Which integrations are available for this server?

Retrieves security alerts from [Elasticsearch](/mcp/servers/integrations/elasticsearch) indices containing Wazuh data, transforming them into standardized MCP messages. Uses [Flask](/mcp/servers/integrations/flask) to expose an HTTP endpoint for serving transformed security event data to clients.

Wazuh MCP Remote Server v4.0.3

License: MIT Docker Python 3.13+ MCP Compliant Streamable HTTP Legacy SSE OAuth 2.0 Bearer Auth

A production-ready, enterprise-grade MCP-compliant remote server that provides seamless integration with Wazuh SIEM platform using the latest Streamable HTTP transport (MCP 2025-06-18).

Latest Standard: Streamable HTTP transport with /mcp endpoint (2025-06-18)
Backwards Compatible: Legacy /sse endpoint maintained
Compliance: ✅ 100% compliant with MCP 2025-06-18 specification

🌟 Features

Core Capabilities

🔗 MCP-Compliant Remote Server: Full compliance with MCP 2025-06-18 specification
⚡ Streamable HTTP Transport: Modern /mcp endpoint with dynamic SSE upgrade
🔄 Backwards Compatible: Legacy /sse endpoint for older clients
📡 Protocol Versioning: Supports 2025-06-18, 2025-03-26, and 2024-11-05
🔐 Bearer Token Authentication: JWT-based authentication for secure remote access
🛡️ Production Security: Rate limiting, input validation, CORS protection, origin validation
📊 Comprehensive Monitoring: Prometheus metrics, health checks, structured logging
🐳 100% Containerized: Everything in Docker - OS-agnostic deployment (Windows/macOS/Linux)
🌍 Zero Host Dependencies: No Python, tools, or libraries needed on host system
🔄 High Availability: Integrated circuit breakers, exponential backoff retry logic, graceful shutdown with connection draining
☁️ Serverless Ready: Pluggable session storage (Redis or in-memory), stateless operations, horizontal scaling support

🏅 MCP 2025-06-18 Specification Compliance

This implementation 100% complies with the latest MCP specification:

Standard	Status	Implementation
🔗 Streamable HTTP	✅ COMPLIANT	`/mcp` endpoint with POST/GET/DELETE support
📡 Protocol Versioning	✅ COMPLIANT	MCP-Protocol-Version header validation
⚡ Dynamic Streaming	✅ COMPLIANT	JSON or SSE based on Accept header
🔐 Authentication	✅ COMPLIANT	Bearer token (JWT) authentication
🛡️ Security	✅ COMPLIANT	HTTPS, origin validation, rate limiting
🔄 Legacy Support	✅ COMPLIANT	Legacy `/sse` endpoint maintained
📋 Session Management	✅ COMPLIANT	Full session lifecycle with DELETE support

Perfect Score: 33/33 Requirements Met ⭐

📋 View Full Compliance Verification →

References:

Wazuh Integration

Supported Wazuh Versions: 4.8.0 - 4.14.1 ✅

🔍 Advanced Security Monitoring: Real-time alert analysis and threat detection
👥 Agent Management: Comprehensive agent lifecycle and health monitoring
🚨 Incident Response: Automated threat hunting and response capabilities
📈 Security Analytics: Performance metrics and compliance reporting
🌐 Multi-Environment: Support for cloud, on-premise, and hybrid deployments
🆕 Latest Features: Full support for Wazuh 4.14.1 enhancements including improved vulnerability scanning and AWS integrations

29 Specialized Tools

Comprehensive toolkit for security operations including:

Alert Management (4 tools)

get_wazuh_alerts: Retrieve security alerts with filtering
get_wazuh_alert_summary: Alert summaries grouped by field
analyze_alert_patterns: Pattern analysis and anomaly detection
search_security_events: Advanced security event search

Agent Management (6 tools)

get_wazuh_agents: Agent information and status
get_wazuh_running_agents: Active agent monitoring
check_agent_health: Agent health status checks
get_agent_processes: Running process inventory
get_agent_ports: Open port monitoring
get_agent_configuration: Agent configuration details

