Wazuh MCP Server (gensecaihq)
Production-ready MCP server for Wazuh SIEM enabling plain-English threat detection, triage, and compliance checks.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Wazuh MCP Server (gensecaihq), derived from its capabilities.
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.
Overview
This MCP server connects any MCP-compatible client to Wazuh SIEM so analysts can ask security questions in natural language for faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. It targets conversational SOC workflows. Because it queries a live SIEM holding sensitive alert and log data, access scoping and data-egress control are the core concerns.
Key features
- Natural-language Wazuh SIEM queries
- Threat detection and incident triage
- Compliance checks and anomaly spotting
Use cases
- Conversational SOC investigation
- Compliance and posture checks over Wazuh data