dstreefkerk/ms-sentinel-mcp-server
MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.
This tool helps security analysts and operations engineers interact with Microsoft Sentinel and Entra ID in test environments. It takes your Azure authentication and provides a queryable interface to access Sentinel logs, incidents, analytics rules, and user/group data from Entra ID. The output allows you to explore security data, validate KQL queries, and analyze threat intelligence without direct console access.
Use this if you are a security analyst or operations engineer needing to explore or test security data and KQL queries in a non-production Microsoft Sentinel environment, especially when working with LLMs.
Not ideal if you need to connect to a production Sentinel instance or require write operations, as this tool is strictly for read-only access in test environments.
Stars
15
Forks
7
Language
Python
License
MIT
Category
Last pushed
Jan 14, 2026
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/mcp/dstreefkerk/ms-sentinel-mcp-server"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
Wh0am123/MCP-Kali-Server
MCP configuration to connect AI agent to a Linux machine.
DMontgomery40/pentest-mcp
NOT for educational purposes: An MCP server for professional penetration testers including...
BurtTheCoder/mcp-shodan
MCP server for Shodan — search internet-connected devices, IP reconnaissance, DNS lookups, and...
cyproxio/mcp-for-security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like...
0x4m4/hexstrike-ai
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot,...