Connect Kibana to AI agents

Connect Kibana to Claude, Codex, Cursor, or other AI agents for your entire team. Metorial security, governance, observability, and gives your team a unified Magic MCP url to connect.

Supported Tools

search_cases

Search Cases

Search and list Kibana cases for incident tracking. Cases can be associated with alerts, have comments and attachments, and can be synced with external case management systems.

list_connectors

List Connectors

List all connectors configured in Kibana. Connectors integrate with external services like email, Slack, PagerDuty, webhook, Jira, ServiceNow, Microsoft Teams, and more.

list_roles

List Roles

List all security roles configured in Kibana. Roles define Elasticsearch and Kibana feature privileges.

export_saved_objects

Export Saved Objects

Export Kibana saved objects in NDJSON format for backup or migration between environments. Specify either object types to export all objects of those types, or provide specific object IDs to export selectively.

list_data_views

List Data Views

List all data views (index patterns) configured in Kibana. Data views define which Elasticsearch indices Kibana queries.

manage_agent_policy

Manage Agent Policy

Create, get, update, or delete a Fleet agent policy. Agent policies define agent behavior, integrations, and monitoring configuration.

execute_connector

Execute Connector

Test or execute a Kibana connector with specific parameters. Useful for testing connector configuration or sending one-off notifications.

get_kibana_status

Get Kibana Status

Get the current status of the Kibana instance, including overall health, version, and plugin status.

add_case_comment

Add Case Comment

Add a comment or alert attachment to an existing Kibana case.

get_enrollment_tokens

Get Enrollment Tokens

Get Fleet enrollment API keys used to enroll new Elastic Agents.

manage_case

Manage Case

Create, get, update, or delete a Kibana case. Cases are used for incident tracking and can be associated with alerts and synced with external case management systems.

manage_data_view

Manage Data View

Create, get, update, or delete a Kibana data view (index pattern). Data views define which Elasticsearch indices Kibana queries. Supports configuring runtime fields, time fields, field formats, and source filters.

manage_connector

Manage Connector

Create, get, update, or delete a Kibana connector. Connectors integrate with external services for rule-triggered notifications. Supported types include email, Slack, PagerDuty, webhook, Jira, ServiceNow, Microsoft Teams, Opsgenie, and more.

manage_saved_object

Manage Saved Object

Get, create, update, or delete a Kibana saved object. Supports dashboards, visualizations, maps, data views, Canvas workpads, and other saved object types. Provide the action to perform along with the object type and ID.

list_spaces

List Spaces

List all Kibana spaces. Spaces organize dashboards and other saved objects into meaningful categories.

manage_slo

Manage SLO

Create, get, update, or delete a Kibana Service Level Objective (SLO). Supports KQL, metric custom, and histogram indicator types with occurrences or timeslices budgeting methods.

search_rules

Search Alerting Rules

Search and list Kibana alerting rules. Rules monitor conditions and trigger actions when thresholds are met. Supports filtering by search terms and KQL filters.

list_agent_policies

List Agent Policies

List Fleet agent policies in Kibana. Agent policies define what data agents collect and which integrations they run.

list_fleet_agents

List Fleet Agents

List Elastic Agents managed by Fleet. Shows agent status, policy assignment, version, and host information.

manage_role

Manage Role

Create, get, update, or delete a Kibana security role. Roles define Elasticsearch cluster/index privileges and Kibana feature privileges per space.

search_saved_objects

Search Saved Objects

Search and list Kibana saved objects such as dashboards, visualizations, maps, data views, Canvas workpads, and other saved objects. Use this to find specific objects by type and search term, or to browse all objects of a given type.

manage_space

Manage Space

Create, get, update, or delete a Kibana space. Spaces enable organizing dashboards and other saved objects into meaningful categories. Rules and connectors are isolated to the space in which they were created.

manage_rule

Manage Alerting Rule

Create, get, update, delete, enable, disable, or mute/unmute a Kibana alerting rule. Rules monitor conditions and trigger actions via connectors when thresholds are met. Supports Elasticsearch query, index threshold, metric threshold, log threshold, and more.

search_slos

Search SLOs

Search and list Kibana Service Level Objectives (SLOs). SLOs define reliability targets for services and can use various indicator types.

list_package_policies

List Package Policies

List Fleet package policies in Kibana. Package policies attach Elastic integrations, such as Nginx or System, to Fleet agent policies.

manage_default_data_view

Manage Default Data View

Get, set, or unset the default Kibana data view for the current space. The default data view is used when no specific data view is selected.

list_rule_types

List Rule Types

List Kibana alerting rule types available to the authenticated user. Use this before creating rules to discover ruleTypeId values, action groups, required license level, and authorized consumers.

list_connector_types

List Connector Types

List Kibana connector types available for rules and cases, including license and feature availability. Use this before creating connectors to discover connectorTypeId values and supported features.

manage_rule_snooze

Manage Rule Snooze

Schedule or delete a Kibana alerting rule snooze schedule. Snooze schedules temporarily suppress rule notifications during maintenance windows or planned downtime.

manage_package_policy

Manage Package Policy

Get, create, update, or delete a Fleet package policy. Package policies attach Elastic integration packages to Fleet agent policies. Provide packagePolicy as the raw Kibana package policy request body for create and update.

