Kibana#

Version: 0.7.3 · Category: SIEM · Plan: Base+

Full Kibana management integration with 16 tools across four capability groups: connectivity and API access, API discovery, dashboard health analysis, and saved object CRUD. Supports multiple Spaces and three authentication methods: API Key, basic auth, and cookie.

Tools#

Connectivity and API access#

`get_status` — Kibana status#

Get the Kibana server status, version, and plugin health.

`get_available_spaces` — Space list#

List all Kibana Spaces. Use to switch the target Space for subsequent operations.

`execute_kb_api` — Direct Kibana REST API execution#

Execute any Kibana REST API:

Parameter	Description
`method`	GET / POST / PUT / DELETE / PATCH
`path`	API path (e.g. `/api/saved_objects/_find`)
`body`	Request body
`headers`	Custom request headers

API discovery#

`search_kibana_api_paths` — API path search#

Full-text search all available Kibana API paths — useful when you don't know the exact endpoint.

`list_all_kibana_api_paths` — Full API path list#

List all documented Kibana API paths as a reference for building execute_kb_api calls.

`get_kibana_api_detail` — API detail#

Get the parameter schema and description for a specific API path.

Dashboard health analysis#

`check_dashboard_health` — Dashboard health check#

Run a health check on a specific dashboard:

Detect broken visualization references
Detect missing index patterns
Performance issue analysis
Returns a health score and actionable repair recommendations

`scan_all_dashboards_health` — Bulk health scan#

Scan all dashboards in a Kibana Space and generate a health report — identify broken dashboards before users notice.

`analyze_object_dependencies` — Dependency tree analysis#

Trace the full dependency tree of a saved object (dashboard → visualization → index pattern). Run this before modifying shared objects.

`analyze_deletion_impact` — Deletion impact preview#

Preview which other saved objects would break if a given object is deleted or modified. Must be run before any deletion operation.

Saved object CRUD#

`vl_search_saved_objects` — Search saved objects#

Search across any saved object types using ES query syntax:

Supported types: dashboard, visualization, index-pattern, search, lens, map, tag, canvas-workpad, and more.

`vl_get_saved_object` — Get saved object#

Retrieve a single saved object by exact type + id. Faster than searching.

`vl_create_saved_object` — Create saved object#

Create a saved object of any type. Complex fields (e.g. panelsJSON, visState) must be passed as JSON strings.

`vl_update_saved_object` — Update saved object#

Partially update a single saved object (only specified attributes). Supports version for optimistic concurrency control.

`vl_bulk_update_saved_objects` — Bulk update#

Update multiple mixed-type saved objects in one call — more efficient than updating one by one.

`vl_bulk_delete_saved_objects` — Bulk delete#

Permanently delete multiple saved objects. Irreversible — always run analyze_deletion_impact first.

Objects in multiple namespaces require force: true.

Configuration#

Item	Description
`KIBANA_URL`	Kibana address (e.g. `https://kibana.corp.com:5601`)
Authentication	`KIBANA_API_KEY` (recommended) or `KIBANA_USERNAME` + `KIBANA_PASSWORD`
`KIBANA_DEFAULT_SPACE`	Default target Space (default: `default`)

Kibana#

Tools#

Connectivity and API access#

get_status — Kibana status#

get_available_spaces — Space list#

execute_kb_api — Direct Kibana REST API execution#

API discovery#

search_kibana_api_paths — API path search#

list_all_kibana_api_paths — Full API path list#

get_kibana_api_detail — API detail#

Dashboard health analysis#

check_dashboard_health — Dashboard health check#

scan_all_dashboards_health — Bulk health scan#

analyze_object_dependencies — Dependency tree analysis#

analyze_deletion_impact — Deletion impact preview#