Wazuh MCP Server
JSON →AI-powered security operations with Wazuh SIEM + Claude Desktop. Natural language threat detection, automated incident response & compliance.
Tools · 37
- get_wazuh_alerts Query, filter, search, and analyze alert data via Elasticsearch
- get_wazuh_alert_summary Query, filter, search, and analyze alert data via Elasticsearch
- analyze_alert_patterns Query, filter, search, and analyze alert data via Elasticsearch
- search_security_events Query, filter, search, and analyze alert data via Elasticsearch
- get_wazuh_agents Monitor agent status, running processes, open ports, and configs
- get_wazuh_running_agents Monitor agent status, running processes, open ports, and configs
- check_agent_health Monitor agent status, running processes, open ports, and configs
- get_agent_processes Monitor agent status, running processes, open ports, and configs
- get_agent_ports Monitor agent status, running processes, open ports, and configs
- get_agent_configuration Monitor agent status, running processes, open ports, and configs
- get_wazuh_vulnerabilities Query CVEs by severity, agent, and package
- get_critical_vulnerabilities Query CVEs by severity, agent, and package
- vulnerability_summary Query CVEs by severity, agent, and package
- analyze_security_threat Threat analysis, IOC lookup, risk scoring, compliance checks
- check_ioc_reputation Threat analysis, IOC lookup, risk scoring, compliance checks
- perform_risk_assessment Threat analysis, IOC lookup, risk scoring, compliance checks
- get_top_security_threats Threat analysis, IOC lookup, risk scoring, compliance checks
- generate_security_report Threat analysis, IOC lookup, risk scoring, compliance checks
- run_compliance_check Threat analysis, IOC lookup, risk scoring, compliance checks
- get_wazuh_statistics Cluster health, rules, manager logs, stats
- get_wazuh_cluster_health Cluster health, rules, manager logs, stats
- get_wazuh_rules_summary Cluster health, rules, manager logs, stats
- search_wazuh_manager_logs Cluster health, rules, manager logs, stats
- wazuh_block_ip Block IPs, isolate hosts, kill processes, quarantine files
- wazuh_isolate_host Block IPs, isolate hosts, kill processes, quarantine files
- wazuh_kill_process Block IPs, isolate hosts, kill processes, quarantine files
- wazuh_disable_user Block IPs, isolate hosts, kill processes, quarantine files
- wazuh_quarantine_file Block IPs, isolate hosts, kill processes, quarantine files
- wazuh_check_blocked_ip Verify active response actions took effect
- wazuh_check_agent_isolation Verify active response actions took effect
- wazuh_check_process Verify active response actions took effect
- wazuh_check_user_status Verify active response actions took effect
- wazuh_unisolate_host Undo active response actions
- wazuh_enable_user Undo active response actions
- wazuh_restore_file Undo active response actions
- wazuh_firewall_allow Undo active response actions
- wazuh_host_allow Undo active response actions
Environment variables
MCP_API_KEYWAZUH_HOSTWAZUH_PORTAUTH_SECRET_KEYREDIS_URLWAZUH_INDEXER_HOSTWAZUH_INDEXER_PORT
Links
★ 178 GitHub stars