Microsoft Sentinel

Integrates with Microsoft Sentinel to enable security analysts to execute KQL queries, manage analytics rules, investigate incidents, and perform threat intelligence lookups directly from their AI environment.

The Microsoft Sentinel MCP Server provides security analysts with direct access to Microsoft Sentinel's threat hunting and investigation capabilities through the Model Context Protocol. Built by Daniel Streefkerk, this Python implementation integrates with Azure services to enable KQL query execution, analytics rule management, incident investigation, and threat intelligence lookups. The server includes robust authentication handling, caching mechanisms, and error management while offering a comprehensive set of tools for security operations - from basic workspace information retrieval to advanced hunting queries and MITRE ATT&CK framework mappings. It's designed for security professionals who need to leverage Sentinel's capabilities within MCP-compatible environments like Claude.