More integrations teams use with Kibana

GitHub

Manage repositories, issues, and pull requests. Create and configure branches, star repositories, review code, and merge changes. Automate CI/CD workflows with GitHub Actions, manage workflow runs, secrets, and artifacts. Track issues with labels, milestones, and assignees. Search across code, repositories, issues, and users. Manage organizations, teams, and memberships. Create and manage projects, gists, packages, deployments, and environments. Access security alerts including code scanning, secret scanning, and Dependabot alerts. Read and write file contents in repositories. Manage webhooks, notifications, and codespaces.

Sharepoint

Manage SharePoint sites, document libraries, lists, and files. Create, read, update, and delete lists and list items with custom columns. Upload, download, move, copy, and version files in document libraries. Search across sites, files, folders, lists, and list items using Microsoft Search. Manage permissions at site, list, and item levels with granular access control. Define and manage content types and site columns. Subscribe to webhooks for list and library change notifications. Retrieve site properties and search for sites across Microsoft 365.

Salesforce

Manage CRM data including Accounts, Contacts, Leads, Opportunities, Cases, and custom objects. Create, read, update, and delete records. Query data using SOQL and search across objects using SOSL. Perform bulk data operations for large-scale imports, exports, and migrations. Execute composite requests to batch multiple operations in a single API call. Access analytics, reports, and dashboards. Manage files and attachments associated with records. Interact with Chatter feeds, posts, and groups for social collaboration. Subscribe to real-time change events via Change Data Capture and Platform Events. Manage org metadata including custom objects, fields, layouts, and workflows. Query data using GraphQL for precise data retrieval across related objects.

Airtable

Create, read, update, and delete records in Airtable bases and tables. Manage base schemas including creating tables and fields. Filter records using formulas, sort by fields, and scope queries to specific views. Upsert records to find, create, or update in a single call. Upload attachments to records, read and write record comments, list accessible bases, and receive real-time base change events through webhooks.

Bitbucket

Manage Git repositories, pull requests, and CI/CD pipelines on Bitbucket Cloud. Create, fork, and configure repositories within workspaces and projects. Create, review, approve, merge, and decline pull requests with inline code comments. Browse source code, list commits, and manage branches and tags. Track issues with the built-in issue tracker. Trigger, monitor, and manage Bitbucket Pipelines. List workspace members, configure repository default reviewers and branch restrictions, create and manage repository webhooks, and search code across repositories.

Heroku

Deploy, manage, and scale applications on Heroku's cloud platform. Create and configure apps, scale dynos, provision add-ons (databases, caching, etc.), manage configuration variables, build and release code, add custom domains and SSL certificates, manage collaborators and team permissions, configure pipelines for continuous delivery, set up log drains, and sync data with Salesforce via Heroku Connect. Subscribe to webhooks for real-time notifications on app changes, builds, releases, dyno lifecycle events, and more.

Technical notes for Kibana

Manage Kibana resources and the Elastic Stack visualization layer programmatically. Create, import, export, and organize saved objects such as dashboards, visualizations, and data views across spaces. Configure alerting rules with threshold, query, and metric conditions, and connect them to actions via connectors (email, Slack, PagerDuty, webhook, Jira, ServiceNow, and more). Manage data views (index patterns) that define which Elasticsearch indices Kibana queries. Create and organize spaces to separate dashboards and objects into meaningful categories. Track incidents with cases, define and monitor Service Level Objectives (SLOs), manage Fleet agent policies and enrollments, configure security detection rules for SIEM, and control role-based access with Kibana feature privileges.

Connect Kibana to production AI agents

See how Metorial gives Kibana access the governance, tracing, and security controls teams need.

Frequently asked questions

Common questions about connecting Kibana to AI agents with Metorial.

  1. Can Metorial connect Kibana to AI agents?
    Yes. Metorial connects AI agents to Kibana through a governed integration layer, so teams can use the provider while keeping access controlled and observable.
  2. Metorial is MCP compatible and lets teams expose approved provider tools to MCP-capable agents and clients through a controlled access layer.
  3. Metorial applies policies across users, groups, providers, agents, and individual tools, then records the context around every agent interaction.
  4. Yes. Metorial records provider activity so teams can inspect tool calls, troubleshoot integrations, and give security teams the visibility they need.