Enterprise DNA
M MCP Servers Developer low

gbrigandi/mcp-server-wazuh

by Various

MCP Server for Wazuh SIEM

G

MCP

gbrigandi/mcp-server-wazuh

Added 1 June 2026

#llm #mcp #mcp-server #model-context-pro #model-context-protocol-servers #security-operations #siem #wazuh

Overview

An MCP server written in Rust that exposes Wazuh SIEM functionality through the Model Context Protocol. It lets AI agents like Claude query security alerts, manage agents, and retrieve compliance data via the Wazuh API.

Best for

Best for
Security teams who want to integrate AI assistant capabilities with their Wazuh SIEM deployment

Use cases

  • Query and summarize security alerts from Wazuh
  • Manage Wazuh agents (list, add, remove) through natural language
  • Retrieve compliance and vulnerability scan results

How to use

Tools exposed

  • WAZUH_API_HOST
  • WAZUH_API_PORT
  • WAZUH_API_USERNAME
  • WAZUH_API_PASSWORD
  • WAZUH_INDEXER_HOST
  • WAZUH_INDEXER_PORT
  • WAZUH_INDEXER_USERNAME
  • WAZUH_INDEXER_PASSWORD
  • WAZUH_VERIFY_SSL
  • WAZUH_TEST_PROTOCOL
  • RUST_LOG

Tested with

Claude Desktop

Notes

An MCP server written in Rust that exposes Wazuh SIEM functionality through the Model Context Protocol. It lets AI agents like Claude query security alerts, manage agents, and retrieve compliance data via the Wazuh API.

210 stars on GitHub. Last updated 2025-12-12. Licensed MIT.

Use cases

  • Query and summarize security alerts from Wazuh
  • Manage Wazuh agents (list, add, remove) through natural language
  • Retrieve compliance and vulnerability scan results

Pros

  • 210 stars on GitHub, indicating community adoption and reliability
  • Written in Rust for performance and memory safety
  • Enables natural language interaction with Wazuh SIEM using MCP clients

Cons

  • Requires an existing Wazuh SIEM deployment to function
  • Only works with MCP-compatible clients (e.g., Claude)
  • May have limited documentation or early stage maturity

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • 210 stars on GitHub, indicating community adoption and reliability
  • Written in Rust for performance and memory safety
  • Enables natural language interaction with Wazuh SIEM using MCP clients

Cons

  • Requires an existing Wazuh SIEM deployment to function
  • Only works with MCP-compatible clients (e.g., Claude)
  • May have limited documentation or early stage maturity
Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks