Wazuh-MCP-Server
Verified Safeby gensecaihq
Overview
Integrates Wazuh SIEM with AI language models via Model Context Protocol (MCP) to enable natural language security operations.
Installation
docker compose up -d --waitEnvironment Variables
- WAZUH_HOST
- WAZUH_USER
- WAZUH_PASS
- MCP_PORT
- AUTH_SECRET_KEY
- ALLOWED_ORIGINS
- AUTH_MODE
- REDIS_URL
- LOG_LEVEL
Security Notes
The project demonstrates a strong focus on security, implementing security-by-design principles like Zero Trust, Least Privilege, and Defense in Depth. It features robust authentication (JWT, OAuth 2.0 with DCR and PKCE), comprehensive input validation (SQLi/XSS prevention), CORS and origin validation, and rate limiting. Docker deployments are hardened with non-root execution, read-only filesystems, and minimal capabilities. Sensitive credentials are managed securely (e.g., generated if missing, recommendations for external secrets managers, file permission advice). Audit logging is supported. While `WAZUH_VERIFY_SSL` defaults to `false` in development configurations, the documentation explicitly recommends `true` for production. No 'eval', obfuscation, or obvious malicious patterns were found.
Similar Servers
mcp-server-wazuh
Provides a Model Context Protocol (MCP) server to integrate Wazuh SIEM data with AI assistants for security monitoring and analysis, enabling natural language queries.
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
fastify-mcp-server
Provides a Fastify plugin to act as a Model Context Protocol (MCP) server, enabling AI assistants and clients to interact with services via streamable HTTP transport.
mcp-zap-server
Exposes OWASP ZAP actions as Model Context Protocol (MCP) tools, enabling AI agents (e.g., Claude Desktop, Cursor) to orchestrate security scanning operations, import OpenAPI specs, and generate reports.