gensecaihq/Wazuh-MCP-Server
AI-powered security operations for Wazuh SIEM—use any MCP-compatible client to ask security questions in plain English. Faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. Production-ready MCP server for conversational SOC workflows.
Exposes 48 validated security tools via MCP protocol that span alert querying, agent monitoring, vulnerability scanning, active response (IP blocking, host isolation, process termination), and compliance checking—all with per-tool RBAC, audit logging, input validation, and credential sanitization to prevent LLM-side data leakage. Implements a dual-mode architecture supporting both cloud LLMs (Claude, GPT) and fully air-gapped local deployments via Ollama, with a standard HTTP `/mcp` endpoint compatible with Claude Desktop, Open WebUI, mcphost, and any MCP 2025-11-25 client. Built on Python 3.11+ with Docker containerization, Elasticsearch query integration for alert search, Redis-backed multi-instance session storage, rate limiting, and circuit breakers against Wazuh API 4.8.0–4.14.4.
137 stars.
Stars
137
Forks
39
Language
Python
License
MIT
Category
Last pushed
Mar 11, 2026
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/mcp/gensecaihq/Wazuh-MCP-Server"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Compare
Related servers
0x4m4/hexstrike-ai
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot,...
panther-labs/mcp-panther
Write detections, investigate alerts, and query logs from your favorite AI agents
duriantaco/skylos
High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security...
msaad00/agent-bom
Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime...
Wh0am123/MCP-Kali-Server
MCP configuration to connect AI agent to a Linux machine.