Wazuh-MCP-Server
by gensecaihq
AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.
127stars
37forks
Python
Added 1/4/2026
MCP Serversaiclaudeclaude-aiclaude-codeclaudedxt
Installation
# Add to your Claude Code skills
git clone https://github.com/gensecaihq/Wazuh-MCP-ServerWazuh MCP Server
Production-ready MCP server connecting AI assistants to Wazuh SIEM.
Version 4.0.7 | Wazuh 4.8.0 - 4.14.3 | Full Changelog
Why This MCP Server?
Security teams using Wazuh SIEM generate thousands of alerts, vulnerabilities, and events daily. Analyzing this data requires constant context-switching between dashboards, writing API queries, and manually correlating information.
This MCP server solves that problem by providing a secure bridge between AI assistants (like Claude) and your Wazuh deployment. Query alerts, analyze threats, check agent health, and generate compliance reports—all through natural conversation.
You: "Show me critical alerts from the last 24 hours"
Claude: [Uses get_wazuh_alerts tool] Found 12 critical alerts...
You: "Which agents have unpatched critical vulnerabilities?"
Claude: [Uses get_wazuh_critical_vulnerabilities tool] 3 agents affected...
Take It Further: Autonomous Agentic SOC
Ready to move beyond manual security operations?
Combine this MCP server with Wazuh OpenClaw Autopilot to build a fully autonomous Security Operations Center powered by AI agents.
Comments (0)
to leave a comment.
No comments yet. Be the first to share your thoughts!