by gensecaihq
AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.
# Add to your Claude Code skills
git clone https://github.com/gensecaihq/Wazuh-MCP-ServerGuides for using mcp servers skills like Wazuh-MCP-Server.
Last scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T15:48:07.496Z",
"npmAuditRan": true,
"pipAuditRan": false
}Wazuh-MCP-Server is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by gensecaihq. AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows. It has 201 GitHub stars.
Yes. Wazuh-MCP-Server passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/gensecaihq/Wazuh-MCP-Server" and add it to your Claude Code skills directory (see the Installation section above).
Wazuh-MCP-Server is primarily written in Python. It is open-source under gensecaihq on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh Wazuh-MCP-Server against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Talk to your SIEM. Query alerts, hunt threats, check vulnerabilities, and trigger active responses across your entire Wazuh deployment — through natural conversation with any AI assistant.
v4.2.1 | 54 security tools | Wazuh 4.8.0–4.14.4 | Changelog
Your Wazuh SIEM generates thousands of alerts, vulnerability findings, and agent events daily. Investigating them means juggling dashboards, writing API queries, and manually correlating data across tools.
This MCP server turns that workflow into a conversation:
You: "Show me critical alerts from the last hour"
AI: [calls get_wazuh_alerts] Found 3 critical alerts:
1. SSH brute force from 10.0.1.45 → agent-003 (Rule 5712, Level 10)
2. Rootkit detection on agent-007 (Rule 510, Level 12)
3. FIM change /etc/shadow on agent-001 (Rule 550, Level 10)
You: "Block that source IP on agent-003"
AI: [calls wazuh_block_ip] Blocked 10.0.1.45 via firewall-drop on agent-003.
You: "Which agents have unpatched critical CVEs?"
AI: [calls get_wazuh_critical_vulnerabilities] 3 agents with critical vulnerabilities...
It works with Claude Desktop, Open WebUI + Ollama (fully local, air-gapped), mcphost, or any MCP-compliant client.
This is a standard MCP tool server. It doesn't care what LLM you use — it just executes tools and returns results.
| Mode | LLM | Client | Data leaves your network? |
|---|---|---|---|
| Cloud | Claude, GPT, etc. | Claude Desktop, any MCP client | Yes (to LLM provider) |
| Local | Llama, Qwen, Mistral via Ollama | Open WebUI, mcphost, IBM/mcp-cli | No. Fully air-gappable. |
For security teams that can't send SIEM data to cloud APIs (compliance, air-gapped networks, data sovereignty), the local mode with Ollama keeps everything on-premises. Both modes coexist — same server, same tools, same API.
# 1. Start the MCP server
docker compose up -d
# 2. Install mcphost (Go binary, no dependencies)
go install github.com/mark3labs/mcphost@latest
# 3. Configure
cat > ~/.mcphost.yml << 'EOF'
mcpServers:
wazuh:
type: remote
url: http://localhost:3000/mcp
headers: ["Authorization: Bearer ${env://MCP_API_KEY}"]
EOF
# 4. Chat with your SIEM using a local model
export MCP_API_KEY="your-key-from-server-logs"
mcphost --model ollama/qwen2.5:7b
Open WebUI v0.6.31+ connects to our /mcp endpoint natively. Add it as an MCP tool server in Admin Settings, and your entire team gets AI-powered SIEM analysis with conversation history, RBAC, and a web UI.
Every tool is validated, rate-limited, scope-checked, and audit-logged.
| Category | Tools | What They Do |
|---|---|---|
| Alerts (5) | get_wazuh_alerts get_wazuh_alert_summary get_alerts_aggregated analyze_alert_patterns search_security_events |
Query, filter, search, and aggregate alert data via the Indexer. Timestamps accept ISO 8601 or relative date math (now-24h); get_alerts_aggregated summarizes a whole period with no document limit |
| Agents (6) | get_wazuh_agents get_wazuh_running_agents check_agent_health get_agent_processes get_agent_ports get_agent_configuration |
Monitor agent status, running processes, open ports, and configs |
| Vulnerabilities (3) | get_wazuh_vulnerabilities get_wazuh_critical_vulnerabilities get_wazuh_vulnerability_summary |
Query CVEs by severity, agent, and package |
| Security Analysis (5) | analyze_security_threat check_ioc_reputation perform_risk_assessment get_top_security_threats generate_security_report |
Threat analysis, IOC lookup, risk scoring, security reports |
| Compliance (6) | run_compliance_check get_iso27001_dashboard get_iso27001_control_detail get_iso27001_gap_analysis get_iso27001_alerts get_sca_policy_checks |
Compliance scoring for PCI-DSS, HIPAA, SOX, GDPR, NIST, and ISO 27001:2022 (Annex A control mapping, gap analysis, SCA detail) |
| System (10) | get_wazuh_statistics get_wazuh_cluster_health get_wazuh_cluster_nodes get_wazuh_rules_summary search_wazuh_manager_logs get_wazuh_manager_error_logs get_wazuh_log_collector_stats get_wazuh_remoted_stats get_wazuh_weekly_stats validate_wazuh_connection |
Cluster health, rules, manager logs, stats, connectivity |
| Active Response (9) | wazuh_block_ip wazuh_isolate_host wazuh_kill_process wazuh_disable_user wazuh_quarantine_file wazuh_firewall_drop wazuh_host_deny wazuh_active_response wazuh_restart |
Block IPs, isolate hosts, kill processes, quarantine files |
| Verification (5) | wazuh_check_blocked_ip wazuh_check_agent_isolation wazuh_check_process wazuh_check_user_status wazuh_check_file_quarantine |
Verify active response actions took effect |
| Rollback (5) | wazuh_unisolate_host wazuh_enable_user wazuh_restore_file wazuh_firewall_allow wazuh_host_allow |
Undo active response actions |
The 14 state-changing tools (Active Response + Rollback) require the wazuh:write scope; everything else needs only wazuh:read. ISO 27001 also adds an iso27001_assessment guided prompt (5 prompts total).
