Wazuh (SIEM) MCP Server with 21 Tools for Claude, Cursor, and AI Agents

Name: Wazuh (SIEM)
Price: 29 USD
Availability: InStock
Rating: 5.0 (1 reviews)
Author: Vinkius

GDPR Free for Subscribers

Manage your Wazuh SIEM infrastructure—monitor agents, inspect security events, and manage manager configurations directly from your AI agent. Vinkius routes your AI agents directly to Wazuh (SIEM) through a governed connection. 21 tools ready to use with Claude, ChatGPT, Cursor, or any AI agent — no hosting, no setup, connect in 30 seconds.

Built for AI Agents by Vinkius

Ask AI about this server

Open in ChatGPT Open in Claude Open in Perplexity

Compatible with every major AI agent and IDE

Claude

ChatGPT

Cursor

Gemini

Windsurf

VS Code

JetBrains

Vercel

+ other MCP clients

AI Agent→Vinkius

High Security·Kill Switch·Plug and Play

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

What is the Wazuh MCP Server?

The Wazuh MCP Server routes AI agents like Claude, ChatGPT, and Cursor directly to Wazuh via 21 tools. Manage your Wazuh SIEM infrastructure—monitor agents, inspect security events, and manage manager configurations directly from your AI agent. Powered by Vinkius — your credentials stay on your side of the connection, every request is auditable. Connect in under 2 minutes.

Built-in capabilities (21)

create_agentcreate_security_roledelete_agentsget_logtestget_manager_logsget_manager_statusget_mitreget_rootcheckget_scaget_syscheckget_syscollectorlist_agentslist_cluster_nodeslist_decoderslist_ruleslist_security_usersrestart_agentsrestart_clusterupdate_rule_fileupdate_security_configupgrade_agents

Tools for your AI Agents to operate Wazuh

Ask your AI agent "List all Wazuh agents that are currently active." and get the answer without opening a single dashboard. With 21 tools connected to real Wazuh data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.

Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by Vinkius — your credentials never touch the AI model, every request is auditable. Connect in under two minutes.

Why teams choose Vinkius

One subscription gives you the infrastructure to connect your AI agents to thousands of MCP servers — and deploy your own to the Vinkius Edge. Your credentials stay yours. Your data flows directly between your agent and the API. DLP blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade routing and governance, zero maintenance.

Build your own MCP Server with our secure development framework →

The Wazuh (SIEM) App Connector works with every AI agent you already use

…and any MCP-compatible client

Use all 21 Wazuh (SIEM) tools with your AI agents right now

Vinkius routes your AI agents to Wazuh (SIEM) through a governed proxy. Beyond a simple connection, you get full visibility into every action your agents perform, with enterprise-grade security and up to 60% savings on AI costs.

Explore Tools Hub

create

Create agent on Wazuh (SIEM)

Enroll a new Wazuh agent

create

Create security role on Wazuh (SIEM)

Create a new Wazuh security role

delete

Delete agents on Wazuh (SIEM)

Use WQL to specify which agents to delete. Remove Wazuh agents

get

Get logtest on Wazuh (SIEM)

Test rules and decoders against logs

get

Get manager logs on Wazuh (SIEM)

Retrieve Wazuh manager logs

get

Get manager status on Wazuh (SIEM)

Get Wazuh manager daemon status

get

Get mitre on Wazuh (SIEM)

Supports WQL filtering. Get MITRE ATT&CK results

get

Get rootcheck on Wazuh (SIEM)

Supports WQL filtering. Get Rootcheck results

get

Get sca on Wazuh (SIEM)

Supports WQL filtering. Get Security Configuration Assessment (SCA) results

get

Get syscheck on Wazuh (SIEM)

Supports WQL filtering. Get File Integrity Monitoring (Syscheck) results

get

Get syscollector on Wazuh (SIEM)

Supports WQL filtering. Get Syscollector inventory

list

List agents on Wazuh (SIEM)

Supports WQL filtering. List all Wazuh agents

list

List cluster nodes on Wazuh (SIEM)

List Wazuh cluster nodes

list

List decoders on Wazuh (SIEM)

Supports WQL filtering. List loaded Wazuh decoders

list

List rules on Wazuh (SIEM)

Supports WQL filtering. List loaded Wazuh rules

list

List security users on Wazuh (SIEM)

List Wazuh API users

restart

Restart agents on Wazuh (SIEM)

Restart Wazuh agents

restart

Restart cluster on Wazuh (SIEM)

Restart the Wazuh cluster

update

Update rule file on Wazuh (SIEM)

Update a Wazuh rule file

update

Update security config on Wazuh (SIEM)

Update Wazuh security configuration

upgrade

Upgrade agents on Wazuh (SIEM)

Upgrade Wazuh agents

What the Wazuh (SIEM) MCP Server unlocks

Connect your Wazuh SIEM to any AI agent to streamline security operations and endpoint monitoring through natural language.

