Wazuh MCP Server
by unmuktoai
The Wazuh MCP Server integrates Wazuh security data with LLMs like Claude Desktop. It retrieves alerts from Elasticsearch, transforms them into MCP-compliant JSON, and exposes an HTTP endpoint for real-time security context.
Last updated: N/A
What is Wazuh MCP Server?
A production-grade, open-source MCP server that integrates Wazuh security data with LLMs, specifically designed to work with applications like the Claude Desktop App.
How to use Wazuh MCP Server?
To use the server, clone the repository, create a virtual environment, install dependencies, configure environment variables for Wazuh API access, and run the wazuh_mcp_server.py script. Integrate with Claude Desktop by updating its configuration file with the server's endpoint and environment variables.
Key features of Wazuh MCP Server
JWT-Based Authentication
Alert Retrieval from Elasticsearch
MCP Message Transformation
Flask HTTP Server with /mcp endpoint
Robust Error Handling
Configurable via environment variables
Use cases of Wazuh MCP Server
Real-time security context for LLMs
Integrating Wazuh alerts with Claude Desktop
Automated security analysis using LLMs
Security incident response
Threat detection and analysis
FAQ from Wazuh MCP Server
What is the purpose of this server?
What is the purpose of this server?
The server bridges the gap between Wazuh security alerts and LLMs, enabling real-time security context for applications like Claude Desktop.
What are the prerequisites for running this server?
What are the prerequisites for running this server?
You need Python 3.8+, access to a Wazuh API instance, and optionally, Claude Desktop configured to call the MCP server.
How do I configure the server?
How do I configure the server?
Configure the server by setting the required environment variables, such as WAZUH_HOST, WAZUH_PORT, WAZUH_USER, WAZUH_PASS, and MCP_SERVER_PORT.
How do I integrate this server with Claude Desktop?
How do I integrate this server with Claude Desktop?
Update the Claude Desktop configuration file (claude_desktop_config.json) with the server's endpoint and environment variables under the mcpServers section.
What license is this project under?
What license is this project under?
This project is licensed under the MIT License.