
Wazuh MCP Server
โ 196from gensecaihq
AI-powered security operations with Wazuh SIEM + Claude Desktop. Natural language threat detection, automated incident response & compliance.
Wazuh MCP Server
Talk to your SIEM. Query alerts, hunt threats, check vulnerabilities, and trigger active responses across your entire Wazuh deployment โ through natural conversation with any AI assistant.
v4.2.1 | 54 security tools | Wazuh 4.8.0โ4.14.4 | Changelog
What This Does
Your Wazuh SIEM generates thousands of alerts, vulnerability findings, and agent events daily. Investigating them means juggling dashboards, writing API queries, and manually correlating data across tools.
This MCP server turns that workflow into a conversation:
You: "Show me critical alerts from the last hour"
AI: [calls get_wazuh_alerts] Found 3 critical alerts:
1. SSH brute force from 10.0.1.45 โ agent-003 (Rule 5712, Level 10)
2. Rootkit detection on agent-007 (Rule 510, Level 12)
3. FIM change /etc/shadow on agent-001 (Rule 550, Level 10)
You: "Block that source IP on agent-003"
AI: [calls wazuh_block_ip] Blocked 10.0.1.45 via firewall-drop on agent-003.
You: "Which agents have unpatched critical CVEs?"
AI: [calls get_wazuh_critical_vulnerabilities] 3 agents with critical vulnerabilities...
It works with Claude Desktop, Open WebUI + Ollama (fully local, air-gapped), mcphost, or any MCP-compliant client.
Works With Cloud AND Local LLMs
This is a standard MCP tool server. It doesn't care what LLM you use โ it just executes tools and returns results.
Mode LLM Client Data leaves your network? Cloud Claude, GPT, etc. Claude Desktop, any MCP client Yes (to LLM provider) Local Llama, Qwen, Mistral via Ollama Open WebUI, mcphost, IBM/mcp-cli No. Fully air-gappable.
For security teams that can't send SIEM data to cloud APIs (compliance, air-gapped networks, data sovereignty), the local mode with Ollama keeps everything on-premises. Both modes coexist โ same server, same tools, same API.
Quick Start: Local LLM with mcphost
# 1. Start the MCP server
docker compose up -d
# 2. Install mcphost (Go binary, no dependencies)
go install github.com/mark3labs/mcphost@latest
# 3. Configure
cat > ~/.mcphost.yml Open WebUI v0.6.31+ connects to our `/mcp` endpoint natively. Add it as an MCP tool server in Admin Settings, and your entire team gets AI-powered SIEM analysis with conversation history, RBAC, and a web UI.
## 54 Security Tools
Every tool is validated, rate-limited, scope-checked, and audit-logged.
Category Tools What They Do
**Alerts** (5) `get_wazuh_alerts` `get_wazuh_alert_summary` `get_alerts_aggregated` `analyze_alert_patterns` `search_security_events` Query, filter, search, and aggregate alert data via the Indexer. Timestamps accept ISO 8601 or relative date math (`now-24h`); `get_alerts_aggregated` summarizes a whole period with no document limit
**Agents** (6) `get_wazuh_agents` `get_wazuh_running_agents` `check_agent_health` `get_agent_processes` `get_agent_ports` `get_agent_configuration` Monitor agent status, running processes, open ports, and configs
**Vulnerabilities** (3) `get_wazuh_vulnerabilities` `get_wazuh_critical_vulnerabilities` `get_wazuh_vulnerability_summary` Query CVEs by severity, agent, and package
**Security Analysis** (5) `analyze_security_threat` `check_ioc_reputation` `perform_risk_assessment` `get_top_security_threats` `generate_security_report` Threat analysis, IOC lookup, risk scoring, security reports
**Compliance** (6) `run_compliance_check` `get_iso27001_dashboard` `get_iso27001_control_detail` `get_iso27001_gap_analysis` `get_iso27001_alerts` `get_sca_policy_checks` Compliance scoring for PCI-DSS, HIPAA, SOX, GDPR, NIST, and ISO 27001:2022 (Annex A control mapping, gap analysis, SCA detail)
**System** (10) `get_wazuh_statistics` `get_wazuh_cluster_health` `get_wazuh_cluster_nodes` `get_wazuh_rules_summary` `search_wazuh_manager_logs` `get_wazuh_manager_error_logs` `get_wazuh_log_collector_stats` `get_wazuh_remoted_stats` `get_wazuh_weekly_stats` `validate_wazuh_connection` Cluster health, rules, manager logs, stats, connectivity
**Active Response** (9) `wazuh_block_ip` `wazuh_isolate_host` `wazuh_kill_process` `wazuh_disable_user` `wazuh_quarantine_file` `wazuh_firewall_drop` `wazuh_host_deny` `wazuh_active_response` `wazuh_restart` Block IPs, isolate hosts, kill processes, quarantine files
**Verification** (5) `wazuh_check_blocked_ip` `wazuh_check_agent_isolation` `wazuh_check_process` `wazuh_check_user_status` `wazuh_check_file_quarantine` Verify active response actions took effect
**Rollback** (5) `wazuh_unisolate_host` `wazuh_enable_user` `wazuh_restore_file` `wazuh_firewall_allow` `wazuh_host_allow` Undo active response actions
The 14 state-changing tools (Active Response + Rollback) require the `wazuh:write` scope; everything else needs only `wazuh:read`. ISO 27001 also adds an `iso27001_assessment` guided prompt (5 prompts total).
