Wazuh-MCP-Server **v1.0.0**
# 🚀 Wazuh-MCP-Server **v1.0.0** — “Unix Unification”The first stable release of the Wazuh ↔ Model Context Protocol bridge is here!
v1.0.0 delivers production-ready Unix support, tighter security, and polished docs so you can chat with your Wazuh stack (“Show me critical alerts from the last hour 💬”) straight from Claude or any MCP-capable agent.
✨ Highlights
Category What’s new Unified Unix launcher macOS & Linux now share a single mcp_wrapper.sh, eliminating path/env quirks. Windows keeps the Python entry-point.Hardened security – Purged sample creds<br>– Expanded .gitignoreto block secrets/logs<br>– Clear prod-vs-dev SSL guidanceDocs overhaul Consolidated OS guides, added Quick Start, and fresh diagrams Feature-complete toolkit Stable endpoints: get_alerts,analyze_threats,check_agent_health,compliance_check,risk_assessment,vulnerability_prioritization
🆕 New & Improved
- Prompt packs for incident triage, threat hunting, compliance, forensics, and exec reporting
- Robust logging & error handling — wrapper traps signals, cleans temp files, surfaces SSL/Wazuh errors clearly
- Changelog introduced — future upgrades stay transparent
⚠️ Breaking / Action Required
Linux & macOS users: replace any direct
python main.pycall with the new wrapper:
-
Regenerate your Wazuh API-only user and update
.env -
Verify SSL flags —
VERIFY_SSL=true+WAZUH_ALLOW_SELF_SIGNED=trueis the recommended minimum for production
🔐 Security Hardening
| Area | Change |
|---|---|
| Credentials | Removed placeholder secrets; docs now show best-practice API user creation |
| Transport | Self-signed vs CA-signed cert guidance with examples |
| Repo hygiene | .gitignore now shields logs, traces, and env files |
🙏 Special Thanks
Big shout-out to @marcolinux46 for tireless testing, detailed feedback, and reporting edge-case Wazuh issues that made this release rock-solid.
Happy threat-hunting with conversational AI!
{ "mcpServers": { "wazuh": { "command": "/path/to/Wazuh-MCP-Server/mcp_wrapper.sh", "args": ["--stdio"] } } }