wazuh-mcp
The wazuh-mcp server integrates with Wazuh SIEM/XDR to provide AI agents with tools, resources, and prompts for querying and managing security data.
Agent Management
list_agents– List agents with optional status filtering (active,disconnected,never_connected,pending), sorting, and paginationget_agent– Retrieve detailed information for a specific agent by IDget_agent_stats– Get system statistics (CPU, memory, disk) for a specific agent
Security Alerts (requires a configured Wazuh Indexer/OpenSearch)
get_alerts– Retrieve recent alerts with filters for severity, agent ID, rule ID, and text searchget_alert– Fetch a single alert by IDsearch_alerts– Full-text search across all alerts with optional severity and agent filters
Detection Rules
list_rules– List rules with optional filtering by severity level and groupget_rule– Get full rule details including compliance mappings (MITRE ATT&CK, PCI-DSS, GDPR, HIPAA, NIST 800-53)search_rules– Search rules by description text
Decoders & System Info
list_decoders– List available log decoders with optional name filteringget_wazuh_version– Retrieve Wazuh manager version and API information
Pre-built Resources
Aggregated views of all registered agents, the 25 most recent security alerts, and detection rules sorted by severity
Prompt Templates
Guided workflows for alert investigation (with MITRE mapping and remediation), agent health checks, and a full security overview with compliance coverage
Additional Features
Pagination support (
limit/offset) on all list endpoints (1–100 items per request)Automatic JWT token management with refresh on expiry
Full compliance mapping for PCI-DSS, GDPR, HIPAA, NIST 800-53, and MITRE ATT&CK
Integrates with the Wazuh Indexer (OpenSearch) to provide tools for retrieving, searching, and filtering security alerts across the platform.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@wazuh-mcpInvestigate the most recent high-severity alert for agent 001"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
wazuh-mcp is a Model Context Protocol (MCP) server for the Wazuh SIEM/XDR platform. It exposes your Wazuh manager and Wazuh Indexer as MCP tools so Claude, Claude Code, or any MCP-compatible client can investigate alerts, triage agents, and pull vulnerability inventory in plain language. It is read-only by design and security-first: TLS verification is on by default, sensitive fields (agent IPs, full logs, file hashes, command lines) are hidden unless you opt in per call, and attacker-controlled SIEM text is wrapped in untrusted-data markers to blunt prompt injection against the calling model.
What it does
wazuh-mcp turns a Wazuh SIEM/XDR deployment into a set of MCP tools an AI agent can call. Point your MCP client at the server, give it your Wazuh manager and (optionally) Wazuh Indexer credentials, and the model can list active and disconnected agents, retrieve and full-text search security alerts, pull vulnerability inventory by CVE or severity, inspect detection rules and decoders, review SCA (Security Configuration Assessment) results, walk system inventory (OS, packages, processes, ports, network, hotfixes), read File Integrity Monitoring and rootcheck findings, fetch manager logs and configuration, and run a connection diagnostic. It ships 28 tools, 3 resources, and 3 guided prompts over stdio. The server only ever reads from Wazuh: the sole writes it performs are JWT authentication against the manager and _search queries against the indexer.
Related MCP server: wazuh-mcp-server
Installation
The quickstart below runs the published npm package with npx, which is the recommended path. To work from source instead:
git clone https://github.com/lidless-labs/wazuh-mcp.git
cd wazuh-mcp
npm install
npm run buildQuickstart
Run it straight from npm with npx, no clone or build required:
{
"mcpServers": {
"wazuh": {
"command": "npx",
"args": ["-y", "wazuh-mcp"],
"env": {
"WAZUH_URL": "https://your-wazuh-manager:55000",
"WAZUH_USERNAME": "wazuh-wui",
"WAZUH_PASSWORD": "your-password",
"WAZUH_INDEXER_URL": "https://your-wazuh-indexer:9200",
"WAZUH_INDEXER_USERNAME": "admin",
"WAZUH_INDEXER_PASSWORD": "your-indexer-password"
}
}
}
}Drop that into your MCP client's server config (see Usage for the exact file per client), restart the client, and ask it something like "list the active Wazuh agents" or "search alerts for brute force in the last 24 hours." The indexer settings are optional: without them the agent, rule, decoder, and version tools still work, and the alert and vulnerability tools return a configuration message instead of failing.
Prefer a global install?
npm install -g wazuh-mcp
# then use "command": "wazuh-mcp" instead of the npx invocation aboveUsage
The quickstart mcpServers block at the top works for most clients. The per-client recipes below give you the exact file location or CLI command for each.
