mcp-server-wazuh
by gbrigandi
Overview
Provides a Model Context Protocol (MCP) server to integrate Wazuh SIEM data with AI assistants for security monitoring and analysis, enabling natural language queries.
Installation
docker run --rm -i --env-file /path/to/your/.env ghcr.io/gbrigandi/mcp-server-wazuh:latestEnvironment Variables
- WAZUH_API_HOST
- WAZUH_API_PORT
- WAZUH_API_USERNAME
- WAZUH_API_PASSWORD
- WAZUH_INDEXER_HOST
- WAZUH_INDEXER_PORT
- WAZUH_INDEXER_USERNAME
- WAZUH_INDEXER_PASSWORD
Security Notes
The server connects to Wazuh Manager and Indexer APIs. While credentials are managed via environment variables, the default `WAZUH_VERIFY_SSL` setting to `false` is a critical security risk for production environments, as it disables SSL certificate validation and makes connections vulnerable to Man-in-the-Middle attacks. Users must explicitly set `WAZUH_VERIFY_SSL=true` in production and ensure proper certificate setup. The HTTP transport can be configured to bind to all interfaces (`0.0.0.0`), which requires external network security measures.
Similar Servers
hyper-mcp
A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI features in applications like Cursor IDE.
mcp-server-elasticsearch
Enables AI clients to interact with Elasticsearch data through natural language conversations using the Model Context Protocol (MCP) by exposing a set of predefined tools.
Wazuh-MCP-Server
Integrates Wazuh SIEM with AI language models via Model Context Protocol (MCP) to enable natural language security operations.
mcp-zap-server
Exposes OWASP ZAP actions as Model Context Protocol (MCP) tools, enabling AI agents (e.g., Claude Desktop, Cursor) to orchestrate security scanning operations, import OpenAPI specs, and generate reports.