Skip to main content
Glama
enesjakozh

Wazuh MCP Server

by gensecaihq
GitHub
Python
MIT License
75
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Wazuh MCP Server

A production-grade, open-source MCP server for integrating Wazuh security data with LLMs (such as the Claude Desktop App). This service authenticates with the Wazuh RESTful API, retrieves alerts from Elasticsearch indices, transforms events into an MCP-compliant JSON format, and exposes an HTTP endpoint for Claude Desktop to fetch real-time security context.

Features

  • JWT-Based Authentication: Securely authenticate with Wazuh using JWT tokens.

  • Alert Retrieval: Query Elasticsearch indices for Wazuh alert data.

  • MCP Message Transformation: Convert security events into standardized MCP messages.

  • Flask HTTP Server: Exposes an /mcp endpoint for Claude Desktop integration.

  • Robust Error Handling: Handles token expiration, network timeouts, and malformed data.

  • Configurable: Easily configure via environment variables and integrate with Claude Desktop via its config file.

Prerequisites

  • Python 3.8+

  • Access to a Wazuh API instance.

  • (Optional) Claude Desktop configured to call the MCP server.

Installation

  1. Clone the Repository:

    git clone https://github.com/unmuktoai/Wazuh-MCP-Server.git cd Wazuh-MCP-Server

Create and Activate a Virtual Environment:

python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate

Install Dependencies:

pip install -r requirements.txt

Configuration Set the following environment variables to configure the MCP server:

WAZUH_HOST: Wazuh server hostname or IP. WAZUH_PORT: Port for the Wazuh API (default: 55000). WAZUH_USER: Wazuh API username. WAZUH_PASS: Wazuh API password. VERIFY_SSL: Set to "true" or "false" (default: false). MCP_SERVER_PORT: Port on which the MCP server will run (default: 8000).

Example (MacOS):

export WAZUH_HOST="your_wazuh_server" export WAZUH_PORT="55000" export WAZUH_USER="your_username" export WAZUH_PASS="your_password" export VERIFY_SSL="false" export MCP_SERVER_PORT="8000"

Running the Server Start the MCP server with:

python wazuh_mcp_server.py

The server will listen on all interfaces at the port specified by

MCP_SERVER_PORT.

Integration with Claude Desktop To integrate with Claude Desktop, update its configuration file:

MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%/Claude/claude_desktop_config.json Add the following entry under mcpServers:

{ "mcpServers": { "mcp-server-wazuh": { "command": "python3 /path/to/Wazuh-MCP-Server/wazuh_mcp_server.py", "env": { "WAZUH_HOST": "your_wazuh_server", "WAZUH_PORT": "55000", "WAZUH_USER": "your_username", "WAZUH_PASS": "your_password", "MCP_SERVER_PORT": "8000", "VERIFY_SSL": "false" } } } }

License This project is licensed under the MIT License.

Contributing Contributions are welcome! Please open issues or submit pull requests for improvements or bug fixes.

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Securely integrates Wazuh security data with LLMs (such as Claude Desktop) by retrieving alerts from Elasticsearch indices and transforming them into MCP-compliant format, enabling real-time security context in LLM applications.

  1. Features
    1. Prerequisites
      1. Installation

        Related MCP Servers

        • MCP Command Server

          Andrew-Beniash
          -
          security
          F
          license
          -
          quality
          A secure server that allows LLM applications like Claude to execute whitelisted system commands with user confirmation and comprehensive security features.
          Last updated -
          • Linux
          • Apple

        • OpenSearch MCP Server

          cyberbalsa
          A
          security
          F
          license
          A
          quality
          A Model Context Protocol server that enables querying and analyzing Wazuh security logs stored in OpenSearch, with features for searching alerts, getting detailed information, generating statistics, and visualizing trends.
          Last updated -
          9
          2

        • LlamaCloud MCP Server

          run-llama
          -
          security
          A
          license
          -
          quality
          A local MCP server that integrates with Claude Desktop, enabling RAG capabilities to provide Claude with up-to-date private information from custom LlamaCloud indices.
          Last updated -
          201
          MIT License

        • Activepieces MCP Server

          eldoonreval
          -
          security
          F
          license
          -
          quality
          An open source automation platform that converts over 280+ integrations into MCP servers, enabling LLMs to interact with various services through Claude Desktop, Cursor, or Windsurf.
          Last updated -
          1

        View all related MCP servers

        Appeared in Searches

        New MCP Servers

        MCP directory API

        We provide all the information about MCP servers via our MCP API.

        curl -X GET 'https://glama.ai/api/mcp/v1/servers/gensecaihq/Wazuh-MCP-Server'

        If you have feedback or need assistance with the MCP directory API, please join our Discord server