Wazuh-MCP-Server and mcp-security-hub

These are complements: Wazuh-MCP-Server provides defensive SIEM analysis and incident response, while mcp-security-hub provides offensive security tools (reconnaissance, vulnerability scanning, exploitation testing), so they address different phases of a comprehensive security testing workflow that could be used together.

Wazuh-MCP-Server
53
Established
mcp-security-hub
51
Established
Maintenance 13/25
Adoption 10/25
Maturity 9/25
Community 21/25
Maintenance 13/25
Adoption 10/25
Maturity 9/25
Community 19/25
Stars: 137
Forks: 39
Downloads:
Commits (30d): 0
Language: Python
License: MIT
Stars: 461
Forks: 63
Downloads:
Commits (30d): 0
Language: Python
License: MIT
No Package No Dependents
No Package No Dependents

About Wazuh-MCP-Server

gensecaihq/Wazuh-MCP-Server

AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.

Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.

About mcp-security-hub

FuzzingLabs/mcp-security-hub

A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.

Implements 38 modular MCP servers as production-hardened Docker containers that expose 300+ security tools through a unified natural-language interface to Claude and other AI clients. Each server wraps tools like Nuclei, SQLMap, and Radare2 with stdio transport, enabling multi-tool workflows via Docker Compose orchestration while maintaining security posture through non-root containers and automated Trivy vulnerability scanning. Supports both global Claude Desktop configuration and project-level `.mcp.json` deployments with volume mounting for file access.

Related comparisons

Wazuh-MCP-Server and mcp-panther Wazuh-MCP-Server and mcp-shodan Wazuh-MCP-Server and mcp-armor Wazuh-MCP-Server and mcp-for-security Wazuh-MCP-Server and mcp-checkpoint Wazuh-MCP-Server and mcp-audit

Scores updated daily from GitHub, PyPI, and npm data. How scores work