Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

Elastic Cloud MCP Server
for AI Agents

Production-ready Elastic Cloud MCP server with 50 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
Elastic Cloud logo
Elastic Cloud MCP Server
Built by StackOne StackOne

Coverage

50 Agent Actions

Create, read, update, and delete across Elastic Cloud — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Elastic Cloud MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Elastic Cloud tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Elastic Cloud call.

Tools Discovery →

What is the Elastic Cloud MCP Server?

A Elastic Cloud MCP server lets AI agents read and write Elastic Cloud data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Elastic Cloud MCP server ships with 50 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Elastic Cloud MCP Tools and Actions

Every action from Elastic Cloud's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Accounts

  • Get Account

    Get the current account information.

  • Update Account

    Update the current account trust settings.

Deployments

  • Create Deployment

    Create a new Elastic Cloud deployment.

  • List Deployments

    Get a list of all deployments in the Elastic Cloud organization.

  • Get Deployment

    Get detailed information about a specific deployment.

  • Search Deployments

    Search for deployments using Elasticsearch-style queries.

  • Update Deployment

    Update an existing Elastic Cloud deployment.

The Tags For A Deployments

  • Get The Tags For A Deployment

    Get the tags associated with a deployment.

  • Set The Tags For A Deployment

    Set tags on a deployment (replaces all existing tags).

Extensions

  • Create Extension

    Create a new custom extension (plugin or bundle).

  • List Extensions

    Get a list of all custom extensions (plugins and bundles).

  • Get Extension

    Get details of a specific extension.

  • Update Extension

    Update an extension's metadata.

  • Delete Extension

    Delete a custom extension.

Elasticsearch Keystores

  • Get Elasticsearch Keystore

    Get the keystore items for an Elasticsearch resource.

  • Update Elasticsearch Keystore

    Add or remove items from the Elasticsearch keystore.

Organizations

  • List Organizations

    Get a list of all organizations the current user belongs to.

  • Get Organization

    Get details of a specific organization.

Organization Members

  • List Organization Members

    Get a list of all members in an organization.

  • Remove Organization Members

    Remove one or more members from an organization.

Organization Invitations

  • Send Organization Invitations

    Send invitations to join an organization.

  • List Organization Invitations

    Get a list of pending invitations for an organization.

Remote Clusters

  • Get Remote Clusters

    Get the certificate-based remote clusters configured for an Elasticsearch resource.

  • Set Remote Clusters

    Configure certificate-based remote clusters for an Elasticsearch resource.

Role Assignments

  • Add Role Assignments

    Add role assignments to a user.

  • Remove Role Assignments

    Remove role assignments from a user.

Traffic Filter Rulesets

  • Create Traffic Filter Ruleset

    Create a new traffic filter ruleset.

  • List Traffic Filter Rulesets

    Get a list of all traffic filter rulesets.

  • Get Traffic Filter Ruleset

    Get details of a specific traffic filter ruleset.

  • Update Traffic Filter Ruleset

    Update an existing traffic filter ruleset.

  • Delete Traffic Filter Ruleset

    Delete a traffic filter ruleset.

Ruleset Associations

  • Create Ruleset Association

    Link a traffic filter ruleset to a deployment.

  • Delete Ruleset Association

    Unlink a traffic filter ruleset from a deployment.

Other (17)

  • Create Snapshot Repository For Elasticsearch Resource

    Link a snapshot repository from a source deployment.

  • Get Deployment Templates

    Get a list of available deployment templates for a specific region.

  • Get Deployment Elasticsearch Resource

    Get information about an Elasticsearch resource within a deployment.

  • Get Deployment Kibana Resource

    Get information about a Kibana resource within a deployment.

  • Get Upgrade Assistant Status

    Get the upgrade readiness status for a deployment.

  • Get Trusted Environments

    Get the trusted environments for the organization.

  • List Attached Snapshot Repositories

    Get the snapshot repositories attached to an Elasticsearch resource.

  • Get Stack Versions

    Get a list of available Elastic Stack versions.

  • Get Associated Deployments

    Get the deployments associated with a traffic filter ruleset.

  • Get Associated Rulesets

    Get the traffic filter rulesets associated with a specific deployment.

  • Remove Snapshot Repository From Elasticsearch Resource

    Remove a snapshot repository from an Elasticsearch resource.

  • Shut Down Deployment

    Shut down an Elastic Cloud deployment and all its resources.

  • Restore Shut Down Deployment

    Restore a previously shut down Elastic Cloud deployment.

  • Start Resource Instances

    Start all instances of a deployment resource.

  • Stop Resource Instances

    Stop all instances of a deployment resource.

  • Cancel Pending Plan

    Cancel the pending plan for a deployment resource.

  • Restart Deployment Elasticsearch Resource

    Restart the Elasticsearch resource within a deployment.

Set Up Your Elastic Cloud MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Elastic Cloud in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

Elastic Cloud MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

Elastic Cloud MCP Server FAQ

Elastic Cloud MCP server vs direct API integration — what's the difference?
A Elastic Cloud MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Elastic Cloud. A Elastic Cloud MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Elastic Cloud at runtime. StackOne provides both.
How does Elastic Cloud authentication work for AI agents?
Elastic Cloud authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Elastic Cloud account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Elastic Cloud MCP tools vulnerable to prompt injection?
Yes — Elastic Cloud MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Elastic Cloud agent and how do I avoid it?
Context bloat happens when Elastic Cloud tool schemas and API responses eat your Elastic Cloud agent's memory, preventing it from reasoning effectively. A single Elastic Cloud query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Elastic Cloud agent can access?
Yes — you can limit which actions your Elastic Cloud agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Elastic Cloud MCP server?
Yes — you can create custom agent actions for your Elastic Cloud MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Elastic Cloud's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Elastic Cloud MCP server?
Skip a Elastic Cloud MCP server if your integration is purely software-to-software — direct Elastic Cloud API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Elastic Cloud actions at runtime.
What AI frameworks and AI clients does the StackOne Elastic Cloud MCP server support?
The StackOne Elastic Cloud MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo