mcp_server_wazuh_2025
by Gitmy3
Overview
Integrates Wazuh SIEM data with AI assistants (like Claude) using the Model Context Protocol (MCP) for natural language security queries and analysis.
Installation
uvicorn app.main:app --reloadEnvironment Variables
- OPENSEARCH_HOST
- OPENSEARCH_USER
- OPENSEARCH_PASS
- WAZUH_API_HOST
- WAZUH_API_PORT
- WAZUH_API_USERNAME
- WAZUH_API_PASSWORD
- WAZUH_INDEXER_HOST
- WAZUH_INDEXER_PORT
- WAZUH_INDEXER_USERNAME
- WAZUH_INDEXER_PASSWORD
- OPENAI_API_KEY
- WAZUH_VERIFY_SSL
Security Notes
CRITICAL: The server explicitly disables SSL certificate verification for Wazuh API and Indexer connections (`verify=False` and `WAZUH_VERIFY_SSL=false` in various configurations). This makes the connection vulnerable to Man-in-the-Middle (MITM) attacks. Additionally, sensitive credentials for Wazuh API and Indexer are hardcoded in `app/config.py`, making them prone to exposure if the code is committed without proper `.env` override or secure credential management. These are severe security flaws for a system handling security information.
Similar Servers
mcp-server-wazuh
This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).
MCP-oura
Provides language models with access to Oura API health data (sleep, readiness, resilience) via the Model Context Protocol.
Wazuh-MCP-Server
Provides an MCP-compliant remote server for seamless integration between AI assistants (like Claude Desktop) and the Wazuh SIEM platform, enabling natural language security operations.
genesys-cloud-mcp-server
Provides LLM access to Genesys Cloud's Platform API for business insights, including conversation analysis, queue management, and OAuth client auditing.