Labsco
gensecaihq logo

Wazuh MCP Server

โ˜… 196

from gensecaihq

AI-powered security operations with Wazuh SIEM + Claude Desktop. Natural language threat detection, automated incident response & compliance.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

Wazuh MCP Server

Talk to your SIEM. Query alerts, hunt threats, check vulnerabilities, and trigger active responses across your entire Wazuh deployment โ€” through natural conversation with any AI assistant.

v4.2.1 | 54 security tools | Wazuh 4.8.0โ€“4.14.4 | Changelog

What This Does

Your Wazuh SIEM generates thousands of alerts, vulnerability findings, and agent events daily. Investigating them means juggling dashboards, writing API queries, and manually correlating data across tools.

This MCP server turns that workflow into a conversation:

Copy & paste โ€” that's it
You: "Show me critical alerts from the last hour"
AI: [calls get_wazuh_alerts] Found 3 critical alerts:
 1. SSH brute force from 10.0.1.45 โ†’ agent-003 (Rule 5712, Level 10)
 2. Rootkit detection on agent-007 (Rule 510, Level 12)
 3. FIM change /etc/shadow on agent-001 (Rule 550, Level 10)

You: "Block that source IP on agent-003"
AI: [calls wazuh_block_ip] Blocked 10.0.1.45 via firewall-drop on agent-003.

You: "Which agents have unpatched critical CVEs?"
AI: [calls get_wazuh_critical_vulnerabilities] 3 agents with critical vulnerabilities...

It works with Claude Desktop, Open WebUI + Ollama (fully local, air-gapped), mcphost, or any MCP-compliant client.

Works With Cloud AND Local LLMs

This is a standard MCP tool server. It doesn't care what LLM you use โ€” it just executes tools and returns results.

Mode LLM Client Data leaves your network? Cloud Claude, GPT, etc. Claude Desktop, any MCP client Yes (to LLM provider) Local Llama, Qwen, Mistral via Ollama Open WebUI, mcphost, IBM/mcp-cli No. Fully air-gappable.

For security teams that can't send SIEM data to cloud APIs (compliance, air-gapped networks, data sovereignty), the local mode with Ollama keeps everything on-premises. Both modes coexist โ€” same server, same tools, same API.

Quick Start: Local LLM with mcphost

Copy & paste โ€” that's it
# 1. Start the MCP server
docker compose up -d

# 2. Install mcphost (Go binary, no dependencies)
go install github.com/mark3labs/mcphost@latest

# 3. Configure
cat > ~/.mcphost.yml Open WebUI v0.6.31+ connects to our `/mcp` endpoint natively. Add it as an MCP tool server in Admin Settings, and your entire team gets AI-powered SIEM analysis with conversation history, RBAC, and a web UI.

## 54 Security Tools

Every tool is validated, rate-limited, scope-checked, and audit-logged.

 Category Tools What They Do 
 **Alerts** (5) `get_wazuh_alerts` `get_wazuh_alert_summary` `get_alerts_aggregated` `analyze_alert_patterns` `search_security_events` Query, filter, search, and aggregate alert data via the Indexer. Timestamps accept ISO 8601 or relative date math (`now-24h`); `get_alerts_aggregated` summarizes a whole period with no document limit 
 **Agents** (6) `get_wazuh_agents` `get_wazuh_running_agents` `check_agent_health` `get_agent_processes` `get_agent_ports` `get_agent_configuration` Monitor agent status, running processes, open ports, and configs 
 **Vulnerabilities** (3) `get_wazuh_vulnerabilities` `get_wazuh_critical_vulnerabilities` `get_wazuh_vulnerability_summary` Query CVEs by severity, agent, and package 
 **Security Analysis** (5) `analyze_security_threat` `check_ioc_reputation` `perform_risk_assessment` `get_top_security_threats` `generate_security_report` Threat analysis, IOC lookup, risk scoring, security reports 
 **Compliance** (6) `run_compliance_check` `get_iso27001_dashboard` `get_iso27001_control_detail` `get_iso27001_gap_analysis` `get_iso27001_alerts` `get_sca_policy_checks` Compliance scoring for PCI-DSS, HIPAA, SOX, GDPR, NIST, and ISO 27001:2022 (Annex A control mapping, gap analysis, SCA detail) 
 **System** (10) `get_wazuh_statistics` `get_wazuh_cluster_health` `get_wazuh_cluster_nodes` `get_wazuh_rules_summary` `search_wazuh_manager_logs` `get_wazuh_manager_error_logs` `get_wazuh_log_collector_stats` `get_wazuh_remoted_stats` `get_wazuh_weekly_stats` `validate_wazuh_connection` Cluster health, rules, manager logs, stats, connectivity 
 **Active Response** (9) `wazuh_block_ip` `wazuh_isolate_host` `wazuh_kill_process` `wazuh_disable_user` `wazuh_quarantine_file` `wazuh_firewall_drop` `wazuh_host_deny` `wazuh_active_response` `wazuh_restart` Block IPs, isolate hosts, kill processes, quarantine files 
 **Verification** (5) `wazuh_check_blocked_ip` `wazuh_check_agent_isolation` `wazuh_check_process` `wazuh_check_user_status` `wazuh_check_file_quarantine` Verify active response actions took effect 
 **Rollback** (5) `wazuh_unisolate_host` `wazuh_enable_user` `wazuh_restore_file` `wazuh_firewall_allow` `wazuh_host_allow` Undo active response actions 
 

