Wazuh-MCP-Server MCP — Use Cases, Install & Live Demo

Why use it

Key features

48 tools across alerts, agents, vulnerabilities, active response, compliance
Output sanitization — redacts credentials before they reach the LLM
Rate limiting + circuit breakers to protect Wazuh Manager
RBAC per tool; audit logs for destructive actions
Deploys via Docker Compose; supports Wazuh 4.8–4.14

Live Demo

What it looks like in practice

wazuh.replay ▶ ready

0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "wazuh": {
      "command": "uvx",
      "args": [
        "Wazuh-MCP-Server"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "wazuh": {
      "command": "uvx",
      "args": [
        "Wazuh-MCP-Server"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "wazuh": {
      "command": "uvx",
      "args": [
        "Wazuh-MCP-Server"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "wazuh": {
      "command": "uvx",
      "args": [
        "Wazuh-MCP-Server"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "wazuh",
      "command": "uvx",
      "args": [
        "Wazuh-MCP-Server"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json

{
  "context_servers": {
    "wazuh": {
      "command": {
        "path": "uvx",
        "args": [
          "Wazuh-MCP-Server"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add wazuh -- uvx Wazuh-MCP-Server

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use Wazuh-MCP-Server

Triage overnight alerts in 10 minutes instead of 2 hours

👤 SOC analysts ⏱ ~20 min advanced

When to use: Shift start. Hundreds of alerts overnight. You need to find the real ones without reading every row.

Prerequisites

Wazuh Manager API creds — Wazuh UI > API credentials

Flow

Summarize

For last 12 hours: group alerts by rule group, count severity 10+ per group, top 5 agents with most high-sev alerts.✓ Copied

→ Ranked summary
Investigate

For top agent, pull the 10 most recent high-sev alerts with full details.✓ Copied

→ Detailed events
Determine action

Based on these events, is this a true positive? If yes, propose response: isolate agent / disable account / create ticket.✓ Copied

→ Verdict + action plan

Outcome: Faster MTTD/MTTR without more eyeballs.

Pitfalls

Auto-triggering active response before confirming — Keep active response tools behind a confirmation gate

Weekly vulnerability posture report

👤 Security managers ⏱ ~30 min intermediate

When to use: Friday report for leadership. How many CVEs open? Where? Trend vs last week?

Flow

Pull vulnerabilities

From Wazuh vulnerability module: total open CVEs by severity, top 10 agents by critical CVE count.✓ Copied

→ Numbers + top agents
Compare to last week

Compare counts to last Friday's report [paste]. What improved, what regressed?✓ Copied

→ Delta analysis
Prioritize

List the 5 critical CVEs affecting most hosts that should be patched this weekend.✓ Copied

→ Actionable patch list

Outcome: Board-ready security posture summary.

Pitfalls

Vuln data only as fresh as last scan — Check scan timestamps before drawing conclusions

Combine with: notion

Isolate a compromised host on confirmation

👤 SOC on-call ⏱ ~10 min advanced

When to use: Alert fires: unambiguous malware on endpoint. You need to isolate fast.

Flow

Confirm scope

For agent 'ws-4412': show active processes with parent PID, recent listening ports, and last 20 alerts. Is this clearly compromised?✓ Copied

→ Risk assessment
Isolate

Isolate agent ws-4412 via active response. Require my explicit confirm first.✓ Copied

→ Confirmation prompt, then isolation + audit log entry

Outcome: Compromised host isolated within minutes.

Pitfalls

False-positive isolation of prod server — Double-check agent ID and classification before confirming; keep an out-of-band way to re-enable

Combinations

Pair with other MCPs for X10 leverage

wazuh + notion

Weekly security digest to exec

Compose a weekly Wazuh summary and create a Notion page in 'Security Weekly'.✓ Copied

Tools

What this MCP exposes

Tool	Inputs	When to call	Cost
list_alerts	filter: obj, from, to, limit	Investigate by time/severity/rule	1 API call
get_agent	agent_id	Profile a specific endpoint	1 API call
list_vulnerabilities	agent_id?, severity?	Vuln posture checks	1 API call
trigger_active_response	agent_id, command, arguments?	Isolate / kill process / disable account — destructive; confirm	1 API call + physical effect
compliance_report	framework: 'pci'\|'hipaa'\|'nist', scope	Audit readiness	1 API call

Cost & Limits

What this costs to run

API quota: Bounded by Wazuh Manager API limits
Tokens per call: Alert listings can be huge — always filter by time + severity
Monetary: Free. Wazuh itself is open-source.
Tip: Use limit aggressively. Don't list a week's alerts without grouping.

Security

Permissions, secrets, blast radius

Minimum scopes: Wazuh API user scoped read-only for inspection; elevate for active response

Credential storage: Wazuh API creds in env or Docker secrets

Data egress: Alert/event data goes to your LLM provider

Never grant: Active-response scope to a dev/eval instance

Active response tools cause real actions on endpoints. Gate behind human confirmation.
Alert payloads may contain sensitive info (filenames, users); consider Presidio-style redaction upstream.