4,000+ servers built on vurb.ts
Vinkius
Unlock for AI Agents

Wazuh (SIEM) MCP Server for VS Code CopilotGive VS Code Copilot instant access to 21 tools to Create Agent, Create Security Role, Delete Agents, and more

MCP Inspector GDPR Free for Subscribers

GitHub Copilot in VS Code is the most widely adopted AI coding assistant, embedded directly into the world's most popular code editor. With MCP support in Agent mode, Copilot can access external data and APIs to generate context-aware code grounded in real-time information.

Ask AI about this MCP Server for VS Code Copilot

Open in ChatGPT Open in Claude Open in Perplexity

The Wazuh (SIEM) MCP Server for VS Code Copilot is a standout in the Fort Knox category — giving your AI agent 21 tools to work with, ready to go from day one.

Built for AI Agents by Vinkius

Vinkius delivers Streamable HTTP and SSE to any MCP client

ClaudeClaude
ChatGPTChatGPT
CursorCursor
GeminiGemini
WindsurfWindsurf
VS CodeVS Code
JetBrainsJetBrains
VercelVercel
+ other MCP clients
Classic Setup·json
{
  "mcpServers": {
    "wazuh-siem": {
      "url": "https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp"
    }
  }
}
RecommendedModern Approach — Zero Configuration

Vinkius Desktop App

The modern way to manage MCP Servers — no config files, no terminal commands. Install Wazuh (SIEM) and 4,000+ MCP Servers from a single visual interface.

Vinkius Desktop InterfaceVinkius Desktop InterfaceVinkius Desktop InterfaceVinkius Desktop Interface
Download Free Open SourceNo signup required
Wazuh (SIEM)
Fully ManagedVinkius Servers
60%Token savings
High SecurityEnterprise-grade
IAMAccess control
EU AI ActCompliant
DLPData protection
V8 IsolateSandboxed
Ed25519Audit chain
<40msKill switch
Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About Wazuh (SIEM) MCP Server

Connect your Wazuh SIEM to any AI agent to streamline security operations and endpoint monitoring through natural language.

GitHub Copilot Agent mode brings Wazuh (SIEM) data directly into your VS Code workflow. With a project-scoped config, the entire team shares access to 21 tools. Copilot queries live data, generates typed code, and writes tests from actual API responses, all without leaving the editor.

What you can do

  • Agent Management — List all enrolled agents, create new ones, and perform bulk actions like restarts or upgrades using WQL filtering.
  • Manager & Cluster Health — Monitor manager daemon status, fetch logs, and inspect cluster nodes to ensure high availability.
  • Security Auditing — Query File Integrity Monitoring (Syscheck), Security Configuration Assessment (SCA), and Rootcheck results.
  • Threat Intelligence — Access MITRE ATT&CK mappings and test log decoders to validate your detection pipeline.
  • Rule Orchestration — List and update rules or decoders directly to fine-tune your security posture.

The Wazuh (SIEM) MCP Server exposes 21 tools through the Vinkius. Connect it to VS Code Copilot in under two minutes — credentials fully managed, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

All 21 Wazuh (SIEM) tools available for VS Code Copilot

When VS Code Copilot connects to Wazuh (SIEM) through Vinkius, your AI agent gets direct access to every tool listed below — spanning siem, threat-detection, vulnerability-management, and more. Every call runs in a secure, isolated environment with full audit visibility. Beyond a simple connection, you get real-time monitoring of agent activity, enterprise governance, and optimized token usage.

create

Create agent on Wazuh (SIEM)

Enroll a new Wazuh agent

create

Create security role on Wazuh (SIEM)

Create a new Wazuh security role

delete

Delete agents on Wazuh (SIEM)

Use WQL to specify which agents to delete. Remove Wazuh agents

get

Get logtest on Wazuh (SIEM)

Test rules and decoders against logs

get

Get manager logs on Wazuh (SIEM)

Retrieve Wazuh manager logs

get

Get manager status on Wazuh (SIEM)

Get Wazuh manager daemon status

get

Get mitre on Wazuh (SIEM)

Supports WQL filtering. Get MITRE ATT&CK results

get

Get rootcheck on Wazuh (SIEM)

Supports WQL filtering. Get Rootcheck results

get

Get sca on Wazuh (SIEM)

Supports WQL filtering. Get Security Configuration Assessment (SCA) results

get

Get syscheck on Wazuh (SIEM)

Supports WQL filtering. Get File Integrity Monitoring (Syscheck) results

get

Get syscollector on Wazuh (SIEM)

Supports WQL filtering. Get Syscollector inventory

list

List agents on Wazuh (SIEM)

Supports WQL filtering. List all Wazuh agents

list

List cluster nodes on Wazuh (SIEM)

List Wazuh cluster nodes

list

List decoders on Wazuh (SIEM)

Supports WQL filtering. List loaded Wazuh decoders

list

List rules on Wazuh (SIEM)

Supports WQL filtering. List loaded Wazuh rules

list

List security users on Wazuh (SIEM)

List Wazuh API users

restart

Restart agents on Wazuh (SIEM)

Restart Wazuh agents

restart

Restart cluster on Wazuh (SIEM)

Restart the Wazuh cluster

update

Update rule file on Wazuh (SIEM)

Update a Wazuh rule file

update

Update security config on Wazuh (SIEM)

Update Wazuh security configuration

upgrade

Upgrade agents on Wazuh (SIEM)

Upgrade Wazuh agents

Connect Wazuh (SIEM) to VS Code Copilot via MCP

Follow these steps to wire Wazuh (SIEM) into VS Code Copilot. The entire setup takes under two minutes — your credentials stay safe behind Vinkius.

