MCP.so
ログイン

Security Copilot and Sentinel MCP Server

@jguimera

Security Copilot and Sentinel MCP Server について

MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.

基本情報

カテゴリ

開発者ツール

ライセンス

MIT

ランタイム

python

トランスポート

stdio

公開者

jguimera

設定

標準の設定はありません

このサーバーの README には解析可能な MCP 設定ブロックが含まれていません。インストール手順はリポジトリをご確認ください。

リポジトリ

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is Security Copilot and Sentinel MCP Server?

A Python-based MCP server using the FastMCP library that provides integration with Microsoft Security Copilot and Microsoft Sentinel via Azure Identity Authentication. It enables running KQL queries against Sentinel, managing Security Copilot skillsets/plugins, and executing prompts and skills, acting as a bridge between development environments and Microsoft Security Copilot.

How to use Security Copilot and Sentinel MCP Server?

Clone the repository, install dependencies with pip install -r requirements.txt, create a .env file with your Azure and Sentinel configuration, then start the server with python server.py. Optionally run tests with python server.py --run-tests. The server exposes tools that can be invoked from MCP clients like Cursor.

Key features of Security Copilot and Sentinel MCP Server

  • Execute KQL queries against Microsoft Sentinel workspaces
  • List existing skillsets/plugins in Security Copilot
  • Upload or update skillsets/plugins
  • Run prompts or skills in Security Copilot
  • Supports interactive browser, client secret, and managed identity authentication

Use cases of Security Copilot and Sentinel MCP Server

  • Develop, test, and deploy Security Copilot KQL skills
  • Integrate Sentinel query results into Security Copilot workflows
  • Automate management of Security Copilot plugins and prompts
  • Enable AI‑assisted security operations via MCP client (e.g., Cursor)

FAQ from Security Copilot and Sentinel MCP Server

What are the prerequisites to run this server?

Python 3.8+, a Microsoft Sentinel workspace, access to Microsoft Security Copilot, and appropriate Azure permissions for both services.

What authentication methods are supported?

Three methods: interactive browser, client secret (using an App Registration), and managed identity.

How do I configure the server?

Create a .env file with your tenant ID, client ID, client secret (optional), Sentinel subscription ID, resource group, workspace name, workspace ID, and authentication type (interactive or client_secret).

What transport does the MCP server use?

The server uses SSE (Server‑Sent Events) as the transport layer.

What tools are provided by the server?

run_sentinel_query, get_skillsets, upload_plugin, and run_prompt.

コメント

「開発者ツール」の他のコンテンツ