{"id":"socfortress-wazuh-mcp-server","name":"wazuh-mcp-server","af_score":57.5,"security_score":55.8,"reliability_score":35.0,"what_it_does":"Provides a Model Context Protocol (MCP) server that exposes Wazuh Manager and syscollector data (agents, ports, packages, processes, rules, rule files, and SCA results) as MCP tools, including an authentication tool to refresh JWT tokens used to call the Wazuh Manager API.","best_when":"You control the runtime environment (network access, secrets, and Wazuh credentials) and want an MCP tool interface for an LLM to reason over Wazuh data.","avoid_when":"You cannot restrict access to the MCP server and Wazuh credentials, or you need strict guarantees around error codes, retry semantics, and pagination behavior beyond the stated defaults.","last_evaluated":"2026-03-30T13:51:25.449200+00:00","has_mcp":true,"has_api":false,"auth_methods":["Wazuh username/password to obtain/refresh JWT for Wazuh Manager API"],"has_free_tier":false,"known_gotchas":["MCP auth layer is not described; ensure access to the MCP endpoint is restricted (network/firewall, bind address).","Some tools can trigger expensive Wazuh queries (rules listing, syscollector queries per agent); use limit/offset and filtering parameters carefully.","Token refresh is exposed via AuthenticateTool; agents may need to call it when encountering auth failures."],"error_quality":0.0}