thomasxm

thomasxm / CrowdSentinels-AI-MCP

Public

AI-powered threat hunting and incident response MCP server for Elasticsearch/OpenSearch

15
2
100% credibility
Found Mar 17, 2026 at 15 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

An open-source framework that connects AI models to security log databases for natural language threat hunting, detection rule execution, and incident response analysis.

How It Works

1
🔍 Discover CrowdSentinel

You hear about a helpful tool that lets AI assistants search your security logs using everyday language to spot threats.

2
📦 Get it set up

Install with a simple command that brings thousands of threat detection rules and analysis tools right to your computer.

3
🔗 Link your security logs

Tell it where your log data lives so it can start exploring your network and endpoint records.

4
🚀 Hunt for dangers

Type questions like 'find suspicious logins' or 'check for malware' and watch it pull up matching events instantly.

5
Choose your way
⌨️
Command line

Run fast hunts and get structured results with indicators and risks highlighted.

💬
AI chat

Talk naturally to an AI partner that asks smart follow-ups and builds a full investigation story.

Threats revealed

You uncover hidden attacks, get clear summaries of risks, and know exactly what to block or investigate next.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 15 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is CrowdSentinels-AI-MCP?

CrowdSentinels-AI-MCP is a Python-based MCP server that lets AI agents like Claude Code query Elasticsearch or OpenSearch in natural language for threat hunting and incident response. It bundles 6,060 detection rules (Lucene, EQL, ES|QL) and exposes 79 tools for hunting IOCs, analyzing PCAPs with tshark, EVTX logs via Chainsaw, and tracking investigations with persistent state. Users get a standalone CLI for hunts like "crowdsentinel hunt powershell encoded" plus seamless integration into VS Code Copilot or Cursor.

Why is it gaining traction?

It stands out by turning rigid SIEM queries into AI-powered threat detection and response workflows, complete with Cyber Kill Chain mapping and cross-tool IOC correlation—no more manual rule hunting across Sigma or Elastic repos. The CLI delivers instant value without AI setup, while MCP hooks make it a drop-in for ai powered threat hunting in LLM chats. Early adopters dig the bundled rules and multi-source support (ES, PCAP, EVTX) that speed up real hunts.

Who should use this?

Threat hunters and SOC analysts tired of crafting EQL/ES|QL by hand on winlogbeat indices. SecOps devs building ai powered threat intelligence pipelines or ai-powered threat modeling tools. Teams evaluating ai powered threat detection systems for Elasticsearch stacks, especially with Chainsaw for EVTX or tshark for network forensics.

Verdict

Grab it for research or prototyping ai powered projects github-style threat hunting—CLI shines immediately, docs are thorough. At 15 stars and 1.0% credibility, it's pre-production (explicit warning), so test locally first; active dev promises quick iteration.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.