/ 100

5 days ago

glama

Wazuh MCP Server

Enables natural language interaction with Wazuh SIEM to query alerts, hunt threats, check vulnerabilities, and trigger active responses.

→ gensecaihq/Wazuh-MCP-Server · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama github_topic

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 5 credentials: AUTH_SECRET_KEY, MCP_API_KEY, WAZUH_PASS, WAZUH_INDEXER_PASS, MASTER_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configANSICON

configBUILD_DATE

configVERSION

configPYTHON_VERSION

configMCP_PORT— 3000 Server port

configMCP_HOST— 0.0.0.0 Server bind address

configLOG_LEVEL

🔐 secretAUTH_SECRET_KEY— auto-generated JWT signing key

configTOKEN_LIFETIME_HOURS

🔐 secretMCP_API_KEY— headers: ["Authorization: Bearer ${env://}"]

configAPI_KEYS

configWAZUH_HOST— your-wazuh-server

configWAZUH_USER— your-api-user

🔐 secretWAZUH_PASS— your-api-password

configVERIFY_SSL

configWAZUH_INDEXER_HOST— Indexer hostname

configWAZUH_INDEXER_USER— Indexer username

🔐 secretWAZUH_INDEXER_PASS— Indexer password

configMCP_TRANSPORT

configAUTH_MODE— bearer oauth, bearer, or none

configOAUTH_ISSUER_URL

configOAUTH_ENABLE_DCR

configOAUTH_ACCESS_TOKEN_TTL

configOAUTH_REFRESH_TOKEN_TTL

configOAUTH_AUTHORIZATION_CODE_TTL

configALLOWED_ORIGINS

configWAZUH_PORT— 55000 Manager API port

configWAZUH_VERIFY_SSL

configWAZUH_ALLOW_SELF_SIGNED

configWAZUH_INDEXER_PORT— 9200 Indexer port

configWAZUH_INDEXER_VERIFY_SSL

configENVIRONMENT

🔐 secretMASTER_KEY

configSSE_PORT

configSSE_HOST

configSSL_KEYFILE

configSSL_CERTFILE

configREDIS_URL— Redis URL for multi-instance session storage

configKUBERNETES_SERVICE_HOST

configDOCKER_CONTAINER

configMAX_MEMORY_MB

configRATE_LIMIT_REQUESTS

configRATE_LIMIT_WINDOW

configTRUSTED_PROXIES

configAUTHLESS_ALLOW_WRITE— false Allow active response in authless mode

configSESSION_TTL_SECONDS

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/gensecaihq-wazuh-mcp-server-12phr3)](https://m8ven.ai/mcp/gensecaihq-wazuh-mcp-server-12phr3)

commit: fe159ba1903eb8dcd3b97a4922d7e7457e8b36ed

code hash: e2e068a73d5ce29031c4d106c8ef357b0f59ae61d8f217f933898453da63ac38

verified: 6/22/2026, 12:20:41 PM

view raw JSON →