gensecaihq

gensecaihq / Wazuh-Openclaw-Autopilot

Public

Autonomous SOC layer for Wazuh using OpenClaw agents with MCP . Auto-triage alerts, correlate incidents, generate response plans with human-in-the-loop approval. Evidence packs, Prometheus metrics, Slack integration.

wazuh-mcp-openclaw.netlify.app agent agentic-ai agents autonomous autonomous-agents
19
4
100% credibility
Found Feb 20, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

Adds an AI-powered autonomous layer to Wazuh SIEM for automatic alert triage, incident correlation, response planning, and human-approved actions.

How It Works

1
👀 Discover Wazuh Autopilot

You find this helpful add-on for your Wazuh security monitor that uses smart helpers to speed up spotting and handling threats.

2
📦 Run the simple setup

Follow the friendly guide to get everything ready on your computer with just a few clicks.

3
🔗 Link your security monitor and AI brains

Connect your existing security system and pick a thinking service so the helpers can analyze alerts automatically.

4
Launch your security sidekick

Turn it on, and watch it start watching your alerts right away.

5
🔔 See alerts get sorted smartly

New warnings appear as organized cases with details like who's involved and how serious it is.

6
👍 Review and okay response ideas

Smart suggestions for fixes pop up for your quick yes or no, keeping you in full control.

🎉 Threats handled faster and safer

Your security work speeds up with less noise, better insights, and safe human checks before any action.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Wazuh-Openclaw-Autopilot?

This JavaScript project layers autonomous AI agents on top of Wazuh SIEM via OpenClaw and MCP protocol, auto-triaging alerts, correlating incidents into cases, and proposing response plans that require human approval before execution. It handles evidence packing, Prometheus metrics for SOC KPIs like MTTD/MTTR, and Slack notifications with approval buttons, turning raw security alerts into structured workflows. Developers get a ready-to-deploy autonomous SOC platform that offloads repetitive triage without risking unchecked automation.

Why is it gaining traction?

It stands out by combining Wazuh's robust alerting with model-agnostic AI agents that support 10+ LLMs like Claude or Grok, plus Slack Socket Mode for real-time human-in-the-loop decisions—no inbound ports needed. The hook is its safety-first design: agents analyze and plan autonomously but gatekeep execution behind policy checks and dual approvals, plus air-gapped Ollama support. Users notice immediate wins in alert volume reduction and faster triage via API endpoints like /api/cases and /api/plans.

Who should use this?

SOC analysts and security engineers managing Wazuh deployments who drown in high-volume alerts from endpoints, cloud logs, or vulnerabilities. Ideal for teams scaling incident response without hiring more staff, or DevSecOps leads wanting Prometheus-integrated metrics and Slack-driven workflows for on-call rotations. Skip if you're not on Wazuh 4.8+ or lack LLM API keys.

Verdict

Worth a docker-compose up for Wazuh users eyeing AI-assisted ops—docs are thorough with quickstart scripts and health checks, but 17 stars and 1.0% credibility signal early-stage maturity; test in staging first before prod reliance. Solid foundation if you need autonomous agents for alerts today.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.