Vulnerability Management (3 tools)

get_wazuh_vulnerabilities: Vulnerability assessments
get_wazuh_critical_vulnerabilities: Critical vulnerability focus
get_wazuh_vulnerability_summary: Vulnerability statistics

Security Analysis (6 tools)

analyze_security_threat: AI-powered threat analysis
check_ioc_reputation: IoC reputation checking
perform_risk_assessment: Comprehensive risk analysis
get_top_security_threats: Top threat identification
generate_security_report: Automated security reporting
run_compliance_check: Framework compliance validation

System Monitoring (10 tools)

get_wazuh_statistics: Comprehensive system metrics
get_wazuh_weekly_stats: Weekly trend analysis
get_wazuh_cluster_health: Cluster health monitoring
get_wazuh_cluster_nodes: Node status and information
get_wazuh_rules_summary: Rule effectiveness analysis
get_wazuh_remoted_stats: Agent communication statistics
get_wazuh_log_collector_stats: Log collection metrics
search_wazuh_manager_logs: Manager log search
get_wazuh_manager_error_logs: Error log analysis
validate_wazuh_connection: Connection validation

Related MCP server: OpenSearch MCP Server

🚀 Quick Start

Prerequisites

Docker 20.10+ with Compose v2.20+
Python 3.9+ (optional, for OS-agnostic deployment script)
Wazuh 4.8.0 - 4.14.1 deployment with API access

OS-Agnostic Deployment: Everything runs in Docker containers. Works on Windows, macOS, and Linux identically.

1. Clone Repository

git clone <your-repository-url> cd Wazuh-MCP-Server

2. Configure Environment

# Copy environment template cp .env.example .env # Edit configuration (required) # Windows: notepad .env # macOS/Linux: nano .env

Essential Configuration:

# Wazuh Server Connection WAZUH_HOST=https://your-wazuh-server.com WAZUH_USER=your-api-user WAZUH_PASS=your-api-password WAZUH_PORT=55000 # MCP Remote Server Configuration MCP_HOST=0.0.0.0 MCP_PORT=3000 # Authentication (JWT Secret Key) AUTH_SECRET_KEY=your-secret-key-here # CORS for Claude Desktop ALLOWED_ORIGINS=https://claude.ai,https://*.anthropic.com

3. Deploy with Docker (OS-Agnostic)

Option 1: Python Deployment Script (Recommended - Works on all platforms)

# Windows python deploy.py # macOS/Linux python3 deploy.py

Option 2: Platform-Specific Scripts

# Linux/macOS ./deploy-production.sh # Windows (PowerShell/CMD) deploy.bat # Or use Docker Compose directly (all platforms) docker compose up -d --wait

4. Get Authentication Token

# Server will generate an API key on startup (check logs) docker compose logs wazuh-mcp-remote-server | grep "API key" # Exchange API key for JWT token curl -X POST http://localhost:3000/auth/token \ -H "Content-Type: application/json" \ -d '{"api_key": "wazuh_your-generated-api-key"}'

5. Verify MCP Endpoint

# Test the official /sse endpoint curl -H "Authorization: Bearer your-jwt-token" \ -H "Origin: http://localhost" \ -H "Accept: text/event-stream" \ http://localhost:3000/sse # Check service status docker compose ps # Health check curl http://localhost:3000/health

