Schema | wazuh-mcp

Describes the environment variables required to run the server.

Name	Required	Description	Default
`WAZUH_URL`	No	Wazuh API URL (e.g., https://10.0.0.2:55000)
`WAZUH_USER`	No	Alternative API username
`WAZUH_BASE_URL`	No	Alternative Wazuh API URL (e.g., https://10.0.0.2:55000)
`WAZUH_PASSWORD`	No	API password
`WAZUH_USERNAME`	No	API username
`WAZUH_VERIFY_SSL`	No	Set to true to verify SSL certificates	false

Features and capabilities supported by this server

Functions exposed to the LLM to take actions

Name	Description
list_agents	List all Wazuh agents with optional status filtering
get_agent	Get detailed information about a specific Wazuh agent by ID
get_agent_stats	Get system statistics (CPU, memory, disk) for a specific Wazuh agent
get_alerts	Retrieve recent security alerts from Wazuh with optional filtering
get_alert	Retrieve a single security alert by its ID
search_alerts	Perform full-text search across Wazuh security alerts
list_rules	List all Wazuh rules with optional level and group filtering
get_rule	Get detailed information about a specific Wazuh rule by ID
search_rules	Search Wazuh rules by description text
list_decoders	List all available Wazuh decoders with optional name filtering
get_wazuh_version	Get the Wazuh manager version and API information

Interactive templates invoked by user choice

Name	Description
`investigate-alert`	Investigate a Wazuh security alert and provide analysis with remediation steps
`agent-health-check`	Perform a comprehensive health check on a Wazuh agent
`security-overview`	Generate a security overview of the Wazuh environment

Contextual data attached and managed by the client

Name	Description
`wazuh-agents`	List of all registered Wazuh agents and their current status
`wazuh-alerts-recent`	Recent security alerts from Wazuh (last 25)
`wazuh-rules-summary`	Summary of Wazuh detection rules by severity level

wazuh-mcp