Wazuh SOC Autopilot with OpenClaw

Autonomous SOC (Security Operations Center) layer for Wazuh using OpenClaw agents with MCP. Auto-triage alerts, correlate incidents, generate response plans with human-in-the-loop approval.

Features

• Auto-triage alerts - Automatically categorize and prioritize security alerts
• Incident correlation - Connect related security events across the infrastructure
• Response plan generation - Create actionable response plans automatically
• Human-in-the-loop - Require approval before executing critical actions
• Evidence packs - Collect and organize evidence for investigations
• Prometheus metrics - Export security metrics for monitoring
• Slack integration - Notify security team via Slack

Tech Stack

• Wazuh (Security monitoring)
• OpenClaw (AI agent orchestration)
• MCP (Model Context Protocol)
• Prometheus (Metrics)
• Slack API (Notifications)

Use Case

Security teams can reduce alert fatigue by having OpenClaw agents handle routine triage and initial investigation, only escalating complex issues to human analysts.