mcp_server_wazuh_2025
by Gitmy3
Overview
The MCP Server for Wazuh SIEM provides natural language access to security data for AI assistants like Claude, enabling security alert analysis, vulnerability management, system monitoring, and compliance reporting.
Installation
uvicorn app.main:app --reloadEnvironment Variables
- WAZUH_API_HOST
- WAZUH_API_PORT
- WAZUH_API_USERNAME
- WAZUH_API_PASSWORD
- WAZUH_INDEXER_HOST
- WAZUH_INDEXER_PORT
- WAZUH_INDEXER_USERNAME
- WAZUH_INDEXER_PASSWORD
- OPENAI_API_KEY
- WAZUH_VERIFY_SSL
- OPENSEARCH_HOST
- OPENSEARCH_USER
- OPENSEARCH_PASS
Security Notes
CRITICAL: The `app/wazuh_client.py` explicitly disables SSL certificate verification (`verify=False`) for all API calls to the Wazuh Manager, making connections vulnerable to man-in-the-middle attacks. This setting is hardcoded and cannot be overridden by environment variables. Additionally, default sensitive credentials (username/password) for Wazuh API and Indexer are hardcoded in `app/config.py`, which, although intended to be overridden by `.env` files, poses a risk if not properly configured. The index allowance list in `app/validators.py` uses a simple `startswith` check, which could be more robust. Given its role as a SIEM bridge, these issues represent significant security risks.
Similar Servers
mcp-server-wazuh
Provides a Model Context Protocol (MCP) server to integrate Wazuh SIEM data with AI assistants for security monitoring and analysis, enabling natural language queries.
MCP-oura
An MCP server that provides language models access to Oura API for querying sleep, readiness, and resilience health data.
Wazuh-MCP-Server
Integrates Wazuh SIEM with AI language models via Model Context Protocol (MCP) to enable natural language security operations.
genesys-cloud-mcp-server
Provides LLM access to Genesys Cloud's Platform API for business insights, including conversation analysis, queue management, and OAuth client auditing.