What is Wazuh MCP Server?
Wazuh MCP Server is a Rust-based middleware application that connects a Wazuh Security Information and Event Management (SIEM) system with applications that require contextual security data, specifically designed for integration with Claude Desktop using the Model Context Protocol (MCP).
How to use Wazuh MCP Server?
To use the Wazuh MCP Server, deploy it on a server with access to a Wazuh instance, configure the necessary environment variables for Wazuh API access, and then poll the /mcp endpoint from an MCP-compatible client like Claude Desktop to retrieve transformed security alerts.
Key features of Wazuh MCP Server?
- Secure integration with the Wazuh API using JWT authentication.
- Automatic token refresh for seamless operation.
- Transformation of Wazuh alerts into MCP-compliant JSON format.
- Exposes a simple HTTP endpoint for clients to fetch security context.
- Health check endpoint to monitor server status.
Use cases of Wazuh MCP Server?
- Providing real-time security alerts to AI assistants like Claude.
- Enabling contextual security data for applications requiring compliance with MCP.
- Facilitating integration between Wazuh and other security tools or dashboards.
FAQ from Wazuh MCP Server?
- What is the purpose of the Wazuh MCP Server?
It serves as a bridge between Wazuh SIEM and applications needing security context in MCP format.
- How do I configure the server?
Configuration is done via environment variables, including Wazuh API credentials and server settings.
- Is there a demo available?
Yes, an all-in-one Docker setup is provided for local testing with Wazuh and the MCP Server.