How to Use the Wazuh (SIEM) MCP in Pydantic AI

Q: How does Pydantic AI handle Wazuh (SIEM) agent management?

The framework allows the use of createagent for enrollment and deleteagents to remove endpoints. Since results are validated by Pydantic models, you get guaranteed data structure when listing agents.

Q: Can Pydantic AI help check Wazuh (SIEM) compliance?

Yes. You can run getsca for Security Configuration Assessment results and the tool will validate every field against your defined schema, preventing silent data corruption.

Q: What is the best way to use Wazuh (SIEM) with Pydantic AI?

Combine agent listings (listagents) with threat checks like getmitre. The type-safe approach ensures that all metrics and findings you combine are structurally sound.

Q: Does the MCP Server support Wazuh (SIEM) rule updates?

The toolset manages rules via updaterulefile or modifies security settings with updatesecurityconfig. Pydantic validation ensures these updates are processed and reported correctly.

Ensure data correctness when managing SIEM with Pydantic AI.

See Vinkius in Action

Works with every AI agent you already use

…and any MCP-compatible client

MCP Servers - Free for Subscribers

Connect Wazuh (SIEM) MCP to Pydantic AI

Create your Vinkius account to connect Wazuh (SIEM) to Pydantic AI and route execution through our secure gateway. The platform manages server hosting, runtime updates, and security layers. Configuration requires no manual server provisioning.

GDPR Free for Subscribers

Setup Wazuh (SIEM) with Pydantic AI

Ask AI about this MCP

ChatGPT

Claude

Perplexity

Audit Wazuh Agents and Nodes via MCP Server

Need to check the agent list? Call `list_agents` for an accurate inventory, or use `create_agent` to onboard a new endpoint. The tool also lets you delete agents with `delete_agents`, filtered by WQL. Because responses are type-safe, you'll always know exactly what fields you received when checking agent status.

Validate Wazuh (SIEM) Threat Findings

The tool supports several checks for security posture. You can get root system audit results via `get_rootcheck`, or check file integrity with `get_syscheck`. Both methods accept WQL filters, guaranteeing precise data. If the API returns unexpected data during these runs, your agent fails loudly—you won't miss a critical field.

Manage Wazuh (SIEM) Operational Status

Check if everything is running right. Use `get_manager_status` to verify the daemon health, or grab historical records with `get_manager_logs`. You can also check loaded decoders using `list_decoders`. This structure guarantees that status metrics are returned in a predictable format.

Setup guide

Set up Wazuh (SIEM) MCP in Pydantic AI

Prerequisites

Python 3.10+ installed
pydantic-ai-slim[fastmcp] package
Active Vinkius subscription with a valid endpoint token

1

Install Pydantic AI with FastMCP
Run pip install "pydantic-ai-slim[fastmcp]". The FastMCP toolset replaces the deprecated MCPServerHTTP class with full protocol support.
2

Configure the FastMCPToolset
Pass a JSON-style config dict to FastMCPToolset with your Vinkius URL. Replace [YOUR_TOKEN_HERE] with your token from cloud.vinkius.com. Supports Streamable HTTP, SSE, and Stdio transports.
3

Create and run your agent
Pass the toolset to Agent(toolsets=[toolset]) and call agent.run(). Swap openai:gpt-4o for any supported model — Anthropic, Google, Mistral, or Groq.

agent.py

from pydantic_ai import Agent
from pydantic_ai.toolsets.fastmcp import FastMCPToolset

toolset = FastMCPToolset({
    "mcpServers": {
        "wazuh-siem-mcp": {
            "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
        }
    }
})

agent = Agent(
    "openai:gpt-4o",
    toolsets=[toolset],
    system_prompt="You have access to Wazuh (SIEM) tools.",
)

result = await agent.run("List recent Wazuh (SIEM) transactions")
print(result.output)

Get your connection token →

Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Wazuh. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.

Why Choose Vinkius

Vinkius connects your tools to AI with real-time monitoring and automatic cost savings — all from one dashboard.

Connect Wazuh (SIEM) now

Real-time monitoring

Live

visibility into every interaction

Connect your favorite tools to your AI and see exactly what's happening — every request, every response, in real time.

Built-in savings

60%

lower AI costs

Vinkius compresses data between your apps and your AI automatically. Lower bills every month — no configuration required.

Single dashboard

One

place for every integration

Every tool your AI connects to, managed from a single screen. One account, complete control.

Common questions about Wazuh (SIEM) MCP in Pydantic AI

The framework allows the use of `create_agent` for enrollment and `delete_agents` to remove endpoints. Since results are validated by Pydantic models, you get guaranteed data structure when listing agents.

Yes. You can run `get_sca` for Security Configuration Assessment results and the tool will validate every field against your defined schema, preventing silent data corruption.

Combine agent listings (`list_agents`) with threat checks like `get_mitre`. The type-safe approach ensures that all metrics and findings you combine are structurally sound.

The toolset manages rules via `update_rule_file` or modifies security settings with `update_security_config`. Pydantic validation ensures these updates are processed and reported correctly.

The server handles system logs and agent configuration. The toolset requires interaction with Agent lists and rules to function.

Use it with your favorite AI tools

Connect this server to Cursor, Claude, VS Code, and more.

OpenAI Agents SDK sdk-python

Google ADK sdk-python

Pydantic AI sdk-python