Loading connector details…
Microsoft Sentinel MCP Server
MCPOfficialOpen SourceMIT39.7
by dstreefkerk • Uncategorized
A read-only MCP server providing advanced querying and resource exploration for Microsoft Sentinel environments.
Example Use Cases
- 1
Run and validate KQL queries against Microsoft Sentinel data.
- 2
View and analyze security incidents and analytics rules in Sentinel.
- 3
Explore Azure Sentinel resources such as watchlists, data connectors, and threat intelligence.
Description
This MCP server enables secure, read-only access to Microsoft Sentinel instances, allowing users to run KQL queries, view incidents, analyze analytics rules, and explore various Sentinel resources. It is designed for test environments to support observation-only security operations and analysis, providing a modular and extensible platform. The server supports multiple authentication methods and integrates with Azure services to facilitate security monitoring and investigation workflows.
Quick Actions
Quick Stats
Service TypeMCP
Pricing ModelFree
Capabilities0 Tools / 0 Prompts / 0 Resources
Ownerdstreefkerk
CategoryUncategorized
Tags
azurellm-integrationlog-analyticsmcpmcp-servermicrosoft-sentinelthreat-intelligence