Is Mcp Server Wazuh safe to use?

Mcp Server Wazuh has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Server Wazuh?

Mcp Server Wazuh supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Mcp Server Wazuh do?

Mcp Server Wazuh provides 14 tools: get_wazuh_alert_summary, get_wazuh_vulnerability_summary, get_wazuh_critical_vulnerabilities, get_wazuh_agent_processes, get_wazuh_agent_ports and 9 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp Server Wazuh?

Mcp Server Wazuh is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Mcp Server Wazuh actively maintained?

Mcp Server Wazuh is less actively maintained — last commit was 158 days ago. It has 206 GitHub stars.

Mcp Server Wazuh

Name: Mcp Server Wazuh
Author: gbrigandi

mcp-inspector · by gbrigandi

MCP Server for Wazuh SIEM

206 136/wk 14 tools GitHub npm

No known CVEs

MIT license

Maintained

Last commit 158d ago

Works with most clients

Transport: stdio, sse, http

14 tools · ~740 tok

Grade B · 0.4% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "wazuh": {
      "env": {
        "RUST_LOG": "info",
        "WAZUH_API_HOST": "your_wazuh_manager_api_host",
        "WAZUH_API_PORT": "55000",
        "WAZUH_VERIFY_SSL": "false",
        "WAZUH_API_PASSWORD": "your_wazuh_api_password",
        "WAZUH_API_USERNAME": "your_wazuh_api_user",
        "WAZUH_INDEXER_HOST": "your_wazuh_indexer_host",
        "WAZUH_INDEXER_PORT": "9200",
        "WAZUH_TEST_PROTOCOL": "https",
        "WAZUH_INDEXER_PASSWORD": "your_wazuh_indexer_password",
        "WAZUH_INDEXER_USERNAME": "your_wazuh_indexer_user"
      },
      "args": [],
      "command": "/path/to/mcp-server-wazuh"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-wazuh)](https://mcppedia.org/s/mcp-server-wazuh)

Read me

What Mcp Server Wazuh does

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'mcp-inspector' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

80/100across 5 weighted dimensions

How we score →

0255075100

−20

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked mcp-inspector against OSV.dev.

Inventory

Tools (14)

Click any tool to inspect its schema.

~740 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Wazuh safe to use?: Mcp Server Wazuh has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Server Wazuh?: Mcp Server Wazuh supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Server Wazuh do?: Mcp Server Wazuh provides 14 tools: get_wazuh_alert_summary, get_wazuh_vulnerability_summary, get_wazuh_critical_vulnerabilities, get_wazuh_agent_processes, get_wazuh_agent_ports and 9 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Server Wazuh?: Mcp Server Wazuh is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Server Wazuh actively maintained?: Mcp Server Wazuh is less actively maintained — last commit was 158 days ago. It has 206 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for Mcp Server Wazuh and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "wazuh": {
      "env": {
        "RUST_LOG": "info",
        "WAZUH_API_HOST": "your_wazuh_manager_api_host",
        "WAZUH_API_PORT": "55000",
        "WAZUH_VERIFY_SSL": "false",
        "WAZUH_API_PASSWORD": "your_wazuh_api_password",
        "WAZUH_API_USERNAME": "your_wazuh_api_user",
        "WAZUH_INDEXER_HOST": "your_wazuh_indexer_host",
        "WAZUH_INDEXER_PORT": "9200",
        "WAZUH_TEST_PROTOCOL": "https",
        "WAZUH_INDEXER_PASSWORD": "your_wazuh_indexer_password",
        "WAZUH_INDEXER_USERNAME": "your_wazuh_indexer_user"
      },
      "args": [],
      "command": "/path/to/mcp-server-wazuh"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-wazuh)](https://mcppedia.org/s/mcp-server-wazuh)

Read me

What Mcp Server Wazuh does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'mcp-inspector' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Wazuh MCP Server - Talk to your SIEM

Overview

Modern AI assistants like Claude can benefit significantly from real-time context about the user's security environment. The Wazuh MCP Server bridges this gap by providing comprehensive access to Wazuh SIEM data through natural language interactions.

This server transforms complex Wazuh API responses into MCP-compatible format, enabling AI assistants to access:

Security Alerts & Events from the Wazuh Indexer for threat detection and incident response
Agent Management & Monitoring including health status, system processes, and network ports
Vulnerability Assessment data for risk management and patch prioritization
Security Rules & Configuration for detection optimization and compliance validation
System Statistics & Performance metrics for operational monitoring and audit trails
Log Analysis & Forensics capabilities for incident investigation and compliance reporting
Cluster Health & Management for infrastructure reliability and availability requirements
Compliance Monitoring & Gap Analysis for regulatory frameworks like PCI-DSS, HIPAA, SOX, and GDPR

Rather than requiring manual API calls or complex queries, security teams can now ask natural language questions like "Show me critical vulnerabilities on web servers," "What processes are running on agent 001?" or "Are we meeting PCI-DSS logging requirements?" and receive structured, actionable data from their Wazuh deployment.

This approach is particularly valuable for compliance teams who need to quickly assess security posture, identify gaps in monitoring coverage, validate rule effectiveness, and generate evidence for audit requirements across distributed infrastructure.

Example Use Cases

The Wazuh MCP Server provides direct access to Wazuh security data through natural language interactions, enabling several practical use cases:

Security Alert Analysis

Alert Triage and Investigation: Query recent security alerts with get_wazuh_alert_summary to quickly identify and prioritize threats requiring immediate attention.
Alert Pattern Recognition: Analyze alert trends and patterns to identify recurring security issues or potential attack campaigns.

Vulnerability Management

Agent Vulnerability Assessment: Use get_wazuh_vulnerability_summary and get_wazuh_critical_vulnerabilities to assess security posture of specific agents and prioritize patching efforts.
Risk-Based Vulnerability Prioritization: Correlate vulnerability data with agent criticality and exposure to focus remediation efforts.

System Monitoring and Forensics

Process Analysis: Investigate running processes on agents using get_wazuh_agent_processes for threat hunting and system analysis.
Network Security Assessment: Monitor open ports and network services with get_wazuh_agent_ports to identify potential attack vectors.
Agent Health Monitoring: Track agent status and connectivity using get_wazuh_running_agents to ensure comprehensive security coverage.

Security Operations Intelligence

Rule Effectiveness Analysis: Review and analyze security detection rules with get_wazuh_rules_summary to optimize detection capabilities.
Manager Performance Monitoring: Track system performance and statistics using tools like get_wazuh_weekly_stats, get_wazuh_remoted_stats, and get_wazuh_log_collector_stats.
Cluster Health Management: Monitor Wazuh cluster status with get_wazuh_cluster_health and get_wazuh_cluster_nodes for operational reliability.

Incident Response and Forensics

Log Analysis: Search and

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

80/100across 5 weighted dimensions

How we score →

0255075100

−20

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked mcp-inspector against OSV.dev.

Inventory

Tools (14)

Click any tool to inspect its schema.

~740 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Wazuh safe to use?: Mcp Server Wazuh has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Server Wazuh?: Mcp Server Wazuh supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Server Wazuh do?: Mcp Server Wazuh provides 14 tools: get_wazuh_alert_summary, get_wazuh_vulnerability_summary, get_wazuh_critical_vulnerabilities, get_wazuh_agent_processes, get_wazuh_agent_ports and 9 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Server Wazuh?: Mcp Server Wazuh is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Server Wazuh actively maintained?: Mcp Server Wazuh is less actively maintained — last commit was 158 days ago. It has 206 GitHub stars.