dstreefkerk/ms-sentinel-mcp-server
MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.
Implements MCP (Model Context Protocol) with Azure CLI authentication, providing read-only access to Sentinel's KQL query engine, Log Analytics schemas, and incident data alongside Entra ID directory querying—all exposed as discrete tools for LLM consumption. Built around modular tool categories (KQL, incidents, analytics rules, hunting queries, threat intelligence) with built-in KQL validation and mock-data testing to catch query errors before execution. Designed for test/non-production environments only, with explicit warnings against connecting to production Sentinel or public LLMs due to exposure of sensitive security and directory metadata.
Stars
15
Forks
7
Language
Python
License
MIT
Category
Last pushed
Jan 14, 2026
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/mcp/dstreefkerk/ms-sentinel-mcp-server"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
0x4m4/hexstrike-ai
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot,...
panther-labs/mcp-panther
Write detections, investigate alerts, and query logs from your favorite AI agents
duriantaco/skylos
High-precision Python SAST & Dead Code Remover. Finds unused functions, secrets, and security...
msaad00/agent-bom
Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime...
Wh0am123/MCP-Kali-Server
MCP configuration to connect AI agent to a Linux machine.