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"wazuh": {
"command": "npx",
"args": ["-y", "wazuh-mcp"],
"env": {
"WAZUH_URL": "https://your-wazuh-manager:55000",
"WAZUH_USERNAME": "wazuh-wui",
"WAZUH_PASSWORD": "your-password",
"WAZUH_INDEXER_URL": "https://your-wazuh-indexer:9200",
"WAZUH_INDEXER_USERNAME": "admin",
"WAZUH_INDEXER_PASSWORD": "your-indexer-password"
}
}
}
}Claude Code
claude mcp add wazuh \
--env WAZUH_URL=https://your-wazuh-manager:55000 \
--env WAZUH_USERNAME=wazuh-wui \
--env WAZUH_PASSWORD=your-password \
--env WAZUH_INDEXER_URL=https://your-wazuh-indexer:9200 \
--env WAZUH_INDEXER_USERNAME=admin \
--env WAZUH_INDEXER_PASSWORD=your-indexer-password \
-- npx -y wazuh-mcpAdd --scope user to make it available from any directory instead of only the current project.
Codex CLI
Codex CLI registers MCP servers via codex mcp add:
codex mcp add wazuh \
--env WAZUH_URL=https://your-wazuh-manager:55000 \
--env WAZUH_USERNAME=wazuh-wui \
--env WAZUH_PASSWORD=your-password \
--env WAZUH_INDEXER_URL=https://your-wazuh-indexer:9200 \
--env WAZUH_INDEXER_USERNAME=admin \
--env WAZUH_INDEXER_PASSWORD=your-indexer-password \
-- npx -y wazuh-mcpCodex writes the entry to ~/.codex/config.toml under [mcp_servers.wazuh]. Verify with codex mcp list.
OpenClaw
With the npm package:
openclaw mcp set wazuh '{
"command": "npx",
"args": ["-y", "wazuh-mcp"],
"env": {
"WAZUH_URL": "https://your-wazuh-manager:55000",
"WAZUH_USERNAME": "wazuh-wui",
"WAZUH_PASSWORD": "your-password",
"WAZUH_INDEXER_URL": "https://your-wazuh-indexer:9200",
"WAZUH_INDEXER_USERNAME": "admin",
"WAZUH_INDEXER_PASSWORD": "your-indexer-password"
}
}'Or, when running from a source checkout, point command/args at the built dist/index.js:
openclaw mcp set wazuh '{
"command": "node",
"args": ["/absolute/path/to/wazuh-mcp/dist/index.js"],
"env": {
"WAZUH_URL": "https://your-wazuh-manager:55000",
"WAZUH_USERNAME": "wazuh-wui",
"WAZUH_PASSWORD": "your-password",
"WAZUH_INDEXER_URL": "https://your-wazuh-indexer:9200",
"WAZUH_INDEXER_USERNAME": "admin",
"WAZUH_INDEXER_PASSWORD": "your-indexer-password"
}
}'Then restart the gateway so the new server is picked up:
systemctl --user restart openclaw-gateway
openclaw mcp list # confirm "wazuh" is registeredHermes Agent
Hermes Agent reads MCP config from ~/.hermes/config.yaml under the mcp_servers key. Add an entry:
mcp_servers:
wazuh:
command: "npx"
args: ["-y", "wazuh-mcp"]
env:
WAZUH_URL: "https://your-wazuh-manager:55000"
WAZUH_USERNAME: "wazuh-wui"
WAZUH_PASSWORD: "your-password"
WAZUH_INDEXER_URL: "https://your-wazuh-indexer:9200"
WAZUH_INDEXER_USERNAME: "admin"
WAZUH_INDEXER_PASSWORD: "your-indexer-password"Then reload MCP from inside a Hermes session with /reload-mcp.
Standalone
export WAZUH_URL=https://your-wazuh-manager:55000
export WAZUH_USERNAME=wazuh-wui
export WAZUH_PASSWORD=your-password
npx -y wazuh-mcpDevelopment
npm run dev # Watch mode with tsx
npm run lint # Type checking
npm test # Run testsMCP Tools
All 28 tools are read-only.
