Wazuh MCP Server - Talk to your SIEM

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

Overview

Modern AI assistants like Claude can benefit significantly from real-time context about the user's security environment. The Wazuh MCP Server bridges this gap by providing comprehensive access to Wazuh SIEM data through natural language interactions.

This server transforms complex Wazuh API responses into MCP-compatible format, enabling AI assistants to access:

• Security Alerts & Events from the Wazuh Indexer for threat detection and incident response
• Agent Management & Monitoring including health status, system processes, and network ports
• Vulnerability Assessment data for risk management and patch prioritization
• Security Rules & Configuration for detection optimization and compliance validation
• System Statistics & Performance metrics for operational monitoring and audit trails
• Log Analysis & Forensics capabilities for incident investigation and compliance reporting
• Cluster Health & Management for infrastructure reliability and availability requirements
• Compliance Monitoring & Gap Analysis for regulatory frameworks like PCI-DSS, HIPAA, SOX, and GDPR

Rather than requiring manual API calls or complex queries, security teams can now ask natural language questions like "Show me critical vulnerabilities on web servers," "What processes are running on agent 001?" or "Are we meeting PCI-DSS logging requirements?" and receive structured, actionable data from their Wazuh deployment.