%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Wazuh OpenSearch Analytics
🚀 OpenSearch MCP Server
A Model Context Protocol (MCP) server for querying and analyzing Wazuh security logs stored in OpenSearch.
🚀 Quick Start
The OpenSearch MCP Server is a powerful tool for querying and analyzing Wazuh security logs. Here's how to get started:
Prerequisites
- Node.js v16 or higher.
- Access to an OpenSearch instance containing Wazuh security logs.
Installation
Option 1: Directly use npx from GitHub (Recommended)
You can run this tool directly using npx without cloning the repository:
# Run the latest version from GitHub
npx github:jetbalsa/mcp-opensearch-js
# Enable debug mode
npx github:jetbalsa/mcp-opensearch-js --debug
# You can also specify a specific branch or commit
npx github:jetbalsa/mcp-opensearch-js#main
Option 2: Local Installation
- Clone this repository:
git clone https://github.com/jetbalsa/mcp-opensearch-js.git
cd mcp-opensearch-js
- Install dependencies:
npm install
- Configure environment variables:
cp .env.example .env
- Edit the
.envfile with your OpenSearch connection details:
OPENSEARCH_URL=https://your-opensearch-endpoint:9200
OPENSEARCH_USERNAME=your-username
OPENSEARCH_PASSWORD=your-password
DEBUG=false
Starting the Server
Start the server:
npm start
This will start the server in stdio mode.
Enable debug logging:
npm run stdio:debug
Test with MCP CLI:
npm run dev
This will start the server and perform an interactive test using the MCP CLI tool.
Test with MCP Inspector:
npm run inspect
This will start the server and connect to the MCP Inspector for visual debugging.
✨ Features
- Search for security alerts with advanced filtering capabilities.
- Retrieve detailed information about specific alerts.
- Generate statistics on security events.
- Visualize the time trends of alerts.
- Provide long - term operation progress reports.
- Implement structured error handling.
📦 Installation
The installation process has been detailed in the Quick Start section above.
💻 Usage Examples
Using the MCP CLI Tool
# Search for alerts
mcp-cli search --keyword "error" --output json
# Get alert details
mcp-cli get --id 12345 --verbose
# Generate statistics
mcp-cli stats --time-range "2023-10-01 00:00:00" "2023-10-07 23:59:59" --summary
# Visualize trends
mcp-cli trends --start-time "2023-10-01" --end-time "2023-10-07" --format chart
Using the Client
const { MCPClient } = require('mcp-opensearch');
const client = new MCPClient({
host: 'localhost',
port: 9200,
username: 'your-username',
password: 'your-password'
});
// Search for alerts
client.search({ keyword: 'error' }, (err, result) => {
if (err) return console.error(err);
console.log(result);
});
// Get alert details
client.get({ id: '12345' }, (err, result) => {
if (err) return console.error(err);
console.log(result);
});
📚 Documentation
Server Tools
The server provides the following tools:
1. Search Alerts
Search for security alerts in Wazuh data.
Parameters:
--search: Specify the keyword or condition to search for.--filter: Apply advanced filters (e.g., time range, log level, etc.).-o, --output: Specify the output format (supports JSON, CSV, text, etc.).
2. Get Alert Details
Retrieve detailed information about a specific alert.
Parameters:
--id: Specify the ID of the alert to query.--fields: Specify the fields to display (comma - separated).-v, --verbose: Enable verbose mode to display more relevant information.
3. Statistics
Generate statistics on security events.
Parameters:
--time-range: Specify the time range (format:YYYY-MM-DD HH:MM:SS).--aggregation: Specify the aggregation method (e.g., by hour, day, week, etc.).-s, --summary: Display the summary result.
4. Visualize Trends
Visualize the time trends of alerts.
Parameters:
--start-time: Specify the start time.--end-time: Specify the end time.-f, --format: Specify the output format (e.g., chart, table, etc.).
Using the Client
To use this server as a client, follow these steps:
Install dependencies:
npm install mcp-opensearch
Connect to the MCP server:
const { MCPClient } = require('mcp-opensearch');
const client = new MCPClient({
host: 'localhost',
port: 9200,
username: 'your-username', // Optional
password: 'your-password' // Optional
});
Example usage:
// Search for alerts
client.search({ keyword: 'error' }, (err, result) => {
if (err) return console.error(err);
console.log('Search Result:', result);
});
// Get alert details
client.get({ id: '12345' }, (err, result) => {
if (err) return console.error(err);
console.log('Alert Details:', result);
});
Featured MCP Services
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
838
4.3 points
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
151
4.5 points
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
99
4.3 points
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
1.7K
5 points
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
6.7K
4.5 points
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
573
5 points
Context7
Context7 MCP is a service that provides real-time, version-specific documentation and code examples for AI programming assistants. It is directly integrated into prompts through the Model Context Protocol to solve the problem of LLMs using outdated information.
TypeScript
5.2K
4.7 points
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
761
4.8 points