wazuh-mcp-server

socfortress/wazuh-mcp-server

3.5

If you are the rightful owner of wazuh-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Wazuh MCP Server is a production-ready Model Context Protocol server designed for seamless integration between Wazuh SIEM and Large Language Models (LLMs).

Tools

Functions exposed to the LLM to take actions

AuthenticateTool

Force JWT token refresh from Wazuh Manager.

GetAgentsTool

Retrieve agents from Wazuh Manager with filtering.

GetAgentTool

Get specific agent by ID.

GetAgentPortsTool

Get network ports information from a specific agent using syscollector.

GetAgentPackagesTool

Get installed packages information from a specific agent using syscollector.

GetAgentProcessesTool

Get running processes information from a specific agent using syscollector.

ListRulesTool

List rules from Wazuh Manager with various filtering options.

GetRuleFileContentTool

Get the content of a specific rule file from the ruleset.

GetAgentSCATool

Get Security Configuration Assessment (SCA) results for a specific agent.

Prompts

Interactive templates invoked by user choice

No prompts

Resources

Contextual data attached and managed by the client

No resources