Wazuh MCP Server
@unmuktoai
关于 Wazuh MCP Server
AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational S
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"Wazuh-MCP-Server": {
"command": "docker",
"args": [
"compose",
"up",
"-d"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Wazuh MCP Server?
A Model Context Protocol server that turns Wazuh SIEM workflows into natural conversation with any AI assistant. It provides 54 security tools for querying alerts, hunting threats, checking vulnerabilities, triggering active responses, and running compliance checks — through cloud LLMs like Claude or fully local LLMs via Ollama.
How to use Wazuh MCP Server?
Deploy with Docker Compose, configure WAZUH_HOST, WAZUH_USER, and WAZUH_PASS in .env, then connect any MCP-compliant client (Claude Desktop, Open WebUI, mcphost) to the /mcp endpoint. Quick start: git clone, cp .env.example .env, edit, docker compose up -d. For local LLMs, use mcphost with --model ollama/qwen2.5:7b. For multi-user SOC, add as an MCP tool server in Open WebUI Admin Settings.
Key features of Wazuh MCP Server
- 54 security tools across alerts, agents, vulnerabilities, compliance, and active response
- Works with cloud LLMs (Claude, GPT) and local LLMs (Llama, Qwen)
- Fully air-gappable — data never leaves your network with local mode
- RBAC with opt-in
wazuh:writescope for state‑changing tools - Audit logging for every destructive action
- Rate limiting, circuit breakers, and input validation
Use cases of Wazuh MCP Server
- SOC analyst queries critical alerts from the last hour and blocks a malicious IP
- Threat hunter searches for rootkit detections and isolates infected agents
- Compliance officer runs ISO 27001 gap analysis and retrieves control details
- Security engineer checks agent health, open ports, and running processes via chat
- Team investigates vulnerabilities by agent and packages, then generates a security report
FAQ from Wazuh MCP Server
What are the prerequisites?
Docker 20.10+ with Compose v2, and a Wazuh deployment version 4.8.0–4.14.4 with API access enabled.
Can it run fully offline without sending data to the cloud?
Yes. Use a local LLM via Ollama with Open WebUI or mcphost. In this mode no SIEM data leaves your network — fully air-gappable.
How does security work?
RBAC enforces per‑tool scopes (fail‑closed), all destructive actions are audit‑logged, output is sanitized to prevent credential leakage, inputs are validated (regex, shell metacharacter blocking, Elasticsearch DSL), rate limiting uses a sliding window, circuit breakers auto‑recover, and the container runs with non‑root user, read‑only filesystem, and dropped capabilities.
What authentication modes are supported?
Bearer token (default), OAuth 2.0 with Dynamic Client Registration, or authless mode (read‑only unless AUTHLESS_ALLOW_WRITE=true). API keys can be scoped to wazuh:read or wazuh:write.
What Wazuh versions are supported?
Wazuh 4.8.0 through 4.14.4.
开发工具 分类下的更多 MCP 服务器
MCP-Scan: An MCP Security Scanner
invariantlabs-aiSecurity scanner for AI agents, MCP servers and agent skills.
Huoshan Test
volcengineTalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
DevDocs by CyberAGI 🚀
cyberagiincCompletely free, private, UI based Tech Documentation MCP server. Designed for coders and software developers in mind. Easily integrate into Cursor, Windsurf, Cline, Roo Code, Claude Desktop App
Test
x1xhlolFULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI, VSCode Agent, Warp.dev, Windsurf, Xcode, Z.ai Code, Dia & v0. (And other Open Sou
评论