Wazuh MCP Server

What is wazuh_mcp_server

Wazuh MCP Server is an open-source server designed to bridge Wazuh security alerts with large language models (LLMs). It authenticates with the Wazuh RESTful API, retrieves alerts from Elasticsearch, transforms them into an MCP-compliant format, and exposes a real-time HTTP endpoint for integration with applications like the Claude Desktop App.

How to use wazuh_mcp_server

1. Clone the Wazuh MCP Server repository. 2. Set up a virtual environment for the project. 3. Install necessary dependencies. 4. Configure environment variables to enable Wazuh API access. 5. Run the server and integrate with Claude Desktop by modifying its configuration file to include MCP server details.

Key features of wazuh_mcp_server

• JWT-Based Authentication for secure access to Wazuh.
• Alert Retrieval from Elasticsearch indices.
• Transformation of security events into standardized MCP messages.
• Flask HTTP Server exposing an `/mcp` endpoint for integration.
• Robust error handling for issues like token expiration and network timeouts.

Use cases of wazuh_mcp_server

• Integrating Wazuh security alerts with AI applications.
• Providing real-time security context to LLMs for enhanced decision-making.
• Automating security monitoring and alerting processes.

FAQ from wazuh_mcp_server

- **What is required to run Wazuh MCP Server?** You need Python 3.8+, access to a Wazuh API instance, and optionally, Claude Desktop configured to call the MCP server. - **Is Wazuh MCP Server free to use?** Yes! It is an open-source project and free to use. - **How can I contribute to Wazuh MCP Server?** Contributions are welcome! You can open issues or submit pull requests for improvements or bug fixes.