Skip to main content
Glama
Sign In
enesjakozh

OpenSearch MCP Server

by jetbalsa
GitHub
JavaScript
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

OpenSearch MCP Server

A Model Context Protocol (MCP) server for querying and analyzing Wazuh security logs stored in OpenSearch.

Features

  • Search for security alerts with advanced filtering
  • Get detailed information about specific alerts
  • Generate statistics on security events
  • Visualize alert trends over time
  • Progress reporting for long-running operations
  • Structured error handling

Prerequisites

  • Node.js v16 or higher
  • Access to an OpenSearch instance containing Wazuh security logs

Installation

You can run this tool directly using npx without cloning the repository:

# Run the latest version from GitHub npx github:jetbalsa/mcp-opensearch-js # Run with debug mode enabled npx github:jetbalsa/mcp-opensearch-js --debug # You can also specify a specific branch or commit npx github:jetbalsa/mcp-opensearch-js#main

Option 2: Local Installation

  1. Clone this repository:
git clone https://github.com/jetbalsa/mcp-opensearch-js.git cd mcp-opensearch-js
  1. Install dependencies:
npm install
  1. Configure your environment variables:
cp .env.example .env
  1. Edit the .env file with your OpenSearch connection details:
OPENSEARCH_URL=https://your-opensearch-endpoint:9200 OPENSEARCH_USERNAME=your-username OPENSEARCH_PASSWORD=your-password DEBUG=false

Running the Server

Start the server:

npm start

This will start the server in stdio mode.

Enable debug logging:

npm run stdio:debug

Test with MCP CLI:

npm run dev

This runs the server with the FastMCP CLI tool for interactive testing.

Test with MCP Inspector:

npm run inspect

This starts the server and connects it to the MCP Inspector for visual debugging.

Server Tools

The server provides the following tools:

1. Search Alerts

Search for security alerts in Wazuh data.

Parameters:

  • query: The search query text
  • timeRange: Time range (e.g., 1h, 24h, 7d)
  • maxResults: Maximum number of results to return
  • index: Index pattern to search

2. Get Alert Details

Get detailed information about a specific alert by ID.

Parameters:

  • id: The alert ID
  • index: Index pattern

3. Alert Statistics

Get statistics about security alerts.

Parameters:

  • timeRange: Time range (e.g., 1h, 24h, 7d)
  • field: Field to aggregate by (e.g., rule.level, agent.name)
  • index: Index pattern

4. Visualize Alert Trend

Visualize alert trends over time.

Parameters:

  • timeRange: Time range (e.g., 1h, 24h, 7d)
  • interval: Time interval for grouping (e.g., 1h, 1d)
  • query: Query to filter alerts
  • index: Index pattern

Example Usage

Using the MCP CLI tool:

> tools Available tools: - searchAlerts: Search for security alerts in Wazuh data - getAlertDetails: Get detailed information about a specific alert by ID - alertStatistics: Get statistics about security alerts - visualizeAlertTrend: Visualize alert trends over time > tools.searchAlerts(query: "rule.level:>10", timeRange: "12h", maxResults: 5)

Using with a Client

To use this MCP server with a client implementation:

import { Client } from "@modelcontextprotocol/sdk"; import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js"; const client = new Client( { name: "example-client", version: "1.0.0", }, { capabilities: {}, }, ); const transport = new SSEClientTransport(new URL(`http://localhost:3000/sse`)); await client.connect(transport); // Use tools const result = await client.executeTool("searchAlerts", { query: "rule.level:>10", timeRange: "24h", maxResults: 10 }); console.log(result);

License

MIT

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

A Model Context Protocol server that enables querying and analyzing Wazuh security logs stored in OpenSearch, with features for searching alerts, getting detailed information, generating statistics, and visualizing trends.

  1. Features
    1. Prerequisites
      1. Installation
        1. Option 1: Use with npx directly from GitHub (recommended)
        2. Option 2: Local Installation
      2. Running the Server
        1. Start the server:
        2. Enable debug logging:
        3. Test with MCP CLI:
        4. Test with MCP Inspector:
      3. Server Tools
        1. Search Alerts
        2. Get Alert Details
        3. Alert Statistics
        4. Visualize Alert Trend
      4. Example Usage
        1. Using with a Client
          1. License

            Related MCP Servers

            • DuckDuckGo MCP Server

              zhsama
              A
              security
              A
              license
              A
              quality
              A Model Context Protocol server that provides DuckDuckGo search functionality for Claude, enabling web search capabilities through a clean tool interface with rate limiting support.
              Last updated -
              1
              60
              15
              TypeScript
              MIT License
              • Apple

            • mcp-local-rag

              nkapila6
              -
              security
              A
              license
              -
              quality
              "primitive" RAG-like web search model context protocol server that runs locally. ✨ no APIs ✨
              Last updated -
              36
              Python
              MIT License
              • Linux
              • Apple

            • Wazuh MCP Server

              unmuktoai
              -
              security
              A
              license
              -
              quality
              Securely integrates Wazuh security data with LLMs (such as Claude Desktop) by retrieving alerts from Elasticsearch indices and transforming them into MCP-compliant format, enabling real-time security context in LLM applications.
              Last updated -
              5
              Python
              MIT License
              • Apple

            • Brave Search MCP Server

              isaacgounton
              -
              security
              F
              license
              -
              quality
              A Model Context Protocol server that integrates with Brave Search API to provide real-time search capabilities through Server-Sent Events (SSE).
              Last updated -
              TypeScript

            View all related MCP servers

            Appeared in Searches

            New MCP Servers

            MCP directory API

            We provide all the information about MCP servers via our MCP API.

            curl -X GET 'https://glama.ai/api/mcp/v1/servers/jetbalsa/mcp-opensearch-js'

            If you have feedback or need assistance with the MCP directory API, please join our Discord server