Query Wazuh in natural language for triage, hunting, audits, and response.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "wazuh-mcp-server" yet — see the docs or source repo.
Query high-severity alerts in Wazuh from the last 24 hours, sort them by host, rule type, and time, then summarize the top 5 incidents that need immediate attention and explain why.
A list of high-severity alerts with prioritization, risk explanations, and recommended next actions.
Search Wazuh for the past 7 days for signs of lateral movement from the same IP, including failed logins across multiple hosts, unusual process launches, and suspicious privilege escalation, then provide an investigation conclusion.
An event timeline, suspicious indicators, affected hosts, and an assessment of whether lateral movement occurred.
Using current Wazuh data, check security baseline compliance for critical servers, focusing on missing patches, weak password policies, and logging gaps, then generate an audit summary.
A compliance issues list, affected assets, risk levels, and a concise summary suitable for audit reporting.
Investigate SIEM alerts, hunt threats, and tune rules using natural language.
Access Wazuh security alerts, vulnerabilities, and network docs using natural language.
Connect OSSEC security monitoring to AI for alerts, host status, and event analysis.
Search workplace incident data, analyze trends, and draft corrective actions.
Filter Kubernetes warning events so AI can diagnose cluster issues faster.
Search and aggregate Quickwit logs in natural language for faster troubleshooting.