Wazuh FAQs

Question 1

How does it work?

Accepted Answer

It authenticates with the Wazuh API, retrieves alerts from Elasticsearch, transforms them into a standardized MCP format, and exposes them via an HTTP endpoint for LLMs to consume.

Question 2

What are the prerequisites for installation?

Accepted Answer

You need Python 3.8+, access to a Wazuh API instance, and (optionally) Claude Desktop configured to call the MCP server.

Question 3

What is the Wazuh MCP Server?

Accepted Answer

The Wazuh MCP Server is an open-source tool that integrates Wazuh security data with Large Language Models (LLMs) like Claude. It provides real-time security context to your AI applications.

Question 4

What are the key features?

Accepted Answer

Key features include secure JWT-based authentication, alert retrieval from Elasticsearch, MCP message transformation, a Flask HTTP server, robust error handling, and easy configuration via environment variables.

Question 5

How do I configure the Wazuh MCP Server?

Accepted Answer

You configure the server using environment variables such as WAZUH_HOST, WAZUH_PORT, WAZUH_USER, WAZUH_PASS, and MCP_SERVER_PORT. Refer to the documentation for detailed instructions.

Wazuh

Acerca de

Características Principales

Casos de Uso