Microsoft Sentinel MCP Server

Microsoft Sentinel MCP Server Overview

The Microsoft Sentinel MCP Server bridges the gap between AI assistants and Azure’s security analytics platform. By exposing a read‑only view of a Sentinel workspace through the Model Context Protocol, it allows LLMs such as Claude to query logs, explore incidents, and review analytics rules without compromising the underlying environment. This is particularly valuable for developers building security‑aware conversational agents, automating threat hunting workflows, or creating interactive dashboards that rely on live Sentinel data.

What the server does is to translate MCP tool calls into Azure Log Analytics and Sentinel API requests. It supports a wide range of operations—from executing Kusto Query Language (KQL) queries and retrieving workspace metadata, to listing incidents, hunting queries, rule templates, and threat‑intel lookups. Each capability is exposed as a distinct tool within the MCP ecosystem, enabling fine‑grained control over what an LLM can request. Because the server is strictly read‑only and intended for test environments, it mitigates risk while still offering a rich data surface.

Key features include:

• KQL Execution & Validation: Run queries against live or mock data, helping LLMs generate or troubleshoot detection logic.
• Incident & Analytics Exploration: List incidents, view detailed fields, and analyze rule performance by MITRE tactics.
• Resource Discovery: Retrieve tables, schemas, connectors, and watchlists, giving context for data lineage and threat hunting.
• Threat Intelligence Enrichment: Perform WHOIS lookups and IP geolocation, adding actionable context to security findings.
• Azure AD Integration: View Entra ID users and groups, supporting role‑based access insights.

Real‑world use cases span from building a security‑aware chatbot that can answer “What incidents are currently open?” to automating the generation of incident response playbooks. A developer could integrate this server into a CI/CD pipeline that automatically runs new detection rules against test data, or use it within an internal knowledge base to surface the latest threat intelligence. The MCP interface makes these interactions declarative and language‑agnostic, allowing any LLM client that supports MCP to tap into Sentinel without custom SDKs.

Integration with AI workflows is seamless: an LLM client sends a tool call specifying the desired operation (e.g., “list_incidents”), and the MCP server returns a structured JSON payload that the assistant can interpret and present. Because each tool is isolated, developers can lock down permissions at a granular level—only allowing query execution or incident listing, for example. The server’s modular design also means new Sentinel APIs can be added without disrupting existing clients, ensuring long‑term compatibility as Azure evolves.