In Part 1 we connected AWS Bedrock Claude to the Wazuh Dashboard chat via ML Commons. That approach works well for analysts working inside the Wazuh UI. In this part we open a second channel: Model Context Protocol (MCP), which allows any compatible client - Claude Desktop, custom applications, CI pipelines - to query Wazuh Indexer data through a standardized tool interface.
[Read More]Integrating local language models directly into the Wazuh interface opens fundamentally new capabilities for information security teams. Unlike cloud-based AI solutions, Ollama enables security event analysis entirely within an organization’s isolated infrastructure, eliminating the transmission of confidential data beyond the network perimeter. Embedding an AI assistant into the Wazuh dashboard provides SOC analysts with instant access to intelligent alert interpretation, automatic incident correlation, and response recommendation generation directly within the workflow context. This approach significantly reduces the time required for initial threat analysis and decreases the cognitive load on specialists, allowing them to focus on strategic decision-making instead of routine event processing. Meanwhile, full control over the model and data remains within the organization, which is critically important for regulatory compliance and internal security policies.
[Read More]This article draws inspiration from the Wazuh blog post on enhancing container image security with Wazuh and Trivy.
Containerization has revolutionized software development and deployment, offering scalability and efficiency.
However, this agility can introduce security risks if container images aren’t properly secured.
Vulnerabilities within these images can expose your entire system to threats. This is where the combined power of Wazuh and Trivy comes in.
These open-source tools provide a comprehensive solution for boosting your container image security, ensuring your applications are protected from the ground up.
[Read More]