The original post: /r/netsec by /u/eitot8 on 2025-04-29 02:21:41.

As a small MCP research project, I’ve built a MCP server to interact with Elasticsearch where Sysmon logs are shipped. This allows LLM to perform log analysis to identify potential threats and malicious activities 🤖