Wazuh
Createdunmuktoai
Integrates Wazuh security data with Large Language Models, providing real-time security context.
About
Wazuh is an open-source service designed to bridge the gap between Wazuh security data and Large Language Models (LLMs) like the Claude Desktop App. It authenticates with the Wazuh RESTful API, retrieves alerts from Elasticsearch indices, transforms these events into a standardized MCP-compliant JSON format, and then exposes an HTTP endpoint. This allows Claude Desktop, or other compatible LLMs, to fetch and utilize real-time security context from Wazuh for enhanced analysis and response capabilities.
Key Features
- Retrieval of Wazuh alert data from Elasticsearch indices.
- Exposes an /mcp endpoint for Claude Desktop integration via a Flask HTTP server.
- Secure authentication with Wazuh using JWT tokens.
- Conversion of security events into standardized MCP messages.
- Configurable via environment variables.
Use Cases
- Providing real-time security context to LLMs for incident analysis.
- Integrating Wazuh security data with Claude Desktop for enhanced threat detection.
- Enabling LLMs to leverage Wazuh alerts for automated response.