCLUSTERS_JSONwithCLUSTERS_FILEpointing at the absolute path of a JSON file containing the same array. See Cluster configuration.
Requires the project to be built locally. Cursor launches the server process directly.
Add to .cursor/mcp.json:
{
"servers": {
"elastic-security": {
"command": "node",
"args": ["/path/to/example-mcp-app-security/dist/main.js", "--stdio"],
"env": {
"CLUSTERS_JSON": "[{\"name\":\"primary\",\"elasticsearchUrl\":\"https://your-cluster.es.cloud.example.com\",\"kibanaUrl\":\"https://your-cluster.kb.cloud.example.com\",\"elasticsearchApiKey\":\"your-api-key\"}]"
}
}
}
}Requires the server to be running locally at http://localhost:3001/mcp. Cursor connects over HTTP — the server process runs independently.
Click to install:
Or add manually to .cursor/mcp.json:
{
"servers": {
"elastic-security": {
"url": "http://localhost:3001/mcp"
}
}
}npx (Option 1): If your config points to .../releases/latest/download/elastic-security-mcp-app.tgz, you're always running the latest version. Just restart the MCP server in Cursor (or restart Cursor) to pick up a new release. If you pinned a specific version, update the version in the tarball filename.
Build from source (Options 2 & 3):
cd example-mcp-app-security
git pull
npm install
npm run buildRestart the server (or restart Cursor) after updating.
Skills: See Updating skills.
Checking your version: Run the server with --version, or check package.json in your local clone. For npx, the version is printed in the server startup logs.