Wazuh MCP Server (gensecaihq)
Production-ready MCP server for Wazuh SIEM enabling plain-English threat detection, triage, and compliance checks.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for Wazuh MCP Server (gensecaihq), derived from its capabilities.
AIVSS 8.3 ยท High
View MAESTRO 7-layer threat model โOverview
This MCP server connects any MCP-compatible client to Wazuh SIEM so analysts can ask security questions in natural language for faster threat detection, incident triage, and compliance checks with real-time monitoring and anomaly spotting. It targets conversational SOC workflows. Because it queries a live SIEM holding sensitive alert and log data, access scoping and data-egress control are the core concerns.
Key features
- Natural-language Wazuh SIEM queries
- Threat detection and incident triage
- Compliance checks and anomaly spotting
Use cases
- Conversational SOC investigation
- Compliance and posture checks over Wazuh data