Wazuh MCP Server
A production-grade, open-source MCP server that authenticates with Wazuh API, retrieves alerts, transforms them into MCP format, and exposes an endpoint for real-time security data fetching by LLMs like Claude Desktop.
Added on:
Created by:
Mar 17 2025
A production-grade, open-source MCP server that authenticates with Wazuh API, retrieves alerts, transforms them into MCP format, and exposes an endpoint for real-time security data fetching by LLMs like Claude Desktop.
Added on:
Created by:
Mar 17 2025
unmukto.ai
Featured
What is Wazuh MCP Server?
The Wazuh MCP Server is designed to seamlessly integrate Wazuh security data with language models. It authenticates with the Wazuh RESTful API, retrieves security alerts from Elasticsearch, transforms the data into MCP-compliant JSON messages, and exposes an HTTP endpoint. This allows LLMs such as Claude Desktop to access up-to-date security context, enhancing their decision-making capabilities. The server supports JWT-based authentication, error handling, and is configurable via environment variables, making it suitable for deployment in diverse environments to facilitate real-time security monitoring and automated responses.
Who will use Wazuh MCP Server?
- Security analysts
- IT security teams
- DevOps engineers
- Organizations using Wazuh for security monitoring
- AI developers integrating security data with LLMs
How to use the Wazuh MCP Server?
- Step1: Clone the repository from GitHub
- Step2: Create and activate a virtual environment
- Step3: Install dependencies using pip
- Step4: Configure environment variables with Wazuh credentials and server details
- Step5: Run the server with Python script
- Step6: Integrate with Claude Desktop by updating its config file to call the MCP server
Wazuh MCP Server's Core Features & Benefits
The Core Features
- Authenticates with Wazuh API using JWT
- Retrieves alerts from Elasticsearch indices
- Transforms security events into MCP JSON format
- Exposes an HTTP endpoint for real-time data access
- Handles errors and token expiration
- Configurable via environment variables
The Benefits
- Provides real-time security insights to LLMs
- Automates data integration process
- Enhances security monitoring capabilities
- Eases deployment with configurable environment variables
- Supports secure and robust data handling
Wazuh MCP Server's Main Use Cases & Applications
- Real-time security alert monitoring and analysis
- Integration of Wazuh alerts with AI-driven security decision tools
- Automated incident response workflows
- Security posture assessment using LLMs
- Enhanced security dashboards with real-time data
FAQs of Wazuh MCP Server
Developer
You may also like:
Developer Tools
A desktop application for managing server and client interactions with comprehensive functionalities.
A Model Context Protocol server for Eagle that manages data exchange between Eagle app and data sources.
A chat-based client that integrates and uses various MCP tools directly within a chat environment for enhanced productivity.
A Docker image hosting multiple MCP servers accessible through a unified entry point with supergateway integration.
Provides access to YNAB account balances, transactions, and transaction creation through MCP protocol.
A fast, scalable MCP server for managing real-time multi-client Zerodha trading operations.
A remote SSH client facilitating secure, proxy-based access to MCP servers for remote tool utilization.
A Spring-based MCP server integrating AI capabilities for managing and processing Minecraft mod communication protocols.
A minimalistic MCP client with essential chat features, supporting multiple models and contextual interactions.
A secure MCP server enabling AI agents to interact with Authenticator App for 2FA codes and passwords.
Security
A Python-based MCP server enabling secure management and automation of OPNsense firewalls via API.
Enables interaction with SharePoint Online via REST API, supporting site, list, and user management functions.
A MCP server wrapper enabling full protocol utilization without tool limits or context overload.
A server that provides access to repositories, code quality analysis, security, and coverage metrics via API.
A wrapper around MCP server to select which tools to expose to mcp clients, enhancing control and safety.
Securely run MCP servers without modifying configs by managing secrets safely through the launcher.
An advanced SSH client supporting MCP with security checks, session management, and confidential logging features.
Provides secure, relative filesystem access for AI agents with batch operations and detailed error reporting.
A client for connecting to MCP servers, enabling AI agents to discover and utilize tools via MCP protocol.
A server for sending notifications to self-hosted ntfy servers with secure token authentication support.
Monitoring
Provides real-time traffic, air quality, weather, and bike-sharing data for Valencia city in a unified platform.
PHP client library enabling interaction with MCP servers via SSE, StdIO, or external processes.
A cross-platform desktop app providing offline access, performance, and detailed metrics for MCP system interaction.
A simplified Prometheus MCP server for collecting and exposing metrics and monitoring data.
Enables advanced browser automation for viewport management, screenshot capture, and content extraction using TypeScript.
A GUI tool for managing MCP servers across clients with seamless toggling and real-time monitoring features.
A client and server setup facilitating GitLab SSE communication via a supergateway for real-time updates.
A Python SDK-based MCP supporting Elasticsearch 7 and 8 for search, mapping, health, and stats monitoring.
A comprehensive suite of containers for efficient microservices deployment and management.
A WebSocket-based real-time chat application with user authentication, message history, and health monitoring features.