Agent Tools
Tool | Description |
| List all agents with optional status filtering (active, disconnected, never_connected, pending) |
| Get detailed info for a specific agent by ID |
| Get CPU, memory, and disk statistics for an agent |
Alert Tools
Tool | Description |
| Retrieve recent alerts with filtering by time range, level, agent, rule, and text search |
| Retrieve a single alert by ID |
| Full-text search across alerts with optional time range filtering |
Vulnerability Tools
Tool | Description |
| List vulnerability inventory with optional CVE, agent, severity, and package filters |
| Search vulnerability inventory by CVE, package, agent, or description |
Rule Tools
Tool | Description |
| List detection rules with level and group filtering |
| Get full rule details including compliance mappings |
| Search rules by description text |
SCA Tools (Security Configuration Assessment)
Tool | Description |
| List SCA policies and scores for an agent (CIS benchmarks, etc.) |
| Get individual check results with remediation steps and compliance mappings |
Syscollector Tools (System Inventory)
Tool | Description |
| Get OS information (name, version, architecture, hostname) |
| List installed software packages with versions |
| List running processes with PIDs and command lines |
| List open network ports with associated processes |
| List network interfaces and IP addresses |
| List installed Windows hotfixes/patches |
FIM & Rootcheck Tools
Tool | Description |
| Get File Integrity Monitoring results (files, registry keys, hashes) |
| Get rootkit detection scan findings |
Manager Tools
Tool | Description |
| Get Wazuh manager logs filtered by level and module |
| Get active manager configuration by section with secret-like values redacted by default |
Group Tools
Tool | Description |
| List all agent groups |
| List agents in a specific group |
Other Tools
Tool | Description |
| List log decoders with optional name filtering |
| Get Wazuh manager version and API info |
| Check sanitized configuration, URL/TLS settings, manager auth/version, and indexer readiness |
Configuration
Set the following environment variables:
Variable | Required | Default | Description |
| Yes | - | Wazuh API URL (e.g., |
| Yes | - | API username |
| Yes | - | API password |
| No |
| Verifies SSL certificates by default. Set to |
| No |
| Request timeout in seconds. Must be a positive integer. |
| No |
| Server-side gate for |
| No |
| Maximum MCP tool response size before returning a truncated preview with metadata. |
Alternative variable names WAZUH_BASE_URL and WAZUH_USER are also supported.
Wazuh Indexer (OpenSearch) - Required for Alerts and Vulnerabilities
Wazuh 4.x stores alerts and vulnerability inventory in the Wazuh Indexer (OpenSearch), not the REST API. To enable alert tools (get_alerts, get_alert, search_alerts), vulnerability tools (list_vulnerabilities, search_vulnerabilities), and the wazuh://alerts/recent resource, configure the indexer connection:
Variable | Required | Default | Description |
| No | - | Wazuh Indexer URL (e.g., |
| No |
| Indexer username |
| Yes, when | - | Indexer password. The server fails fast at startup if |
| No |
| Verifies SSL certificates by default. Set to |
| No |
| Indexer request timeout in seconds. Must be a positive integer. |
If WAZUH_INDEXER_URL is not set, alert and vulnerability tools will return a helpful configuration message. All other tools (agents, rules, decoders, version) work without the indexer.
SSL certificate verification is enabled by default (secure by default). When either SSL verification setting is explicitly set to false, the server prints a startup warning to stderr. TLS verification is disabled only for that configured Wazuh client.
Sensitive Output Defaults
Several tools return minimized output by default to avoid exposing raw logs, IPs, command lines, hashes, or raw event payloads unless requested:
Tool | Hidden by default | Opt-in field |
| Agent IP details |
|
|
|
|
|
|
|
| Vulnerability descriptions |
|
| Process command lines and arguments |
|
| MD5 and SHA-256 hashes |
|
| Full log descriptions |
|
| Secret-like config values |
|
Untrusted SIEM Content
Alert and log fields originate on monitored endpoints: anyone who can write a log line to a monitored host (a failed SSH login with a crafted username, a web request path, a syslog message) controls the text that lands in full_log, alert rule_description, raw event data, and manager log descriptions. To blunt prompt injection against the calling agent, the server wraps those values in <untrusted_siem_data>...</untrusted_siem_data> markers, includes an output.untrusted_data_note warning in affected responses, and states in the tool descriptions that the content is attacker-influenced data, never instructions to follow.
Input Validation
Tool inputs are validated before requests are sent to Wazuh. Pagination is bounded, search text is length-limited, sort fields are enumerated per tool, and path-oriented identifiers such as agent IDs, alert IDs, group IDs, and SCA policy IDs reject unsupported characters.
Paginated tool responses include a pagination object with total, limit, offset, and has_more fields while preserving the existing top-level total, limit, and offset fields.
Tool responses are capped by WAZUH_MCP_MAX_RESPONSE_BYTES. Oversized responses return valid JSON with output.response_truncated, byte counts, and a preview instead of flooding the MCP client.
Transient manager GET requests and indexer search/readiness requests retry briefly on 429, 502, 503, 504, and common transient network reset or timeout errors.
