mcp-server-wazuh
If you are the rightful owner of mcp-server-wazuh and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).
The Wazuh MCP Server is a specialized server application that facilitates the integration of Wazuh SIEM data with applications that utilize the Model Context Protocol (MCP). This server is particularly useful for AI assistants like Claude, which can leverage real-time security context to enhance their functionality. By converting Wazuh's API output into an MCP-compatible format, the server enables applications to access and interact with security alerts and events in a structured manner. This integration supports various use cases, such as automated alert triage, enhanced alert correlation, and dynamic security visualizations. The server is built using Rust and operates primarily through stdio communication, making it suitable for integration with local development tools and other applications that manage child processes.
Features
- Delegated Alert Triage: Automate alert categorization and prioritization via AI.
- Enhanced Alert Correlation: Enrich alerts with CVEs, OSINT, and other threat intelligence.
- Dynamic Security Visualizations: Generate on-demand reports and visualizations of Wazuh data.
- Multilingual Security Operations: Query Wazuh data and receive insights in multiple languages.
- Natural Language Data Interaction: Query Wazuh data using natural language.
