mcp-armor and Wazuh-MCP-Server

One tool secures and monitors Model Context Protocol operations, while the other provides an AI-powered security operations layer for Wazuh SIEM that uses MCP-compatible clients, indicating they are complements.

mcp-armor
61
Established
Wazuh-MCP-Server
60
Established
Maintenance 13/25
Adoption 15/25
Maturity 22/25
Community 11/25
Maintenance 13/25
Adoption 10/25
Maturity 16/25
Community 21/25
Stars: 112
Forks: 9
Downloads: 422
Commits (30d): 0
Language: Python
License: Apache-2.0
Stars: 137
Forks: 39
Downloads:
Commits (30d): 0
Language: Python
License: MIT
No risk flags
No Package No Dependents

About mcp-armor

aira-security/mcp-armor

MCP Armor continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.

Performs auto-discovery of MCP server configurations across Cursor, Claude Desktop, VS Code, and other Agentic IDEs, then catalogs available tools, resources, and prompts before running specialized security checks for prompt injection, tool poisoning, cross-server shadowing, and command injection. Includes baseline drift detection to identify rug pull attacks and component modifications, with audit trails and JSON/Markdown reporting. All analysis runs locally using the open-source FT-Llama-Prompt-Guard-2 model from Hugging Face.

About Wazuh-MCP-Server

gensecaihq/Wazuh-MCP-Server

AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.

Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.

Related comparisons

mcp-armor and mcp-for-security mcp-armor and mcp-checkpoint mcp-armor and mcp-audit mcp-armor and mcp-panther mcp-armor and mcp-shodan mcp-armor and mcp-for-security

Scores updated daily from GitHub, PyPI, and npm data. How scores work