ClickHouse MCP server
Run SQL queries against your ClickHouse security data lake from your AI agents.
About
Connect Tracecat to ClickHouse to run SQL queries across your security data lake for SOC analysts and detection engineers pivoting from an alert to weeks of historical events. You can list databases and tables to find the right log source for an investigation. From there, run read-only SQL queries, use the embedded chDB engine for local analysis, and bring the results back into a Tracecat case with confidence.
Setup
- 1
Create a service user
The ClickHouse MCP server authenticates to your ClickHouse cluster with a host, port, username, and password (or TLS client certificate). For HTTP and SSE transports, a static bearer token or OAuth provider protects the MCP endpoint itself.
- 2
Select the
ClickHousetile in the Tracecat MCP catalogOpen the
MCP catalogin your workspace, select theClickHousetile, and enter your username and password. - 3
Enable
ClickHousein your agentIn your
ai.agentaction orAgents→toolstab, selectClickHousefrom theMCP integrationsdropdown.
Tools
run_query | Execute a SQL query against ClickHouse. Runs in read-only mode by default. |
list_databases | List all databases on the connected ClickHouse cluster. |
list_tables | List tables in a database with pagination and filtering options. |
run_chdb_select_query | Run a SELECT query using the embedded chDB engine for local analysis. |