 The 14 state-changing tools (Active Response + Rollback) require the `wazuh:write` scope; everything else needs only `wazuh:read`. ISO 27001 also adds an `iso27001_assessment` guided prompt (5 prompts total).

## Security

This server sits between an LLM and your SIEM. Security is not optional.

 Layer What It Does 
 **RBAC** Per-tool scope enforcement, **fail-closed**: a token with no scope claim gets read-only, never write. The 14 state-changing tools (active response + rollback) require `wazuh:write`, which is **opt-in** (`MCP_API_KEY_SCOPES="wazuh:read wazuh:write"`). Authless mode is read-only unless `AUTHLESS_ALLOW_WRITE=true`. 
 **Audit Logging** Every destructive tool call (block IP, isolate host, kill process) is logged with client ID, session, timestamp, and full arguments. 
 **Output Sanitization** Credentials, tokens, and API keys in alert `full_log` fields are redacted before reaching the LLM. Prevents credential leakage through AI responses. 
 **Input Validation** Every parameter validated: regex agent IDs, `ipaddress` module for IPs, shell metacharacter blocking for active response, Elasticsearch Query DSL (no string interpolation). 
 **Rate Limiting** Per-client sliding window with escalating block duration (10s โ†’ 5min). 
 **Circuit Breakers** Wazuh API failures trigger fail-fast for 60s, auto-recover. Single trial in HALF_OPEN state. 
 **Log Sanitization** Global filter redacts passwords, tokens, secrets from all server logs. 
 **Container Hardening** Non-root user, read-only filesystem, `CAP_DROP ALL`, `no-new-privileges`. 
 

Generate a secure API key

python -c "import secrets; print('wazuh_' + secrets.token_urlsafe(32))"

Copy & paste โ€” that's it

## API Endpoints

Endpoint Method Description 
 `/mcp` POST/GET/DELETE MCP Streamable HTTP (recommended) 
 `/sse` GET Legacy Server-Sent Events 
 `/health` GET Health check (no auth required) 
 `/metrics` GET Prometheus metrics 
 `/auth/token` POST Exchange API key for JWT 
 `/docs` GET OpenAPI documentation

## Architecture

src/wazuh_mcp_server/ โ”œโ”€โ”€ server.py # MCP protocol + 54 tool handlers โ”œโ”€โ”€ config.py # Environment-based configuration โ”œโ”€โ”€ auth.py # JWT + API key authentication โ”œโ”€โ”€ oauth.py # OAuth 2.0 with Dynamic Client Registration โ”œโ”€โ”€ security.py # Rate limiting, CORS, input validation โ”œโ”€โ”€ monitoring.py # Prometheus metrics, structured logging โ”œโ”€โ”€ resilience.py # Circuit breakers, retries, graceful shutdown โ”œโ”€โ”€ session_store.py # Pluggable sessions (in-memory + Redis) โ””โ”€โ”€ api/ โ”œโ”€โ”€ wazuh_client.py # Wazuh Manager REST API client โ””โ”€โ”€ wazuh_indexer.py # Wazuh Indexer (Elasticsearch) client

Copy & paste โ€” that's it

## Take It Further: Autonomous Agentic SOC

Combine this MCP server with [**Wazuh OpenClaw Autopilot**](https://github.com/gensecaihq/Wazuh-Openclaw-Autopilot) to build a fully autonomous Security Operations Center.