git clone https://github.com/gensecaihq/Wazuh-MCP-Server.git
cd Wazuh-MCP-Server
cp .env.example .env
Edit .env:
WAZUH_HOST=your-wazuh-server
WAZUH_USER=your-api-user
WAZUH_PASS=your-api-password
docker compose up -d
curl http://localhost:3000/health
https://your-server/mcpDetailed setup: Claude Integration Guide
This server sits between an LLM and your SIEM. Security is not optional.
| Layer | What It Does |
|---|---|
| RBAC | Per-tool scope enforcement, fail-closed: a token with no scope claim gets read-only, never write. The 14 state-changing tools (active response + rollback) require wazuh:write, which is opt-in (MCP_API_KEY_SCOPES="wazuh:read wazuh:write"). Authless mode is read-only unless AUTHLESS_ALLOW_WRITE=true. |
| Audit Logging | Every destructive tool call (block IP, isolate host, kill process) is logged with client ID, session, timestamp, and full arguments. |
| Output Sanitization | Credentials, tokens, and API keys in alert full_log fields are redacted before reaching the LLM. Prevents credential leakage through AI responses. |
| Input Validation | Every parameter validated: regex agent IDs, ipaddress module for IPs, shell metacharacter blocking for active response, Elasticsearch Query DSL (no string interpolation). |
| Rate Limiting | Per-client sliding window with escalating block duration (10s → 5min). |
| Circuit Breakers | Wazuh API failures trigger fail-fast for 60s, auto-recover. Single trial in HALF_OPEN state. |
| Log Sanitization | Global filter redacts passwords, tokens, secrets from all server logs. |
| Container Hardening | Non-root user, read-only filesystem, CAP_DROP ALL, no-new-privileges. |
# Generate a secure API key
python -c "import secrets; print('wazuh_' + secrets.token_urlsafe(32))"
| Variable | Description |
|---|---|
WAZUH_HOST |
Wazuh Manager hostname or IP |
WAZUH_USER |
API username |
WAZUH_PASS |
API password |
| Variable | Default | Description |
|---|---|---|
ENVIRONMENT |
development |
production enforces stricter checks (see below) |
WAZUH_PORT |
55000 |
Manager API port |
WAZUH_VERIFY_SSL |
true |
Verify the Manager's TLS certificate |
MCP_HOST |
0.0.0.0 |
Server bind address |
MCP_PORT |
3000 |
Server port |
AUTH_MODE |
bearer |
oauth, bearer, or none |
AUTH_SECRET_KEY |
auto (dev only) | JWT signing key. Required when ENVIRONMENT=production (the server refuses to start without it) — set the same value on every instance |
MCP_API_KEY |
auto (dev only) | Pre-set API key (wazuh_…) |
MCP_API_KEY_SCOPES |
wazuh:read |
Scopes for MCP_API_KEY. Add wazuh:write to enable active-response tools |
AUTHLESS_ALLOW_WRITE |
false |
Allow active response in authless mode |
ALLOWED_ORIGINS |
https://claude.ai,... |
CORS origins (comma-separated) |
TRUSTED_PROXIES |
— | Proxy IPs to trust for X-Forwarded-For (correct per-client rate limiting behind a proxy) |
REDIS_URL |
— | Redis URL for multi-instance session storage |
Production note: the server listens over plain HTTP — terminate TLS at a reverse proxy or load balancer. OAuth knobs (
OAUTH_ENABLE_DCR— off by default,OAUTH_*_TTL) and rate-limit tuning (RATE_LIMIT_REQUESTS,RATE_LIMIT_WINDOW) are in the Configuration Guide.
| Variable | Default | Description |
|---|---|---|
WAZUH_INDEXER_HOST |
— | Indexer hostname (an http:// prefix selects plain HTTP) |
WAZUH_INDEXER_PORT |
9200 |
Indexer port |
WAZUH_INDEXER_USER |
— |