Wazuh

The Wazuh MCP Server provides a secure bridge between Claude Desktop and Wazuh security data, enabling AI assistants to access real-time security alerts and context. Built with Flask, it authenticates with the Wazuh RESTful API using JWT tokens, retrieves alerts from Elasticsearch indices, and transforms them into standardized MCP-compliant messages. The implementation includes robust error handling for token expiration and network issues, is easily configurable through environment variables, and exposes an HTTP endpoint that Claude Desktop can query to incorporate security event data into conversations, making it valuable for security operations and threat analysis workflows.