mcp-server-wazuh
The Wazuh MCP Server is a project designed to facilitate the integration of Wazuh SIEM system data with applications using the Model Context Protocol. It enriches AI applications by providing real-time security alerts and insights, specifically tailored for natural language interaction in a multilingual context.
Wazuh MCP Server
A Rust-based server designed to integrate Wazuh Security Information and Event Management (SIEM) system with MCP-compatible applications like Claude Desktop. This system provides real-time security context to AI applications by transforming Wazuh alerts into an MCP-friendly format.
Features
- Automates alert categorization and prioritization.
- Enriches alerts with threat intelligence.
- Generates dynamic security visualizations.
- Enables multilingual security operations.
- Provides natural language interaction for security data.
Requirements
- MCP-compatible LLM client.
- Running Wazuh server with API enabled.
Installation Options
- Download Pre-built Binary
- Build from Source
Configuration
Configure via environment variables such as WAZUH_HOST, WAZUH_USER, and WAZUH_PASS for Wazuh API communication.
Architecture
Built using the rmcp framework, the server uses stdio transport to communicate with clients and Wazuh Indexer API to fetch and process security alerts.