The Wazuh MCP server integrates Wazuh's SIEM capabilities with LLMs for intelligent security data analysis. It exposes Wazuh's alert management, vulnerability detection, and compliance monitoring tools. Connects to Wazuh's API for real-time security event data. Useful for security analysts and DevOps teams automating threat detection and response.
The Wazuh MCP server integrates Wazuh's SIEM capabilities with LLMs for intelligent security data analysis. It exposes Wazuh's alert management, vulnerability detection, and compliance monitoring tools. Connects to Wazuh's API for real-time security event data. Useful for security analysts and DevOps teams automating threat detection and response.
pip install wazuh-mcp-serverAdd this configuration to your claude_desktop_config.json:
{
"mcpServers": {
"socfortress-wazuh-mcp-server-github": {
"command": "uvx",
"args": [
"pip install wazuh-mcp-server"
]
}
}
}Restart Claude Desktop, then ask:
"What tools do you have available from wazuh?"
API Key Required
This server requires an API key from wazuh. Add it to your environment or config.
| Variable | Required | Description |
|---|---|---|
| WAZUH_API_KEY | Yes | Your wazuh API key |
"What resources are available in wazuh?"
Claude will query available resources and return a list of what you can access.
"Show me details about [specific item] in wazuh"
Claude will fetch and display detailed information about the requested item.
"Create a new [item] in wazuh with [details]"
Claude will use the appropriate tool to create the resource and confirm success.
We build custom MCP integrations for B2B companies. From simple connections to complex multi-tool setups.