📋 Configuration

Environment Variables

Variable	Description	Default	Required
`WAZUH_HOST`	Wazuh server URL	-	✅
`WAZUH_USER`	API username	-	✅
`WAZUH_PASS`	API password	-	✅
`WAZUH_PORT`	API port	`55000`	❌
`WAZUH_INDEXER_HOST`	Wazuh Indexer hostname (required for vulnerability tools in 4.8.0+)	-	❌*
`WAZUH_INDEXER_PORT`	Wazuh Indexer port	`9200`	❌
`WAZUH_INDEXER_USER`	Wazuh Indexer username	-	❌*
`WAZUH_INDEXER_PASS`	Wazuh Indexer password	-	❌*
`MCP_HOST`	Server bind address	`0.0.0.0`	❌
`MCP_PORT`	Server port	`3000`	❌
`AUTH_MODE`	Authentication mode: `oauth` , `bearer` , `none`	`bearer`	❌
`AUTH_SECRET_KEY`	JWT signing key	auto-generated	❌
`OAUTH_ENABLE_DCR`	Enable OAuth Dynamic Client Registration	`true`	❌
`LOG_LEVEL`	Logging level	`INFO`	❌
`WAZUH_VERIFY_SSL`	SSL verification	`false`	❌
`ALLOWED_ORIGINS`	CORS origins	`https://claude.ai`	❌
`REDIS_URL`	Redis URL for serverless sessions	-	❌
`SESSION_TTL_SECONDS`	Session TTL (Redis only)	`1800`	❌

Note: *WAZUH_INDEXER_* variables are required for vulnerability tools when using Wazuh 4.8.0+. The /vulnerability API was removed in Wazuh 4.8.0.

Docker Compose Configuration

The compose.yml follows Docker Compose v2 latest naming convention and includes:

Multi-platform builds (AMD64/ARM64)
Security hardening (non-root user, read-only filesystem)
Resource limits (CPU/Memory constraints)
Health checks with automatic recovery
Structured logging with rotation

🔧 Development

Local Development Setup

Option 1: Docker Development Environment

# Run with development compose file docker compose -f compose.dev.yml up -d --build # View logs docker compose -f compose.dev.yml logs -f

Option 2: Native Python Development

# Create virtual environment python -m venv venv source venv/bin/activate # Windows: venv\Scripts\activate # Install dependencies pip install -r requirements.txt # Run development server python -m wazuh_mcp_server

Project Structure

src/wazuh_mcp_server/ ├── __main__.py # Application entry point ├── server.py # MCP-compliant FastAPI server ├── config.py # Configuration management ├── auth.py # Authentication & authorization ├── security.py # Security middleware & validation ├── monitoring.py # Metrics & health checks ├── resilience.py # Circuit breakers & retry logic ├── api/ │ └── wazuh_client.py # Wazuh API client └── tools/ # MCP tools implementation └── core.py # 3 essential security tools

Building Custom Images

# Build for current platform docker build -t wazuh-mcp-server:custom . # Multi-platform build docker buildx build --platform linux/amd64,linux/arm64 -t wazuh-mcp-server:multi .

🛡️ Security

Production Security Features

🔐 Authentication: JWT-based API key authentication
🚫 Rate Limiting: Per-client request throttling
🛡️ Input Validation: SQL injection and XSS protection
🌐 CORS Protection: Configurable origin restrictions
🔒 TLS Support: HTTPS/WSS encryption ready
👤 Non-root Execution: Container security hardening

Security Best Practices

# Generate secure API key openssl rand -hex 32 # Set restrictive file permissions chmod 600 .env chmod 700 deploy-production.sh # Regular security updates docker compose pull docker compose up -d

🚀 Advanced Features

High Availability (HA)

The server includes production-grade HA features for maximum reliability:

Circuit Breakers

Automatically opens after 5 consecutive failures
Prevents cascading failures to Wazuh API
Recovers automatically after 60 seconds
Falls back gracefully during outages

Retry Logic

Exponential backoff with jitter
3 retry attempts with 1-10 second delays
Applies to all Wazuh API calls
Handles transient network failures

Graceful Shutdown

Waits for active connections to complete (max 30s)
Runs cleanup tasks before termination
Prevents data loss during restarts
Integrates with Docker health checks

Implementation:

# Automatically applied to all Wazuh API calls # No configuration required - works out of the box

Serverless Ready

Enable horizontally scalable, serverless deployments with external session storage:

Default Mode: In-Memory Sessions

# Single-instance deployments (default) # No configuration needed docker compose up -d

✅ Zero configuration
✅ Works immediately
❌ Sessions lost on restart
❌ Cannot scale horizontally

