adi5353/wazuh-mcp-latest — reverse-engineered prompt

Build me a Python service that connects our Wazuh security data to Claude through MCP so someone on a security team can ask normal questions and take action without digging through Wazuh screens.

I want it to let users search alerts, summarize what happened, triage suspicious events, investigate affected machines, look at vulnerabilities, compliance status, MITRE activity, file integrity issues, rules, decoders, inventory, cluster health, and incident details. It should also support reports and exports, Slack or Teams notifications, threat intel lookups, active response actions, and simple workflows like compliance drift checks, alert suppression, rule testing, rule rollback, and blast radius analysis.

Please make it usable with Claude Desktop and other MCP clients, include safe config through environment variables, Docker setup, examples, and clear docs for connecting to Wazuh or Wazuh Cloud. Add tests and basic security protections around credentials, audit logging, and dangerous actions. Look up current MCP and Wazuh docs online if you need to.