Wazuh-MCP-Server and mcp-server-wazuh

These are competing implementations of the same MCP interface to Wazuh SIEM, with A emphasizing AI-powered natural language queries while B provides a more basic server implementation, making them alternatives rather than complementary tools.

Wazuh-MCP-Server
60
Established
mcp-server-wazuh
53
Established
Maintenance 13/25
Adoption 10/25
Maturity 16/25
Community 21/25
Maintenance 6/25
Adoption 10/25
Maturity 15/25
Community 22/25
Stars: 137
Forks: 39
Downloads:
Commits (30d): 0
Language: Python
License: MIT
Stars: 184
Forks: 49
Downloads:
Commits (30d): 0
Language: Rust
License: MIT
No Package No Dependents
No Package No Dependents

About Wazuh-MCP-Server

gensecaihq/Wazuh-MCP-Server

AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.

Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.

About mcp-server-wazuh

gbrigandi/mcp-server-wazuh

MCP Server for Wazuh SIEM

Implements MCP protocol integration with Wazuh SIEM through a Rust server that transforms API responses into natural language-queryable security data, enabling AI assistants to access alerts, agent status, vulnerabilities, compliance metrics, and forensic logs without manual queries. Bridges both Wazuh Indexer (detection) and Manager (configuration/agents) components while supporting interoperability with complementary security tools like Cortex, TheHive, and MISP for enriched threat intelligence and incident response orchestration.

Related comparisons

Wazuh-MCP-Server and mcp-panther Wazuh-MCP-Server and mcp-shodan Wazuh-MCP-Server and mcp-for-security Wazuh-MCP-Server and mcp-armor Wazuh-MCP-Server and mcp-checkpoint Wazuh-MCP-Server and mcp-audit

Scores updated daily from GitHub, PyPI, and npm data. How scores work