Serverless Mode: Redis Sessions

# Multi-instance/serverless deployments # Configure Redis in .env file REDIS_URL=redis://redis:6379/0 SESSION_TTL_SECONDS=1800 # 30 minutes # Deploy with Redis docker compose -f compose.yml -f compose.redis.yml up -d

✅ Sessions persist across restarts
✅ Horizontal scaling support
✅ Serverless compatible (AWS Lambda, Cloud Run)
✅ Automatic session expiration

Redis Setup (Optional):

# compose.redis.yml services: redis: image: redis:7-alpine ports: - "6379:6379" volumes: - redis-data:/data healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 5s volumes: redis-data:

Verification:

# Check session storage mode curl http://localhost:3000/health | jq '.session_storage' # Output: # { # "type": "InMemorySessionStore" # or "RedisSessionStore" # "sessions_count": 5 # }

📊 Monitoring & Operations

Health Monitoring

# Application health curl http://localhost:3000/health # Detailed metrics curl http://localhost:3000/metrics # Container health docker inspect wazuh-mcp-server --format='{{.State.Health.Status}}'

Log Management

# Follow live logs docker compose logs -f --timestamps wazuh-mcp-server # Export logs docker compose logs --since=24h wazuh-mcp-server > server.log

Performance Monitoring

Prometheus Metrics: /metrics endpoint
Health Checks: /health with detailed status
Request Tracing: Structured JSON logging
Resource Usage: Docker stats integration

🔧 Management Commands

Docker Compose Operations

# Deploy/Update ./deploy-production.sh # View status docker compose ps --format table # Scale service docker compose up --scale wazuh-mcp-server=2 -d # Stop services docker compose down --timeout 30 # Full cleanup docker compose down --volumes --remove-orphans

Maintenance

# Update images docker compose pull && docker compose up -d # Backup configuration tar -czf backup-$(date +%Y%m%d).tar.gz .env compose.yml # View resource usage docker stats wazuh-mcp-server --format "table {{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}"

🌐 API Reference

MCP Protocol Endpoints

Endpoint	Method	Description
`/mcp`	GET/POST	Recommended MCP endpoint (Streamable HTTP - 2025-06-18)
`/sse`	GET	Legacy SSE endpoint (backward compatibility)
`/`	POST	JSON-RPC 2.0 endpoint (alternative API access)
`/health`	GET	Health check and status
`/metrics`	GET	Prometheus metrics
`/docs`	GET	OpenAPI documentation

Authentication Endpoints

Endpoint	Method	Description
`/auth/token`	POST	Exchange API key for JWT token (bearer mode)
`/.well-known/oauth-authorization-server`	GET	OAuth 2.0 discovery (oauth mode)
`/oauth/authorize`	GET	OAuth authorization endpoint
`/oauth/token`	POST	OAuth token exchange
`/oauth/register`	POST	Dynamic Client Registration (DCR)

Claude Desktop: Use /mcp endpoint with OAuth mode for best experience

Authentication

# Get access token curl -X POST http://localhost:3000/auth/token \ -H "Content-Type: application/json" \ -d '{"api_key": "your-api-key"}' # Use token in requests curl -H "Authorization: Bearer <token>" http://localhost:3000/

🤝 Integration

🤖 Claude Desktop Integration

Important: Claude Desktop supports remote MCP servers through the Connectors UI, not via the claude_desktop_config.json file. The JSON config file only supports local stdio-based MCP servers.

