MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.
Overview
What is Security Copilot and Sentinel MCP Server?
Security Copilot and Sentinel MCP Server is a Python-based server that integrates with Microsoft Security Copilot and Microsoft Sentinel, enhancing the development, testing, and deployment of Security Copilot artifacts.
How to use Security Copilot and Sentinel MCP Server?
To use the MCP server, clone the repository, install the dependencies, configure the environment variables, and run the server using Python. You can execute KQL queries, manage skillsets, and run prompts within Security Copilot.
Key features of Security Copilot and Sentinel MCP Server?
- Execute KQL queries against Microsoft Sentinel.
- Manage Security Copilot skillsets/plugins (upload, update, list).
- Support for multiple authentication methods (interactive, client secret, managed identity).
Use cases of Security Copilot and Sentinel MCP Server?
- Developing and testing KQL skills for Microsoft Security Copilot.
- Running advanced queries in Microsoft Sentinel.
- Managing and deploying plugins for Security Copilot.
FAQ from Security Copilot and Sentinel MCP Server?
- What are the prerequisites for using the MCP server?
You need Python 3.8+, access to Microsoft Sentinel and Security Copilot, and appropriate Azure permissions.
- How do I start the server?
Run the command
python server.pyto start the MCP server.
- Can I contribute to the project?
Yes! Contributions are welcome, and you can submit a Pull Request.