What is Wazuh MCP Server?
Wazuh MCP Server is an open-source server designed to integrate Wazuh security data with large language models (LLMs) like the Claude Desktop App. It authenticates with the Wazuh RESTful API, retrieves alerts from Elasticsearch, transforms events into an MCP-compliant JSON format, and provides an HTTP endpoint for real-time security context.
How to use Wazuh MCP Server?
To use the Wazuh MCP Server, clone the repository, set up a virtual environment, install dependencies, configure environment variables for Wazuh API access, and run the server. Integration with Claude Desktop requires updating its configuration file to include the MCP server details.
Key features of Wazuh MCP Server?
- JWT-Based Authentication for secure access to Wazuh.
- Alert Retrieval from Elasticsearch indices.
- Transformation of security events into standardized MCP messages.
- Flask HTTP Server exposing an
/mcpendpoint for integration. - Robust error handling for various issues like token expiration and network timeouts.
- Configurable via environment variables for easy setup.
Use cases of Wazuh MCP Server?
- Integrating Wazuh security alerts with AI applications.
- Providing real-time security context to LLMs for enhanced decision-making.
- Automating security monitoring and alerting processes.
FAQ from Wazuh MCP Server?
-
What is required to run Wazuh MCP Server?
You need Python 3.8+, access to a Wazuh API instance, and optionally, Claude Desktop configured to call the MCP server.
-
Is Wazuh MCP Server free to use?
Yes! It is an open-source project and free to use.
-
How can I contribute to Wazuh MCP Server?
Contributions are welcome! You can open issues or submit pull requests for improvements or bug fixes.