Is EventSight safe to use?

EventSight has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install EventSight?

EventSight can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with EventSight?

EventSight is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is EventSight actively maintained?

EventSight is less actively maintained — last commit was 163 days ago. It has 37 GitHub stars.

EventSight

Name: EventSight
Author: jonny-jhnson

by jonny-jhnson

AI-powered Windows Event Log analyzer that learns from your feedback. Uses Claude AI with RAG to detect suspicious activity, improve accuracy over time, and share learnings across your team. CLI and MCP server interfaces.

37 0 tools GitHub

No known CVEs

MIT license

Maintained

Last commit 163d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "eventsight": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/eventsight)](https://mcppedia.org/s/eventsight)

Read me

What EventSight does

AI-powered Windows Event Log analyzer that learns from analyst feedback.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

30/100across 5 weighted dimensions

How we score →

0255075100

−70

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is EventSight safe to use?: EventSight has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install EventSight?: EventSight can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with EventSight?: EventSight is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is EventSight actively maintained?: EventSight is less actively maintained — last commit was 163 days ago. It has 37 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for EventSight and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "eventsight": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/eventsight)](https://mcppedia.org/s/eventsight)

Read me

What EventSight does

AI-powered Windows Event Log analyzer that learns from analyst feedback.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

EventSight

AI-powered Windows Event Log analyzer that learns from analyst feedback.

Project Structure

This repository contains two related projects:

EventSight/
├── Eventsight/          # Standalone CLI tool
│   └── data/learnings/  # Shared learnings database
└── Eventsight-MCP/      # MCP server for Claude Code integration
    └── .mcp.json      # MCP configuration

Why Two Projects?

	Eventsight	Eventsight-MCP
Interface	Command-line (CLI)	MCP Server (Claude Code)
RAG Type	Standard RAG	Agentic RAG
Use Case	Direct analysis & reporting	Interactive analysis with Claude
Feedback	Manual commands	Natural language via Claude

Shared Resources

Both projects share the same learnings database, meaning:

Learnings created in either project benefit both
Correlation rules are shared
Analysis improvements compound over time

The shared data lives in Eventsight/data/learnings/:

learnings.db - Analyst learnings, correlation rules, and analysis history
events.db - Stored events from analyses (indexed by Event ID, timestamp, provider)
embeddings.npy - 384-dimensional vector embeddings for semantic search
event_embeddings.npy - Event embeddings for semantic event search

Eventsight (CLI)

The standalone command-line tool for Windows Event Log analysis.

Features:

Parse and analyze EVTX files
Batch processing with streaming output
Continuous monitoring mode with live HTML report (auto-refreshing dashboard)
Standard RAG for fast, deterministic learning retrieval
Interactive feedback mode
HTML/Markdown report generation

Quick Start:

cd Eventsight
uv sync
uv run eventsight evaluate Security.evtx --event-ids 4624,4688

See Eventsight/README.md for full documentation.

Eventsight-MCP (Claude Code Integration)

MCP server that brings EventSight capabilities into Claude Code with Agentic RAG.

Features:

All EventSight analysis capabilities via 16 MCP tools
Agentic RAG for intelligent feedback processing
Natural language interaction ("Finding #2 is our EDR, mark as benign")
Semantic event search
Export/import learnings for sharing between instances

Quick Start:

# From the Eventsight-MCP directory with Claude Code
cd Eventsight-MCP

# Then use tools like:
# - evaluate_evtx to analyze EVTX files
# - feedback to process analyst input using Agentic RAG
# - search_stored_events to find specific activity
# - export_learnings_package to share learnings

See Eventsight-MCP/README.md for full documentation.

RAG Approaches

Standard RAG (Eventsight)

Direct vector similarity search for learning retrieval:

Query → Embedding → Similarity Search → Top-K Results
Fast O(1) lookup by Event ID when available
Deterministic, efficient for batch processing

Agentic RAG (Eventsight-MCP)

LLM-driven tool selection for intelligent processing:

Query → LLM analyzes intent → Selects appropriate tools
Can search events, create learnings, mark findings autonomously
Better at understanding nuanced natural language feedback
Creates higher-quality, generalizable learnings

License

MIT

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

30/100across 5 weighted dimensions

How we score →

0255075100

−70

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is EventSight safe to use?: EventSight has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install EventSight?: EventSight can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with EventSight?: EventSight is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is EventSight actively maintained?: EventSight is less actively maintained — last commit was 163 days ago. It has 37 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Mcpki Server92

mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).

MCP Security Weekly

Get CVE alerts and security updates for EventSight and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?