wazuh-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| WAZUH_URL | No | Wazuh API URL (e.g., https://10.0.0.2:55000) | |
| WAZUH_USER | No | Alternative API username | |
| WAZUH_BASE_URL | No | Alternative Wazuh API URL (e.g., https://10.0.0.2:55000) | |
| WAZUH_PASSWORD | No | API password | |
| WAZUH_USERNAME | No | API username | |
| WAZUH_VERIFY_SSL | No | Set to true to verify SSL certificates | false |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| prompts | {
"listChanged": true
} |
| resources | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| list_agentsB | List all Wazuh agents with optional status filtering |
| get_agentA | Get detailed information about a specific Wazuh agent by ID |
| get_agent_statsA | Get system statistics (CPU, memory, disk) for a specific Wazuh agent |
| get_alertsC | Retrieve recent security alerts from Wazuh with optional filtering |
| get_alertA | Retrieve a single security alert by its ID |
| search_alertsB | Perform full-text search across Wazuh security alerts |
| list_rulesC | List all Wazuh rules with optional level and group filtering |
| get_ruleB | Get detailed information about a specific Wazuh rule by ID |
| search_rulesB | Search Wazuh rules by description text |
| list_decodersB | List all available Wazuh decoders with optional name filtering |
| get_wazuh_versionA | Get the Wazuh manager version and API information |
| get_sca_policiesB | List Security Configuration Assessment (SCA) policies evaluated on a Wazuh agent |
| get_sca_checksA | Get individual check results for a specific SCA policy on a Wazuh agent |
| get_agent_osB | Get operating system information collected from a Wazuh agent |
| get_agent_packagesA | List software packages installed on a Wazuh agent |
| get_agent_processesB | List running processes on a Wazuh agent |
| get_agent_portsB | List open network ports on a Wazuh agent |
| get_agent_networkA | List network interfaces and their IP addresses on a Wazuh agent |
| get_agent_hotfixesB | List Windows hotfixes/patches installed on a Wazuh agent |
| get_rootcheckB | Get rootkit detection scan results for a Wazuh agent |
| get_fim_filesA | Get File Integrity Monitoring (FIM) results for a Wazuh agent — shows monitored files, registry keys, and detected changes |
| get_manager_logsA | Retrieve Wazuh manager logs with optional filtering by severity level or module tag |
| get_manager_configB | Get the active Wazuh manager configuration for a specific section |
| list_groupsB | List all Wazuh agent groups |
| get_group_agentsB | List agents belonging to a specific Wazuh group |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| investigate-alert | Investigate a Wazuh security alert and provide analysis with remediation steps |
| agent-health-check | Perform a comprehensive health check on a Wazuh agent |
| security-overview | Generate a security overview of the Wazuh environment |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| wazuh-agents | List of all registered Wazuh agents and their current status |
| wazuh-alerts-recent | Recent security alerts from Wazuh (last 25) |
| wazuh-rules-summary | Summary of Wazuh detection rules by severity level |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/solomonneas/wazuh-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server