wazuh
Include all wazuh credential support for latest version, this version mcp is for get data only.
claude mcp add --transport stdio rayasatriatama-wazuh-mcp-server uvx --from fastmcp python -m src.wazuh_mcp_server.wazuh_indexer.server \ --env LOG_LEVEL="INFO" \ --env WAZUH_API_URL="https://<wazuh-indexer-api-url>" \ --env WAZUH_API_USER="<username>" \ --env WAZUH_API_PASSWORD="<password>"
How to use
The Wazuh MCP Server provides two distinct MCP services that bridge Wazuh infrastructure with AI-enabled workflows: the Wazuh Indexer MCP Server and the Wazuh Manager MCP Server. Each service exposes a modular set of endpoints and MCP tools that allow you to query, monitor, and manage Wazuh data through standardized MCP requests. Use the server manager to orchestrate both servers in development or test environments, starting or stopping them as needed. The tools available cover indexing, searching, alerting, cluster health, user and agent management, rule handling, decoders, and a broad suite of security-related utilities. When running in production, you can operate with HTTP mode for REST APIs, SSE mode for real-time streams, and STDIO mode for direct client integration. The deployment is designed to be Docker-ready, with health checks and environment-variable-driven configuration for easy customization.
How to install
Prerequisites:
- Docker and Docker Compose installed
- Python 3.8+ installed (for local development if needed)
- Git available to clone the repository
Step-by-step:
-
Clone the repository git clone https://github.com/RayaSatriatama/wazuh-mcp-server.git cd wazuh-mcp-server
-
Install Python dependencies (optional for local development) python -m venv venv source venv/bin/activate pip install -r deployment/requirements-mcp.txt
-
Run with Docker (recommended for production-like testing) docker compose --profile http up -d
-
Verify services curl http://localhost:8001/health # Wazuh Indexer curl http://localhost:8002/health # Wazuh Manager
-
Alternative: Run via MCP runtime (uvx) for development uvx --from fastmcp python -m src.wazuh_mcp_server.server_manager start-all
Individual servers:
uvx --from fastmcp python -m src.wazuh_mcp_server.server_manager start wazuh_indexer uvx --from fastmcp python -m src.wazuh_mcp_server.server_manager start wazuh_manager
Additional notes
Environment variables drive server behavior. Common variables include WAZUH_API_URL, WAZUH_API_USER, and WAZUH_API_PASSWORD for authenticating with the Wazuh APIs. Ensure network access between the Wazuh components and the MCP services. If you encounter connection or authentication issues, verify that the API endpoints are reachable and that credentials are correct. The deployment supports multiple transport modes (HTTP, SSE, STDIO); configure the transport mode in your deployment or environment as needed. For production, prefer Docker Compose with the provided docker-compose.yml, and consider enabling TLS in front of the HTTP endpoints. Logs are structured and include levels like INFO, DEBUG (disabled by default), WARNING, and ERROR.
Related MCP Servers
mcp-vegalite
MCP server from isaacwasserman/mcp-vegalite-server
github-chat
A Model Context Protocol (MCP) for analyzing and querying GitHub repositories using the GitHub Chat API.
nautex
MCP server for guiding Coding Agents via end-to-end requirements to implementation plan pipeline
pagerduty
PagerDuty's official local MCP (Model Context Protocol) server which provides tools to interact with your PagerDuty account directly from your MCP-enabled client.
futu-stock
mcp server for futuniuniu stock
mcp -boilerplate
Boilerplate using one of the 'better' ways to build MCP Servers. Written using FastMCP
