NeoAnd/mcp-server-wazuh
1
0
Fork 0
mirror of https://github.com/gbrigandi/mcp-server-wazuh.git synced 2025-12-21 04:42:18 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: comprehensive Wazuh integration with Docker CI/CD and expanded security operations

Browse Source 
Major enhancements:
- Added Docker image building and publishing to GitHub Container Registry with multi-platform support (linux/amd64, linux/arm64)
- Expanded from basic alert retrieval to comprehensive security operations with 14 MCP tools covering:
  * Vulnerability management (agent vulnerability summaries, critical vulnerabilities)
  * Agent monitoring (running agents, processes, network ports)
  * System statistics (weekly stats, remoted stats, log collector stats)
  * Log analysis (manager logs, error logs with search capabilities)
  * Cluster management (health checks, node listing)
- Updated environment configuration to support both Wazuh Manager API and Wazuh Indexer with proper SSL handling
- Enhanced documentation with detailed use cases, Docker deployment options, and comprehensive tool descriptions
- Upgraded wazuh-client dependency to v0.1.1 for expanded API capabilities
- Added agent ID formatting and validation for consistent three-digit zero-padded identifiers

This transforms the server from a simple alert fetcher into a full-featured security operations platform for AI-assisted Wazuh management.
This commit is contained in:
Gianluca Brigandi
2025-06-18 16:50:26 -07:00
parent 2fd14a0063
commit 47b33414cb
5 changed files with 1511 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
.env.example
View File

@@ -1,9 +1,39 @@
# Wazuh API Configuration
WAZUH_HOST=localhost
WAZUH_PORT=55000
WAZUH_USER=admin
WAZUH_PASS=admin
VERIFY_SSL=false
# Wazuh MCP Server Environment Configuration Example
#
# Copy this file to .env and fill in your specific values.
# Lines starting with # are comments.
# MCP Server Configuration
MCP_SERVER_PORT=8000
# Wazuh Manager API Configuration
# Hostname or IP address of the Wazuh Manager API server.
WAZUH_API_HOST=localhost
# Port number for the Wazuh Manager API.
WAZUH_API_PORT=55000
# Username for Wazuh Manager API authentication.
WAZUH_API_USERNAME=wazuh
# Password for Wazuh Manager API authentication.
WAZUH_API_PASSWORD=wazuh
# Wazuh Indexer API Configuration
# Hostname or IP address of the Wazuh Indexer API server.
WAZUH_INDEXER_HOST=localhost
# Port number for the Wazuh Indexer API.
WAZUH_INDEXER_PORT=9200
# Username for Wazuh Indexer API authentication.
WAZUH_INDEXER_USERNAME=admin
# Password for Wazuh Indexer API authentication.
WAZUH_INDEXER_PASSWORD=admin
# SSL Configuration for Wazuh Connections
# Set to "true" to verify SSL certificates for Wazuh API and Indexer connections.
# Set to "false" to disable SSL verification (not recommended for production).
WAZUH_VERIFY_SSL=false
# Protocol for Wazuh Connections (Optional)
# Overrides the default protocol used by the wazuh-client.
# Typically "http" or "https". If not set, the client's default (usually https) will be used.
# WAZUH_TEST_PROTOCOL=https
# Logging Configuration
# Controls the log level for the application and its dependencies.
# Examples: "info", "debug", "trace", "mcp_server_wazuh=debug,wazuh_client=info"
RUST_LOG=info