NeoAnd/mcp-server-wazuh
1
0
Fork 0
mirror of https://github.com/gbrigandi/mcp-server-wazuh.git synced 2025-07-13 15:14:48 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README with correct MCP flow for rmcp implementation

Browse Source 
- Aligned initialize response with actual rmcp server output
- Updated tools/list response to match real JSON schema format
- Corrected tool name from 'wazuhAlerts' to 'get_wazuh_alert_summary'
- Added proper MCP content format with text type responses
- Included error response examples for connection failures
- Updated tool call examples with correct parameter structure
- Removed outdated outputSchema references (not used in rmcp)
- Added proper JSON schema format with draft-07 specification
This commit is contained in:
Gianluca Brigandi 2025-05-22 16:39:13 -07:00
parent 87ac8a6695
commit 13f93cc844
1 changed files with 71 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
README.md
View File

@ -208,39 +208,22 @@ Example interaction flow:
``` ```
3. **Server sends `initialize` response to client via `stdout`:** 3. **Server sends `initialize` response to client via `stdout`:**
(Capabilities shown are illustrative based on logs; actual capabilities might vary.)
```json ```json
{ {
"jsonrpc": "2.0", "jsonrpc": "2.0",
"id": 0, "id": 1,
"result": { "result": {
"protocolVersion": "2024-11-05", "protocolVersion": "2024-11-05",
"capabilities": { "capabilities": {
"tools": { "prompts": {},
"supported": true, "resources": {},
"definitions": [ "tools": {}
{
"name": "get_wazuh_alert_summary",
"description": "Retrieves a summary of Wazuh security alerts. Returns formatted alert information including ID, timestamp, and description.",
"inputSchema": {
"type": "object",
"properties": {
"limit": {
"type": "integer",
"description": "Maximum number of alerts to retrieve (default: 100)"
}
}
}
}
]
},
"resources": { "supported": true },
"prompts": { "supported": true }
}, },
"serverInfo": { "serverInfo": {
"name": "Wazuh MCP Server", "name": "rmcp",
"version": "0.1.0" "version": "0.1.5"
} },
"instructions": "This server provides tools to interact with a Wazuh SIEM instance for security monitoring and analysis.\nAvailable tools:\n- 'get_wazuh_alert_summary': Retrieves a summary of Wazuh security alerts. Optionally takes 'limit' parameter to control the number of alerts returned (defaults to 100)."
} }
} }
``` ```
@ -268,30 +251,24 @@ Example interaction flow:
```json ```json
{ {
"jsonrpc": "2.0", "jsonrpc": "2.0",
"id": 1, "id": 2,
"result": { "result": {
"tools": [ "tools": [
{ {
"name": "wazuhAlerts", "name": "get_wazuh_alert_summary",
"description": "Retrieves the latest security alerts from the Wazuh SIEM.", "description": "Retrieves a summary of Wazuh security alerts. Returns formatted alert information including ID, timestamp, and description.",
"inputSchema": { "type": "object", "properties": {} }, "inputSchema": {
"outputSchema": { "$schema": "http://json-schema.org/draft-07/schema#",
"type": "object",
"properties": { "properties": {
"alerts": { "limit": {
"type": "array", "description": "Maximum number of alerts to retrieve (default: 100)",
"description": "A list of simplified alert objects.", "format": "uint32",
"items": { "minimum": 0.0,
"type": "object", "type": ["integer", "null"]
"properties": {
"id": { "type": "string", "description": "The unique identifier of the alert." },
"description": { "type": "string", "description": "The description of the rule that triggered the alert." }
},
"required": ["id", "description"]
}
} }
}, },
"required": ["alerts"] "title": "GetAlertSummaryParams",
"type": "object"
} }
} }
] ]
@ -299,41 +276,77 @@ Example interaction flow:
} }
``` ```
7. **Client calls the `wazuhAlerts` tool by sending `tools/call` to server's `stdin`:** 7. **Client calls the `get_wazuh_alert_summary` tool by sending `tools/call` to server's `stdin`:**
```json ```json
{ {
"jsonrpc": "2.0", "jsonrpc": "2.0",
"id": 2, "id": 3,
"method": "tools/call", "method": "tools/call",
"params": { "params": {
"name": "wazuhAlerts", "name": "get_wazuh_alert_summary",
"arguments": {} "arguments": {
"limit": 5
}
} }
} }
``` ```
8. **Server receives on `stdin`, processes the `wazuhAlerts` call (which involves querying the Wazuh API and transforming the data as described elsewhere in this README).** 8. **Server receives on `stdin`, processes the `get_wazuh_alert_summary` call (which involves querying the Wazuh Indexer API and transforming the data).**
9. **Server sends `tools/call` response with transformed alerts to client via `stdout`:** 9. **Server sends `tools/call` response with formatted alerts to client via `stdout`:**
(Alert content is illustrative and simplified.)
```json ```json
{ {
"jsonrpc": "2.0", "jsonrpc": "2.0",
"id": 2, "id": 3,
"result": { "result": {
"alerts": [ "content": [
{ {
"id": "1747091815.1212763", "type": "text",
"description": "Attached USB Storage" "text": "Alert ID: 1747091815.1212763\nTime: 2024-01-15T10:30:45.123Z\nAgent: web-server-01\nLevel: 7\nDescription: Attached USB Storage"
}, },
{ {
"id": "1747066333.1207112", "type": "text",
"description": "New dpkg (Debian Package) installed." "text": "Alert ID: 1747066333.1207112\nTime: 2024-01-15T10:25:12.456Z\nAgent: database-server\nLevel: 5\nDescription: New dpkg (Debian Package) installed."
} }
// ... other simplified alerts based on the tool's outputSchema ],
] "isError": false
} }
} }
```
**Or, if no alerts are found:**
```json
{
"jsonrpc": "2.0",
"id": 3,
"result": {
"content": [
{
"type": "text",
"text": "No Wazuh alerts found."
}
],
"isError": false
}
}
```
**Or, if there's an error connecting to Wazuh:**
```json
{
"jsonrpc": "2.0",
"id": 3,
"result": {
"content": [
{
"type": "text",
"text": "Error retrieving alerts from Wazuh: HTTP request error: connection refused"
}
],
"isError": true
}
}
```
## Running the All-in-One Demo (Wazuh + MCP Server) ## Running the All-in-One Demo (Wazuh + MCP Server)