What you can do

Agent Management — List all enrolled agents, create new ones, and perform bulk actions like restarts or upgrades using WQL filtering.
Manager & Cluster Health — Monitor manager daemon status, fetch logs, and inspect cluster nodes to ensure high availability.
Security Auditing — Query File Integrity Monitoring (Syscheck), Security Configuration Assessment (SCA), and Rootcheck results.
Threat Intelligence — Access MITRE ATT&CK mappings and test log decoders to validate your detection pipeline.
Rule Orchestration — List and update rules or decoders directly to fine-tune your security posture.

How it works

1. Subscribe to this server
2. Provide your Wazuh API URL, Username, and Password
3. Start auditing your security environment from Claude, Cursor, or any MCP client

Who is this for?

Security Analysts — quickly query agent status and FIM results without navigating the Wazuh dashboard
DevSecOps Engineers — automate agent upgrades and monitor cluster health directly from terminal-based AI tools
Incident Responders — fetch MITRE mappings and manager logs instantly during active investigations

Frequently asked questions about the Wazuh (SIEM) MCP Server

Can I filter agents by specific operating systems or versions?

Yes! The list_agents tool supports WQL (Wazuh Query Language). You can use queries like os.name=ubuntu;os.version>18 to find specific endpoints.

How do I check for unauthorized file changes on my servers?

You can use the get_syscheck tool. It retrieves File Integrity Monitoring (FIM) results, allowing you to audit file modifications, deletions, or additions across your agents.

Is it possible to check the health of the Wazuh manager cluster?

Absolutely. Use get_manager_status to check daemon health or list_cluster_nodes to see the status of all nodes in your Wazuh cluster.

More in this category

HCL AppScan

10 tools

Manage security scans and vulnerabilities with HCL AppScan — track issues and audit applications via AI.

Amazon SQS Queue

3 tools

This MCP does exactly one thing: it pulls and acknowledges messages from a single Amazon SQS Queue. That's its only function, and nothing else. Incredible for building secure AI workers.

Google Cloud Storage Bucket

4 tools

This MCP does exactly one thing: it manages files in a single Google Cloud Storage Bucket. That's its only function, and nothing else. Incredible for giving your AI secure file storage.

Elastic Security

10 tools

Manage SIEM and SOC operations via Elastic Security — monitor detection rules, search security alerts (Signals), handle whitelisting, and audit threat coverage directly from any AI agent.

Grepsr

12 tools

Automate web scraping via Grepsr — manage reports, trigger crawls, and retrieve data directly via AI.

Tencent Cloud VOD / 腾讯云点播

8 tools

Tencent's dominant video-on-demand platform — manage media, track tasks, and audit storage via AI.

BCB Câmbio — Dólar PTAX, Euro e 150+ Moedas

5 tools

Official exchange rates from Brazil's Central Bank: daily PTAX dollar quotes (the official BRL/USD reference rate), historical series, any of 150+ currencies against BRL, complete currency catalog, and SGS time series for long-term FX data.

New Relic AI (LLM Observability)

10 tools

Monitor and audit LLM telemetry via New Relic AI — track token costs, p95 latency, and user feedback.

Vinkius AI Gateway

We built the connector to Wazuh (SIEM). Now put your agents to work. Fully governed.

Vinkius is the AI Gateway with managed hosting. Stop building connectors. Every connection runs inside eight layers of security.

How it works

Infrastructure

Hosted, sandboxed, and live on AWS. You don't provision anything. You don't maintain anything. You connect.

Visibility

Every tool call, every token, every response. Logged and auditable. Data flows direct from Wazuh (SIEM) to your agent. Nothing is stored on our side. Ever.

Control

Eight governance layers on every request. Sensitive data redacted before it reaches the model. Kill switch if anything goes sideways. Always on.