Wazuh-MCP-Server and mcp-checkpoint
One tool continuously secures and monitors Model Context Protocol operations with scans, while the other uses AI to provide security operations for Wazuh SIEM, leveraging MCP-compatible clients, suggesting they could be complementary by securing the protocol and then using AI to analyze security data from it.
About Wazuh-MCP-Server
gensecaihq/Wazuh-MCP-Server
AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.
Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.
About mcp-checkpoint
aira-security/mcp-checkpoint
MCP Checkpoint continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-to-tool communications.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work