Retour aux applications
W
Wazuh MCP Server
Interface UIpar gensecaihq
AI-powered security operations for Wazuh SIEM, enabling conversational threat hunting, incident triage, and active response.
0 étoiles
1 vues
Fonctionne dans:claude
Expose:Tools
What it does
This MCP server provides a conversational interface to the Wazuh SIEM. It allows security analysts to query alerts, hunt for threats, check vulnerabilities, and trigger active responses (like blocking IPs or isolating hosts) using natural language.
Tools
get_wazuh_alerts: Query and filter security alerts via Elasticsearch.get_critical_vulnerabilities: Identify agents with unpatched critical CVEs.wazuh_block_ip: Trigger firewall-drop actions on specific agents.wazuh_isolate_host: Isolate a compromised host from the network.analyze_security_threat: Perform automated threat analysis and risk assessment.run_compliance_check: Execute real-time compliance audits.
Installation
Add to your claude_desktop_config.json:
{
"mcpServers": {
"wazuh": {
"command": "docker",
"args": ["run", "-i", "gensecaihq/wazuh-mcp-server"],
"env": {
"WAZUH_HOST": "your-wazuh-server",
"WAZUH_USER": "your-api-user",
"WAZUH_PASS": "your-api-password"
}
}
}
}
Supported hosts
- Claude Desktop
- Open WebUI
- mcphost
Installation rapide
docker compose up -dInformations
- Tarification
- free
- Publié
- 4/16/2026
- étoiles
