Wazuh-MCP-Server and mcp-audit

One is a security operations platform for Wazuh SIEM that uses AI to answer security questions, while the other audits AI agent configurations for secrets and shadow APIs, making them complementary tools where the latter can secure the AI-powered capabilities of the former.

Wazuh-MCP-Server
60
Established
mcp-audit
54
Established
Maintenance 13/25
Adoption 10/25
Maturity 16/25
Community 21/25
Maintenance 10/25
Adoption 10/25
Maturity 13/25
Community 21/25
Stars: 137
Forks: 39
Downloads:
Commits (30d): 0
Language: Python
License: MIT
Stars: 143
Forks: 35
Downloads:
Commits (30d): 0
Language: Python
License: MIT
No Package No Dependents
No Package No Dependents

About Wazuh-MCP-Server

gensecaihq/Wazuh-MCP-Server

AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.

Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.

About mcp-audit

apisec-inc/mcp-audit

See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.

Performs static analysis of MCP configuration files across development tools (Claude Desktop, Cursor, VS Code, Windsurf, Zed) and GitHub repositories, using pattern matching to detect 25+ secret types and mapping findings to OWASP LLM Top 10 (2025). Exports results in multiple formats (JSON, CycloneDX AI-BOM, SARIF, CSV) for CI/CD integration and compliance workflows, with a browser-based GitHub scanner and local CLI tool that scans MCP configs without telemetry or network transmission.

Related comparisons

Wazuh-MCP-Server and mcp-panther Wazuh-MCP-Server and mcp-shodan Wazuh-MCP-Server and mcp-for-security Wazuh-MCP-Server and mcp-armor Wazuh-MCP-Server and mcp-checkpoint Wazuh-MCP-Server and mcp-server-wazuh

Scores updated daily from GitHub, PyPI, and npm data. How scores work