 While this server gives you conversational access to Wazuh, OpenClaw deploys AI agents that **work around the clock** โ€” triaging alerts, correlating incidents, and recommending responses without human intervention.

Manual SOC: Alert โ†’ Analyst reviews โ†’ Hours โ†’ Response Agentic SOC: Alert โ†’ AI triages โ†’ Seconds โ†’ Response ready for approval

Copy & paste โ€” that's it

 [**Explore OpenClaw Autopilot**](https://github.com/gensecaihq/Wazuh-Openclaw-Autopilot)

## Documentation

Guide Description 
 [Claude Integration](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/CLAUDE_INTEGRATION.md) Claude Desktop setup and authentication 
 [Configuration](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/configuration.md) Full configuration reference 
 [Advanced Features](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/ADVANCED_FEATURES.md) HA, serverless, compact mode 
 [API Documentation](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/api/) Per-tool documentation 
 [Security](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/security/) Security hardening guide 
 [Troubleshooting](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/TROUBLESHOOTING.md) Common issues and solutions 
 [Operations](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/docs/OPERATIONS.md) Deployment, monitoring, maintenance

## Contributing

We welcome contributions. See [Issues](https://github.com/gensecaihq/Wazuh-MCP-Server/issues) for bugs and feature requests, [Discussions](https://github.com/gensecaihq/Wazuh-MCP-Server/discussions) for questions.

## License

[MIT](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/LICENSE)

## Acknowledgments

- [Wazuh](https://wazuh.com/) โ€” Open source security platform 

- [Model Context Protocol](https://modelcontextprotocol.io/) โ€” AI tool integration standard 

- [Ollama](https://ollama.com/) โ€” Local LLM inference 

- [Open WebUI](https://github.com/open-webui/open-webui) โ€” Self-hosted AI chat interface 

- [mcphost](https://github.com/mark3labs/mcphost) โ€” MCP CLI host with LLM support 

 
 
 **Contributors** 
 

### Contributors

 Avatar Username Contributions 
 [@alokemajumder](https://github.com/alokemajumder) Code, Issues, Discussions 
 [@gensecai-dev](https://github.com/gensecai-dev) Code, Discussions 
 [@aiunmukto](https://github.com/aiunmukto) Code, PRs 
 [@Karibusan](https://github.com/Karibusan) Code, Issues, PRs 
 [@lwsinclair](https://github.com/lwsinclair) Code, PRs 
 [@taylorwalton](https://github.com/taylorwalton) PRs 
 [@MilkyWay88](https://github.com/MilkyWay88) PRs 
 [@kanylbullen](https://github.com/kanylbullen) Code, PRs 
 [@andrzej-piotrowski-pl](https://github.com/andrzej-piotrowski-pl) Code, PRs 
 [@lucascruzb](https://github.com/lucascruzb) Code, PRs 
 [@Uberkarhu](https://github.com/Uberkarhu) Issues 
 [@cbassonbgroup](https://github.com/cbassonbgroup) Issues 
 [@cybersentinel-06](https://github.com/cybersentinel-06) Issues 
 [@daod-arshad](https://github.com/daod-arshad) Issues 
 [@mamema](https://github.com/mamema) Issues 
 [@marcolinux46](https://github.com/marcolinux46) Issues 
 [@matveevandrey](https://github.com/matveevandrey) Issues 
 [@punkpeye](https://github.com/punkpeye) Issues 
 [@tonyliu9189](https://github.com/tonyliu9189) Issues 
 [@Vasanth120v](https://github.com/Vasanth120v) Discussions 
 [@gnix45](https://github.com/gnix45) Discussions 
 [@melmasry1987](https://github.com/melmasry1987) Discussions 
 

 
 
 Auto-updated by [GitHub Actions](https://github.com/gensecaihq/Wazuh-MCP-Server/blob/main/.github/workflows/update-contributors.yml)