About
A production‑ready FastMCP server that connects Wazuh SIEM to Claude Desktop via STDIO transport. It offers 29 security tools, AI‑driven threat analysis, natural language queries, and dual API routing for comprehensive incident response.
Capabilities
The Wazuh MCP Server bridges the gap between a Wazuh Security Information and Event Management (SIEM) platform and Claude Desktop, enabling AI‑driven security operations without the need for complex network configuration. By leveraging STDIO transport only, the server establishes a secure, local channel that eliminates firewall or VPN overhead, making it ideal for environments where network exposure must be minimized. The server is built on FastMCP, a lightweight and high‑performance MCP framework, ensuring that the integration remains responsive even under heavy query loads.
At its core, the server exposes a rich set of 29 security tools that cover alert retrieval, agent monitoring, compliance checks, and vulnerability summarization. These tools translate natural language requests from Claude into precise API calls against both the Wazuh Server and Indexer APIs, allowing analysts to ask questions like “Show me all critical security alerts from the last 24 hours” and receive structured, actionable data. The dual‑API support intelligently routes requests to the most appropriate endpoint, reducing latency and improving reliability.
For developers building AI‑enhanced security workflows, the MCP server offers several standout advantages. First, it provides a production‑ready configuration with comprehensive health checks, error handling, and SSL support that can be tailored for self‑signed certificates or strict CA verification. Second, the server’s toolset is fully documented and modular, making it straightforward to extend or customize for specific compliance frameworks such as PCI‑DSS or ISO 27001. Third, the integration with Claude Desktop is declarative—adding a single entry to the desktop’s configuration file unlocks all capabilities, simplifying onboarding for security teams.
Real‑world scenarios where this MCP server shines include incident response automation, where analysts can quickly query for patterns or run AI‑driven threat analyses directly within their conversational interface; compliance auditing, where periodic reports are generated with minimal manual effort; and agent health monitoring, allowing rapid identification of misconfigured or compromised endpoints. By embedding Wazuh’s telemetry into an AI assistant, organizations can accelerate detection, reduce mean time to resolution, and maintain a proactive security posture—all while keeping the data pipeline local and secure.
Related Servers
MarkItDown MCP Server
Convert documents to Markdown for LLMs quickly and accurately
Context7 MCP
Real‑time, version‑specific code docs for LLMs
Playwright MCP
Browser automation via structured accessibility trees
BlenderMCP
Claude AI meets Blender for instant 3D creation
Pydantic AI
Build GenAI agents with Pydantic validation and observability
Chrome DevTools MCP
AI-powered Chrome automation and debugging
Weekly Views
Server Health
Information
Tags
Explore More Servers
MCP Server Discord Webhook
Send messages to Discord via MCP commands
Harvester MCP Server
AI‑powered Kubernetes control for Harvester clusters
LanceDB Node Vector Search Server
Fast vector search with LanceDB and Ollama embeddings
MCP CamStream Analyzer
Real‑time camera and RTSP stream analysis with OpenAI APIs
MCP Server for Microsoft SQL Server
AI agents interacting with MSSQL via MCP
Fetch MCP
Quickly retrieve web content and YouTube transcripts