wazuh-mcp-server
by ry-ops
Overview
Integrate Wazuh SIEM with Cortex automation systems to query security alerts, manage agents, monitor vulnerabilities, and coordinate security operations.
Installation
docker run -p 3000:3000 -e WAZUH_API_URL=https://wazuh.example.com -e WAZUH_API_USER=admin -e WAZUH_API_PASSWORD=secret wazuh-mcp-server:latestEnvironment Variables
- WAZUH_API_URL
- WAZUH_API_USER
- WAZUH_API_PASSWORD
- PORT
Security Notes
The server uses `httpsAgent: { rejectUnauthorized: false }` for all Wazuh API calls. This critically disables SSL certificate validation, making the connection highly vulnerable to Man-in-the-Middle (MitM) attacks. This is a severe security risk, especially for an integration with a SIEM system where data integrity and confidentiality are paramount. Additionally, the `WAZUH_API_PASSWORD` defaults to an empty string if not provided via environment variables, which could lead to weak authentication if not properly configured.
Similar Servers
sonarqube-mcp-server
The SonarQube MCP Server enables seamless integration with SonarQube Server or Cloud for code quality and security, supporting analysis of code snippets and acting as a backend for AI coding agents.
mcp-server-wazuh
This Rust-based server acts as a bridge between a Wazuh SIEM system and applications requiring contextual security data, especially for AI assistants using the Model Context Protocol (MCP).
Wazuh-MCP-Server
Provides an MCP-compliant remote server for seamless integration between AI assistants (like Claude Desktop) and the Wazuh SIEM platform, enabling natural language security operations.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.