Features
28 MCP Tools - Agents, alerts, vulnerabilities, rules, decoders, SCA, syscollector, FIM, rootcheck, groups, manager, and diagnostics
3 MCP Resources - Pre-built views for agents, recent alerts, and rule summaries
3 MCP Prompts - Alert investigation, agent health checks, and security overviews
Read-only by design - The only writes are JWT auth and indexer
_search; no tool changes Wazuh stateSecure by default - TLS verification on, sensitive fields redacted unless opted in, untrusted SIEM content delimited, every error sanitized before it reaches the client
JWT Authentication - Automatic token management with refresh on expiry
Full Compliance Mapping - PCI-DSS, GDPR, HIPAA, NIST 800-53, MITRE ATT&CK
Pagination - All list endpoints support limit/offset pagination
Type-Safe - Full TypeScript with strict mode and Zod schema validation
Prerequisites
Node.js 20+
A running Wazuh manager with API access (default port 55000)
Wazuh API credentials (username/password)
(Optional) Wazuh Indexer (OpenSearch) access for alert queries
MCP Resources
Resource URI | Description |
| All registered agents and their status |
| 25 most recent security alerts |
| Detection rules sorted by severity |
MCP Prompts
Prompt | Description |
| Step-by-step alert investigation with MITRE mapping and remediation |
| Comprehensive agent health assessment (status, resources, alerts) |
| Full environment security summary with compliance coverage |
Examples
List active agents
Use list_agents with status "active" to see all connected agents.Investigate a brute force attempt
Search alerts for "brute force" and investigate the top result,
including the MITRE ATT&CK technique and remediation steps.Check agent health
Run an agent health check on agent 001 - check its connection status,
resource usage, and any recent critical alerts.Find high-severity rules
List all rules with level 12 or higher to see critical detection rules
and their compliance framework mappings.Why not the Wazuh dashboard or the raw API?
The Wazuh dashboard is built for humans clicking through Kibana-style views. It is great for a SOC analyst at a screen, but an AI agent cannot drive it, and it does not turn natural-language questions into the right manager and indexer queries. wazuh-mcp gives the model typed tools instead.
The raw Wazuh REST API + indexer
_searchcan be called directly, but then every agent has to learn JWT auth, the manager-versus-indexer split (alerts and vulnerabilities live in the indexer in Wazuh 4.x), pagination shapes, and which fields are sensitive. wazuh-mcp wraps all of that, validates inputs, caps response size, and sanitizes errors so credentials never leak back to the model.A general "run any HTTP request" tool would technically reach Wazuh, but it hands the model your credentials, no input validation, no read-only guarantee, and no redaction of IPs, hashes, or full logs. This server is deliberately read-only and minimizes sensitive output by default.
Writing your own Wazuh MCP shim is reasonable, and the source here is MIT-licensed if you want to fork it. This one already handles auth refresh, the indexer fallback message, untrusted-content delimiting, transient-error retries, and 28 vetted tools.
What wazuh-mcp is not
Not a write path. No tool modifies Wazuh state. It cannot restart agents, edit rules, acknowledge alerts, or change configuration. The only writes are JWT authentication and indexer
_searchqueries.Not a replacement for the Wazuh dashboard or SIEM. It is a query surface for AI clients, not an analyst UI, a data store, or an alerting engine.
Not a hosted service. It runs locally as a stdio MCP server next to your client. Your Wazuh credentials stay on your machine and in your client's config.
Not a guarantee against prompt injection. It delimits attacker-influenced SIEM content and warns the model, which reduces risk but does not eliminate it. Treat tool output as data, not instructions.
Not a way to bypass Wazuh access control. It uses the credentials you give it and can see only what that account can see.
Documentation and links
Website: lidless.dev/wazuh-mcp
npm:
wazuh-mcpChangelog: CHANGELOG.md
Security policy: SECURITY.md
Contributing: CONTRIBUTING.md
Testing
npm test # Run all tests
npm run typecheck # Type-check TypeScript
npm audit --omit=dev # Audit production dependencies
npm run pack:check # Verify package contents
npm run test:watch # Watch modeTests use mocked Wazuh API responses - no live Wazuh instance needed.
Project Structure
wazuh-mcp/
├── src/
│ ├── index.ts # MCP server entry point
│ ├── config.ts # Environment configuration
│ ├── client.ts # Wazuh REST API client (JWT auth)
│ ├── indexer-client.ts # Wazuh Indexer (OpenSearch) client
│ ├── types.ts # TypeScript type definitions
│ ├── resources.ts # MCP resource handlers
│ ├── prompts.ts # MCP prompt templates
│ └── tools/
│ ├── agents.ts # Agent management tools
│ ├── alerts.ts # Alert query tools
│ ├── rules.ts # Rule query tools
│ ├── decoders.ts # Decoder listing tool
│ ├── version.ts # Version info tool
│ ├── sca.ts # Security Configuration Assessment
│ ├── syscollector.ts # System inventory (OS, packages, ports, etc.)
│ ├── syscheck.ts # File Integrity Monitoring
│ ├── rootcheck.ts # Rootkit detection
│ ├── manager.ts # Manager logs and configuration
│ └── groups.ts # Agent group management
├── tests/
│ ├── client.test.ts # API client unit tests
│ └── tools.test.ts # Tool handler unit tests
├── package.json
├── tsconfig.json
├── tsup.config.ts
└── vitest.config.tsLicense
MIT. See LICENSE.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/lidless-labs/wazuh-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server