## Security
This server sits between an LLM and your SIEM. Security is not optional.
Layer What It Does
**RBAC** Per-tool scope enforcement, **fail-closed**: a token with no scope claim gets read-only, never write. The 14 state-changing tools (active response + rollback) require `wazuh:write`, which is **opt-in** (`MCP_API_KEY_SCOPES="wazuh:read wazuh:write"`). Authless mode is read-only unless `AUTHLESS_ALLOW_WRITE=true`.
**Audit Logging** Every destructive tool call (block IP, isolate host, kill process) is logged with client ID, session, timestamp, and full arguments.
**Output Sanitization** Credentials, tokens, and API keys in alert `full_log` fields are redacted before reaching the LLM. Prevents credential leakage through AI responses.
**Input Validation** Every parameter validated: regex agent IDs, `ipaddress` module for IPs, shell metacharacter blocking for active response, Elasticsearch Query DSL (no string interpolation).
**Rate Limiting** Per-client sliding window with escalating block duration (10s โ 5min).
**Circuit Breakers** Wazuh API failures trigger fail-fast for 60s, auto-recover. Single trial in HALF_OPEN state.
**Log Sanitization** Global filter redacts passwords, tokens, secrets from all server logs.
**Container Hardening** Non-root user, read-only filesystem, `CAP_DROP ALL`, `no-new-privileges`.
Generate a secure API key
python -c "import secrets; print('wazuh_' + secrets.token_urlsafe(32))"
## API Endpoints
Endpoint Method Description
`/mcp` POST/GET/DELETE MCP Streamable HTTP (recommended)
`/sse` GET Legacy Server-Sent Events
`/health` GET Health check (no auth required)
`/metrics` GET Prometheus metrics
`/auth/token` POST Exchange API key for JWT
`/docs` GET OpenAPI documentation
## Architecture
src/wazuh_mcp_server/ โโโ server.py # MCP protocol + 54 tool handlers โโโ config.py # Environment-based configuration โโโ auth.py # JWT + API key authentication โโโ oauth.py # OAuth 2.0 with Dynamic Client Registration โโโ security.py # Rate limiting, CORS, input validation โโโ monitoring.py # Prometheus metrics, structured logging โโโ resilience.py # Circuit breakers, retries, graceful shutdown โโโ session_store.py # Pluggable sessions (in-memory + Redis) โโโ api/ โโโ wazuh_client.py # Wazuh Manager REST API client โโโ wazuh_indexer.py # Wazuh Indexer (Elasticsearch) client
## Take It Further: Autonomous Agentic SOC
Combine this MCP server with [**Wazuh OpenClaw Autopilot**](https://github.com/gensecaihq/Wazuh-Openclaw-Autopilot) to build a fully autonomous Security Operations Center.
While this server gives you conversational access to Wazuh, OpenClaw deploys AI agents that **work around the clock** โ triaging alerts, correlating incidents, and recommending responses without human intervention.
Manual SOC: Alert โ Analyst reviews โ Hours โ Response Agentic SOC: Alert โ AI triages โ Seconds โ Response ready for approval
[**Explore OpenClaw Autopilot**](https://github.com/gensecaihq/Wazuh-Openclaw-Autopilot)
## Documentation
Guide Description
[Claude Integration](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/CLAUDE_INTEGRATION.md) Claude Desktop setup and authentication
[Configuration](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/configuration.md) Full configuration reference
[Advanced Features](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/ADVANCED_FEATURES.md) HA, serverless, compact mode
[API Documentation](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/api/) Per-tool documentation
[Security](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/security/) Security hardening guide
[Troubleshooting](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/TROUBLESHOOTING.md) Common issues and solutions
[Operations](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/OPERATIONS.md) Deployment, monitoring, maintenance
## Contributing
We welcome contributions. See [Issues](https://github.com/gensecaihq/Wazuh-MCP-Server/issues) for bugs and feature requests, [Discussions](https://github.com/gensecaihq/Wazuh-MCP-Server/discussions) for questions.
