How to Use the Wazuh (SIEM) MCP in Cline

Q: How do I use Wazuh (SIEM) with Cline to validate agent enrollment in my project?

Use the listagents tool first. Your component can then iterate over that list, validating each agent's existence against your codebase's required endpoints. It's a clean check before deployment.

Q: Can Wazuh (SIEM) help me build code around security role changes using Cline?

Yes. You can write functions that use createsecurityrole and then automatically generate the necessary API calls to enforce the new roles across your application's backend services.

Q: What if I need to check file integrity for a deployment using Wazuh (SIEM) with Cline?

Use getsyscheck results. These findings are ideal input data for writing unit tests that validate system state compliance, making your application more secure by design.

Q: Is the MCP Server suitable for running background Wazuh (SIEM) audits in a development environment?

It's perfect. You can schedule scripts that call listrules and getmanagerlogs. Cline executes these jobs, presenting the results right back to your console as if it were live output.

Build SIEM Compliance Dashboards with Cline: Integrate Wazuh security results directly into your code components.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Wazuh (SIEM) MCP to Cline

Create your Vinkius account to connect Wazuh (SIEM) to Cline and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Wazuh (SIEM) with Cline

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Generate Security Reports using the MCP Server

You don't have to write boilerplate report generation. The MCP Server allows you to run `get_sca` and `get_rootcheck`, pulling raw security assessment data that Cline can immediately consume. It lets you build a component that takes these findings—like failed compliance checks or root access issues—and renders them into a clean, testable dashboard view.

Manage Agent State and Dependencies with Cline

When developing microservices that rely on endpoint data, you need to know the agent status. Use `list_agents` to fetch the current list of endpoints. Then, write a script component that checks if required agents exist before allowing deployment. If necessary, `restart_agents` is available for your code to trigger a refresh cycle.

Model Threat Detection Logic with Cline

Want to model how an attacker would move? Run threat data through the MCP Server's tools. You can pull results from `get_mitre` or `get_syscollector`. Cline then takes these structured JSON outputs and helps you write a function that simulates detection logic. This makes writing effective SIEM monitoring code much faster.

Setup guide

Set up Wazuh (SIEM) MCP in Cline

Prerequisites

VS Code with Cline extension installed
Active Vinkius subscription with a valid endpoint token

1

Open Cline MCP settings

Click the Cline icon in the VS Code sidebar to open the Cline panel. Then click the MCP Servers icon (server stack) at the top-right corner of the panel.
2

Add a remote server

Click "Remote Servers" at the top, then click "Add Remote MCP". In the Name field, type wazuh-siem-mcp. In the URL field, paste your Vinkius endpoint: https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp. Get your token from cloud.vinkius.com.
3

Enable the server

After saving, the server appears in the Cline MCP panel. Toggle the switch to enable it. The status indicator turns green when the connection is live.
4

Start using tools

Return to the Cline chat and ask: "Check my latest Wazuh (SIEM) refund status." Cline will discover the available tools and request your approval before invoking each one — giving you full control over every action.

Cline MCP Settings

{
  "mcpServers": {
    "wazuh-siem-mcp": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Wazuh. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Wazuh (SIEM) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Wazuh (SIEM) MCP in Cline

Use the `list_agents` tool first. Your component can then iterate over that list, validating each agent's existence against your codebase's required endpoints. It's a clean check before deployment.

Yes. You can write functions that use `create_security_role` and then automatically generate the necessary API calls to enforce the new roles across your application's backend services.

Use `get_syscheck` results. These findings are ideal input data for writing unit tests that validate system state compliance, making your application more secure by design.

It's perfect. You can schedule scripts that call `list_rules` and `get_manager_logs`. Cline executes these jobs, presenting the results right back to your console as if it were live output.

This server handles security configuration settings. You can use `update_security_config` and read results to ensure that your application's assumptions about the SIEM setup are correct.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python

Vercel AI SDK sdk-typescript