Prerequisites

Claude Pro, Max, Team, or Enterprise plan (required for custom connectors)
Your Wazuh MCP Server deployed and accessible via HTTPS
Custom Connectors feature is currently in beta

Step 1: Deploy Your Server

Ensure your Wazuh MCP Server is running and publicly accessible:

# Deploy the server docker compose up -d # Verify it's running (must be HTTPS in production) curl https://your-server-domain.com/health

Step 2: Add Custom Connector in Claude Desktop

Open Claude Desktop
Go to Settings → Connectors
Click "Add custom connector"
Enter your MCP server URL:
- Recommended (Streamable HTTP): https://your-server-domain.com/mcp
- Legacy (SSE): https://your-server-domain.com/sse
In Advanced settings, add your Bearer token for authentication
Click Connect

Step 3: Enable Tools in Chat

In your chat interface, click the "Search and tools" button
Find your Wazuh connector in the list
Click "Connect" to authenticate (if required)
Enable/disable specific tools as needed

Authentication Modes

The server supports three authentication modes configured via AUTH_MODE environment variable:

Mode	`AUTH_MODE`	Use Case	Claude Desktop Support
OAuth	`oauth`	Production with Claude Desktop	✅ Native (recommended)
Bearer Token	`bearer`	API/Programmatic access	✅ Via Advanced settings
Authless	`none`	Development/Testing	✅ Direct connect

Option A: OAuth (Recommended for Claude Desktop)

OAuth with Dynamic Client Registration (DCR) provides the best Claude Desktop experience.

# Set environment variable AUTH_MODE=oauth docker compose up -d

How it works:

Claude Desktop discovers OAuth endpoints via /.well-known/oauth-authorization-server
Automatically registers as a client (DCR)
Handles authorization flow seamlessly

OAuth Endpoints:

Discovery: /.well-known/oauth-authorization-server
Authorization: /oauth/authorize
Token: /oauth/token
Registration: /oauth/register (DCR)

Option B: Bearer Token (Programmatic Access)

For API access or when OAuth is not available:

# Default mode AUTH_MODE=bearer docker compose up -d

Step 1: Get API Key

docker compose logs wazuh-mcp-remote-server | grep "API key"

Step 2: Exchange for JWT Token

curl -X POST https://your-server-domain.com/auth/token \ -H "Content-Type: application/json" \ -d '{"api_key": "wazuh_your-generated-api-key"}'

Step 3: Use Bearer Token Add the token in Claude Desktop's Advanced settings or API requests.

Option C: Authless (Development Only)

For local development and testing only. Not recommended for production.

AUTH_MODE=none docker compose up -d

No authentication required - clients connect directly.

Supported Features

Feature	Status
Tools	✅ Supported
Prompts	✅ Supported
Resources	✅ Supported
Text/Image Results	✅ Supported
Resource Subscriptions	❌ Not yet supported
Sampling	❌ Not yet supported

⚠️ Common Mistake: Using JSON Config for Remote Servers

❌ This will NOT work — the JSON config is for local stdio servers only:

{ "mcpServers": { "wazuh-security": { "url": "https://your-server.com/mcp", "headers": { "Authorization": "Bearer ..." } } } }

This produces the error:

Could not load app settings "path": ["mcpServers", "wazuh-security", "command"] "message": "Required"

✅ Correct approach: Use Settings → Connectors UI as described above.

Requirements Checklist:
✅ Claude Pro, Max, Team, or Enterprise plan
✅ Use Connectors UI (Settings → Connectors), NOT claude_desktop_config.json
✅ Server must be accessible via HTTPS (production)
✅ Use /mcp endpoint (Streamable HTTP) or /sse endpoint (legacy)
✅ Authentication: OAuth (recommended), Bearer token, or Authless (dev only)

Programmatic Access

Using the official /sse endpoint:

import httpx import asyncio async def connect_to_mcp_sse(): """Connect to MCP server using SSE endpoint.""" async with httpx.AsyncClient() as client: # Get authentication token first auth_response = await client.post( "http://localhost:3000/auth/token", json={"api_key": "your-api-key"} ) token = auth_response.json()["access_token"] # Connect to SSE endpoint async with client.stream( "GET", "http://localhost:3000/sse", headers={ "Authorization": f"Bearer {token}", "Accept": "text/event-stream", "Origin": "http://localhost" } ) as response: async for chunk in response.aiter_text(): print(f"Received: {chunk}") # Run the SSE client asyncio.run(connect_to_mcp_sse())