## License
[MIT](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/LICENSE)
## Acknowledgments
- [Wazuh](https://wazuh.com/) โ Open source security platform
- [Model Context Protocol](https://modelcontextprotocol.io/) โ AI tool integration standard
- [Ollama](https://ollama.com/) โ Local LLM inference
- [Open WebUI](https://github.com/open-webui/open-webui) โ Self-hosted AI chat interface
- [mcphost](https://github.com/mark3labs/mcphost) โ MCP CLI host with LLM support
**Contributors**
### Contributors
Avatar Username Contributions
[@alokemajumder](https://github.com/alokemajumder) Code, Issues, Discussions
[@gensecai-dev](https://github.com/gensecai-dev) Code, Discussions
[@aiunmukto](https://github.com/aiunmukto) Code, PRs
[@Karibusan](https://github.com/Karibusan) Code, Issues, PRs
[@lwsinclair](https://github.com/lwsinclair) Code, PRs
[@taylorwalton](https://github.com/taylorwalton) PRs
[@MilkyWay88](https://github.com/MilkyWay88) PRs
[@kanylbullen](https://github.com/kanylbullen) Code, PRs
[@andrzej-piotrowski-pl](https://github.com/andrzej-piotrowski-pl) Code, PRs
[@lucascruzb](https://github.com/lucascruzb) Code, PRs
[@Uberkarhu](https://github.com/Uberkarhu) Issues
[@cbassonbgroup](https://github.com/cbassonbgroup) Issues
[@cybersentinel-06](https://github.com/cybersentinel-06) Issues
[@daod-arshad](https://github.com/daod-arshad) Issues
[@mamema](https://github.com/mamema) Issues
[@marcolinux46](https://github.com/marcolinux46) Issues
[@matveevandrey](https://github.com/matveevandrey) Issues
[@punkpeye](https://github.com/punkpeye) Issues
[@tonyliu9189](https://github.com/tonyliu9189) Issues
[@Vasanth120v](https://github.com/Vasanth120v) Discussions
[@gnix45](https://github.com/gnix45) Discussions
[@melmasry1987](https://github.com/melmasry1987) Discussions
Auto-updated by [GitHub Actions](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/.github/workflows/update-contributors.yml)Quick Start
Prerequisites
-
Docker 20.10+ with Compose v2
-
Wazuh 4.8.0โ4.14.4 with API access enabled
Deploy
git clone https://github.com/gensecaihq/Wazuh-MCP-Server.git
cd Wazuh-MCP-Server
cp .env.example .env
Edit .env:
WAZUH_HOST=your-wazuh-server
WAZUH_USER=your-api-user
WAZUH_PASS=your-api-password
docker compose up -d
curl http://localhost:3000/health
Connect Claude Desktop
-
Settings โ Connectors โ Add custom connector
-
URL:
https://your-server/mcp -
Add Bearer token in Advanced settings
Detailed setup: Claude Integration Guide
Configuration
Required
Variable Description
WAZUH_HOST Wazuh Manager hostname or IP
WAZUH_USER API username
WAZUH_PASS API password
Optional
Variable Default Description
ENVIRONMENT development production enforces stricter checks (see below)
WAZUH_PORT 55000 Manager API port
WAZUH_VERIFY_SSL true Verify the Manager's TLS certificate
MCP_HOST 0.0.0.0 Server bind address
MCP_PORT 3000 Server port
AUTH_MODE bearer oauth, bearer, or none
AUTH_SECRET_KEY auto (dev only) JWT signing key. Required when ENVIRONMENT=production (the server refuses to start without it) โ set the same value on every instance
MCP_API_KEY auto (dev only) Pre-set API key (wazuh_โฆ)
MCP_API_KEY_SCOPES wazuh:read Scopes for MCP_API_KEY. Add wazuh:write to enable active-response tools
AUTHLESS_ALLOW_WRITE false Allow active response in authless mode
ALLOWED_ORIGINS https://claude.ai,... CORS origins (comma-separated)
TRUSTED_PROXIES โ Proxy IPs to trust for X-Forwarded-For (correct per-client rate limiting behind a proxy)
REDIS_URL โ Redis URL for multi-instance session storage
Production note: the server listens over plain HTTP โ terminate TLS at a reverse proxy or load balancer. OAuth knobs (OAUTH_ENABLE_DCR โ off by default, OAUTH_*_TTL) and rate-limit tuning (RATE_LIMIT_REQUESTS, RATE_LIMIT_WINDOW) are in the Configuration Guide.
Wazuh Indexer (for alert search + vulnerabilities)
Variable Default Description
WAZUH_INDEXER_HOST โ Indexer hostname (an http:// prefix selects plain HTTP)
WAZUH_INDEXER_PORT 9200 Indexer port
WAZUH_INDEXER_USER โ Indexer username
WAZUH_INDEXER_PASS โ Indexer password
WAZUH_INDEXER_SSL true Use HTTPS for the Indexer (set false for a plain-HTTP OpenSearch node)
WAZUH_INDEXER_VERIFY_SSL true Verify the Indexer's TLS certificate
Full reference: Configuration Guide
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.