MCP.so
Sign In

Security Copilot and Sentinel MCP Server

@jguimera

About Security Copilot and Sentinel MCP Server

MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.

Basic information

Category

Developer Tools

License

MIT

Runtime

python

Transports

stdio

Publisher

jguimera

Config

No standard config provided

This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.

Repository

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Security Copilot and Sentinel MCP Server?

A Python-based MCP server using the FastMCP library that provides integration with Microsoft Security Copilot and Microsoft Sentinel via Azure Identity Authentication. It enables running KQL queries against Sentinel, managing Security Copilot skillsets/plugins, and executing prompts and skills, acting as a bridge between development environments and Microsoft Security Copilot.

How to use Security Copilot and Sentinel MCP Server?

Clone the repository, install dependencies with pip install -r requirements.txt, create a .env file with your Azure and Sentinel configuration, then start the server with python server.py. Optionally run tests with python server.py --run-tests. The server exposes tools that can be invoked from MCP clients like Cursor.

Key features of Security Copilot and Sentinel MCP Server

  • Execute KQL queries against Microsoft Sentinel workspaces
  • List existing skillsets/plugins in Security Copilot
  • Upload or update skillsets/plugins
  • Run prompts or skills in Security Copilot
  • Supports interactive browser, client secret, and managed identity authentication

Use cases of Security Copilot and Sentinel MCP Server

  • Develop, test, and deploy Security Copilot KQL skills
  • Integrate Sentinel query results into Security Copilot workflows
  • Automate management of Security Copilot plugins and prompts
  • Enable AI‑assisted security operations via MCP client (e.g., Cursor)

FAQ from Security Copilot and Sentinel MCP Server

What are the prerequisites to run this server?

Python 3.8+, a Microsoft Sentinel workspace, access to Microsoft Security Copilot, and appropriate Azure permissions for both services.

What authentication methods are supported?

Three methods: interactive browser, client secret (using an App Registration), and managed identity.

How do I configure the server?

Create a .env file with your tenant ID, client ID, client secret (optional), Sentinel subscription ID, resource group, workspace name, workspace ID, and authentication type (interactive or client_secret).

What transport does the MCP server use?

The server uses SSE (Server‑Sent Events) as the transport layer.

What tools are provided by the server?

run_sentinel_query, get_skillsets, upload_plugin, and run_prompt.

Comments

More Developer Tools MCP servers