Using JSON-RPC endpoint (alternative):

import httpx async def query_wazuh_mcp(): async with httpx.AsyncClient() as client: # Get authentication token auth_response = await client.post( "http://localhost:3000/auth/token", json={"api_key": "your-api-key"} ) token = auth_response.json()["access_token"] # Make JSON-RPC request response = await client.post( "http://localhost:3000/", headers={ "Authorization": f"Bearer {token}", "Origin": "http://localhost" }, json={ "jsonrpc": "2.0", "id": "1", "method": "tools/list" } ) return response.json()

🚨 Troubleshooting

Common Issues

MCP

# Test SSE endpoint authentication curl -I http://localhost:3000/sse # Expected: 401 Unauthorized (good - auth required) # Test with valid token curl -H "Authorization: Bearer your-jwt-token" \ -H "Origin: http://localhost" \ -H "Accept: text/event-stream" \ http://localhost:3000/sse # Expected: 200 OK with SSE stream # Get new authentication token curl -X POST http://localhost:3000/auth/token \ -H "Content-Type: application/json" \ -d '{"api_key": "your-api-key"}'

Claude Desktop Connection Issues

# Verify Claude Desktop can reach the server curl http://localhost:3000/health # Expected: {"status": "healthy"} # Check CORS configuration grep ALLOWED_ORIGINS .env # Should include: https://claude.ai,https://*.anthropic.com

Connection Refused

# Check service status docker compose ps docker compose logs wazuh-mcp-remote-server # Verify port availability netstat -ln | grep 3000

Authentication Errors

# Verify Wazuh credentials curl -u "$WAZUH_USER:$WAZUH_PASS" "$WAZUH_HOST:$WAZUH_PORT/" # Check API key in server logs docker compose logs wazuh-mcp-remote-server | grep "API key"

SSL/TLS Issues

# Disable SSL verification for testing echo "WAZUH_VERIFY_SSL=false" >> .env docker compose up -d

Support Resources

📖 Documentation: MCP Specification
🐛 Issues: Check your repository's issues section
💬 Discussions: Repository discussions section

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

Wazuh - Open source security platform
Model Context Protocol - AI assistant integration standard
FastAPI - Modern Python web framework
Docker - Containerization platform

Built for the security community with production-ready MCP compliance.

🤝 Contributors Wanted

🧪 Help Us Test & Improve

We're looking for hands-on testers to deploy this MCP server in real-world environments and provide feedback!

What We Need:

Deploy the server step-by-step following the documentation
Test with actual Wazuh installations (v4.8.0 - v4.14.1)
Try different deployment scenarios:
- Single-instance (in-memory sessions)
- Multi-instance with Redis (serverless mode)
- Various OS platforms (Linux/macOS/Windows)
- Different Wazuh configurations

How to Contribute:

Deploy & Test
# Follow the Quick Start guide git clone https://github.com/gensecaihq/Wazuh-MCP-Server.git cd Wazuh-MCP-Server python deploy.py
Report Findings
- Open an Issue for bugs or problems
- Share successful deployment stories
- Suggest improvements or missing features
- Report compatibility issues
What to Report
- Deployment environment (OS, Docker version, Wazuh version)
- Steps followed
- What worked / what didn't
- Error messages or logs
- Performance observations
- Integration results with Claude Desktop

We Value:

Detailed bug reports with reproduction steps
Real-world use case feedback
Performance benchmarks
Security findings
Documentation improvements
Integration testing results

Recognition: All contributors who provide valuable feedback will be acknowledged in the project!

📧 Questions? Open a Discussion or file an Issue

🌐 Production Features

This production-ready remote MCP server implementation includes:

✅ Full MCP protocol compliance (2025-06-18 specification)
✅ 29 specialized security tools
✅ Production-grade security hardening
✅ Enterprise deployment readiness
✅ Comprehensive monitoring and observability

🙌 Thanks

A huge thank you to everyone who has contributed to this project through issues, pull requests, and discussions!