01

Create MCP config

Create a .vscode/mcp.json file in your project root
02

Add the server config

Paste the JSON configuration above
03

Enable Agent mode

Open GitHub Copilot Chat and switch to Agent mode using the dropdown
04

Start using Wazuh (SIEM)

Ask Copilot: "Using Wazuh (SIEM), help me...". 21 tools available

Why Use VS Code Copilot with the Wazuh (SIEM) MCP Server

GitHub Copilot for Visual Studio Code provides unique advantages when paired with Wazuh (SIEM) through the Model Context Protocol.

01

VS Code is used by over 70% of developers. adding MCP tools to Copilot means your team can leverage external data without leaving their primary editor

02

Project-scoped MCP configs (`.vscode/mcp.json`) let you commit server configurations to your repository, ensuring the entire team shares the same tool access

03

Copilot's Agent mode integrates MCP tools seamlessly with file editing, terminal commands, and workspace search in a single agentic loop

04

GitHub's enterprise compliance and audit features extend to MCP tool usage, providing visibility into how AI interacts with external services

Wazuh (SIEM) + VS Code Copilot Use Cases

Practical scenarios where VS Code Copilot combined with the Wazuh (SIEM) MCP Server delivers measurable value.

01

Live API integration: Copilot can query an MCP server, inspect the response schema, and generate typed API client code in the same step

02

DevSecOps workflows: security teams can give developers access to domain intelligence tools directly in their editor for real-time vulnerability assessment during code review

03

Data pipeline development: Copilot fetches sample data via MCP and generates transformation scripts, validators, and test fixtures from actual API responses

04

Documentation generation: Copilot queries available tools and auto-generates README sections, API reference docs, and usage examples

Example Prompts for Wazuh (SIEM) in VS Code Copilot

Ready-to-use prompts you can give your VS Code Copilot agent to start working with Wazuh (SIEM) immediately.

01

"List all Wazuh agents that are currently active."

02

"Show me the latest Security Configuration Assessment (SCA) results."

03

"Check the Wazuh manager logs for any recent errors."

Troubleshooting Wazuh (SIEM) MCP Server with VS Code Copilot

Common issues when connecting Wazuh (SIEM) to VS Code Copilot through Vinkius, and how to resolve them.

01

MCP tools not available

Ensure you are in Agent mode in Copilot Chat. MCP tools only appear in Agent mode.

Wazuh (SIEM) + VS Code Copilot FAQ

Common questions about integrating Wazuh (SIEM) MCP Server with VS Code Copilot.

01

Which VS Code version supports MCP?

MCP support requires VS Code 1.99 or later with the GitHub Copilot extension. Ensure both are updated to the latest version. Older versions of Copilot may not expose the Agent mode toggle.
02

How do I switch to Agent mode?

Open the Copilot Chat panel and look for two mode options: "Ask" and "Agent". Click "Agent" to enable autonomous tool calling. In Ask mode, Copilot provides conversational answers but cannot invoke MCP tools.
03

Can I restrict which MCP tools Copilot can access?

Yes. VS Code shows a tool consent dialog before any MCP tool is invoked for the first time. You can also configure tool access policies at the organization level through GitHub Copilot settings.
04

Does MCP work in VS Code Remote or Codespaces?

Yes. MCP servers configured via .vscode/mcp.json work in Remote SSH, WSL, and GitHub Codespaces environments. The MCP connection is established from the remote host, so ensure the server URL is accessible from that environment.

Explore More MCP Servers

View all →
Jina AI (Search Foundation & LLM Grounding)

Jina AI (Search Foundation & LLM Grounding)

6 tools

Power your RAG and search via Jina AI — generate embeddings, rerank documents, read URLs, and perform semantic web search.

MiiTel Alternative

MiiTel Alternative

4 tools

Automate MiiTel voice intelligence — list export queues, generate CSVs, and import call or meeting records via AI.

New Relic AI (LLM Observability)

New Relic AI (LLM Observability)

10 tools

Monitor and audit LLM telemetry via New Relic AI — track token costs, p95 latency, and user feedback.

Cohere (AI Platform)

Cohere (AI Platform)

7 tools

Power enterprise AI via Cohere — generate text, perform chat completions, reorder documents, and manage embeddings directly from any AI agent.