Contributors

Avatar	Username	Contributions
	@alokemajumder	💻 Code, 🐛 Issues, 💬 Discussions
	@gensecai-dev	💻 Code, 💬 Discussions
	@aiunmukto	💻 Code, 🔀 PRs
	@Karibusan	💻 Code, 🐛 Issues, 🔀 PRs
	@lwsinclair	💻 Code, 🔀 PRs
	@taylorwalton	🔀 PRs
	@MilkyWay88	🔀 PRs
	@Uberkarhu	🐛 Issues
	@cbassonbgroup	🐛 Issues
	@cybersentinel-06	🐛 Issues
	@daod-arshad	🐛 Issues
	@mamema	🐛 Issues
	@marcolinux46	🐛 Issues
	@matveevandrey	🐛 Issues
	@punkpeye	🐛 Issues
	@tonyliu9189	🐛 Issues
	@Vasanth120v	💬 Discussions
	@gnix45	💬 Discussions
	@melmasry1987	💬 Discussions

Legend: 💻 Code · 🐛 Issues · 🔀 Pull Requests · 💬 Discussions

This section is automatically updated by GitHub Actions. See .github/workflows/update-contributors.yml

🏆 Summary

The Wazuh MCP Remote Server represents a gold standard implementation of Anthropic's MCP remote server specifications:

✅ What Makes This Special

🎯 100% MCP Compliant - Perfect compliance score (33/33 requirements) ⚡ Streamable HTTP & Legacy SSE - Latest /mcp endpoint plus backward-compatible /sse 🔐 Enterprise Security - JWT authentication, rate limiting, CORS protection 🛡️ Production Ready - Docker containerized, multi-platform, health monitoring 🔧 29 Security Tools - Comprehensive Wazuh SIEM integration 📊 Observable - Prometheus metrics, structured logging, health checks

🚀 Ready for Production

This implementation is immediately deployable in production environments and provides:

✅ Seamless Claude Desktop integration
✅ Enterprise-grade security and reliability
✅ Scalable container-native architecture
✅ Comprehensive monitoring and observability
✅ Full compliance with MCP protocol standards

The result is a robust, secure, and highly capable MCP remote server that sets the standard for enterprise AI-SIEM integrations.

Wazuh MCP Remote Server v4.0.3

🌟 Features

Core Capabilities

🏅 MCP 2025-06-18 Specification Compliance

Wazuh Integration

29 Specialized Tools

🚀 Quick Start

Prerequisites

1. Clone Repository

2. Configure Environment

3. Deploy with Docker (OS-Agnostic)

4. Get Authentication Token

5. Verify MCP Endpoint

📋 Configuration

Environment Variables

Docker Compose Configuration

🔧 Development

Local Development Setup

Project Structure

Building Custom Images

🛡️ Security

Production Security Features

Security Best Practices

🚀 Advanced Features

High Availability (HA)

Serverless Ready

📊 Monitoring & Operations

Health Monitoring

Log Management

Performance Monitoring

🔧 Management Commands

Docker Compose Operations

Maintenance

🌐 API Reference

MCP Protocol Endpoints

Authentication Endpoints

Authentication

🤝 Integration

🤖 Claude Desktop Integration

Prerequisites

Step 1: Deploy Your Server

Step 2: Add Custom Connector in Claude Desktop

Step 3: Enable Tools in Chat

Authentication Modes

Option A: OAuth (Recommended for Claude Desktop)

Option B: Bearer Token (Programmatic Access)

Option C: Authless (Development Only)

Supported Features

⚠️ Common Mistake: Using JSON Config for Remote Servers

Programmatic Access

🚨 Troubleshooting

Common Issues

Support Resources

📄 License

🙏 Acknowledgments

🤝 Contributors Wanted

🧪 Help Us Test & Improve

🌐 Production Features

🙌 Thanks

Contributors

🏆 Summary

✅ What Makes This Special

🚀 Ready for Production

Resources

Appeared in Searches

New MCP Servers

Latest Blog Posts

MCP directory API