CYBERDOM

Another day of Cybersecurity

Sentinel MCP Unlocked

Published · Updated

The future of the SOC is shifting from static dashboards and manual KQL queries toward intelligent, context operations powered by AI agents. AI-SOC is a journey, not something that can happen in a night!

Microsoft Sentinel’s integration with the MCP marks the beginning of that transformation. MCP is not another buzzword; it’s an open standard that allows LLM and security tools to communicate safely and semantically. Instead of writing raw queries, analysts can now define intent, and the system translates that into structured telemetry analysis.

This blog post touches on Sentinel MCP, how it works under the hood, and why it matters for security researchers, defenders, and AI engineers alike. We’ll explore the architectural flow between AI clients and the Sentinel data lake, walk through real configurations from the sentinel-mcp-github repository, and analyze the emerging attack surfaces this model introduces. The goal is simple: understand how to use MCP to enhance your SOC while staying aware of its operational and security implications.

The shift from KQL to semantic workflows

In classic SOC operations with Sentinel, the analysts know the table names (SigninLogs, SecurityEvent, AuditLogs etc), writing KQL queries,  link alerts, incidents, devices, and identities. That works, but it requires knowledge of schema, query syntax, and typically has a barrier to entry. As one article puts it:

“Analysts had to know the exact schema, memorise table names, and craft precise KQL queries just to get started… The barrier to entry was high.”

Enter MPC inside Sentinel can have a hosted service with the MCP server that exposes tools and intents. AI clients/agents (via VS Code, Copilot, etc.) can drive analysis using plain language intent or structured tool calls rather than manually plumbing KQL.

What exactly is MCP in Sentinel?

From Microsoft’s documentation:

MCP is an open protocol designed for LLMs or AI clients to integrate safely, in a structured and stateful manner, with external tools, context, and data.

In the Sentinel context, the MCP server publishes a catalog of security-focused tools and a unified interface so clients (e.g., VS Code, Security Copilot) can issue natural language “intents” and retrieve structured responses (e.g., “List devices with anomalous outbound network connections”, “Summarize sign-in failures for user X”).

The architecture roughly includes Host (AI application/client environment), MCP Client, MCP Server, Sentinel data lake, logs, and graph.

Key benefits for a cloud security team

Why is this out? Because for a team doing cloud/endpoint/identity telemetry, you get:

  • Reduced analyst friction with less time writing “SELECT … from SecurityEvent where …” and more time interpreting what the tool returns.

  • Faster triage/response: the semantic layer can correlate across tables, surface entities (users/devices/apps), and risks in a single structured reaction rather than through manual joins.

  • Better cross-domain visibility: when you ingest identity logs, device logs, and network logs into Sentinel, an MCP tool can be configured to reason across them, e.g., identity > device > data movement.

  • Agent-friendly automation: Because tool outputs are deterministic and structured, you can embed them into playbooks, workflows, or custom agents to automate rep-analysis or response.

Things to watch because nothing is magic

  • The MCP server in Sentinel is currently in preview, and its behavior may change.

  • The tools exposed may be limited (e.g., “data exploration ” and “agent creation”), and custom tables or schemas might not be semantically understood yet.

  • You still need solid SOC/blue-team fundamentals: detection logic, context, and incident workflows. MCP is an accelerator, not a replacement.

The GitHub Repository: Your “sentinel-mcp-github” project

Location: https://github.com/eshlomo1/CloudSec/tree/main/AI-Security/sentinel-mcp-github GitHub

Here’s an overview of what the repo includes, why it matters to you as a security researcher or practitioner, and how you might leverage or extend it.

Repo contents & structure

From a quick look at the GitHub directory:

  • It lives under your “CloudSec / AI-Security / sentinel-mcp-github” path.

  • Although the GitHub UI truncated display (I couldn’t fetch the full file tree via the preview), one can infer this is a collection of scripts/configs related to Sentinel MCP use: likely sample mcp.json, KQL templates, agent definitions, maybe correlation/incident workflows.

  • Purpose: to provide a template or starting point for organizations to deploy/use Sentinel MCP in real world SOC workflows.

Why this repo is valuable

  • Hands-on implementation artifacts, including sample configs, scripts, and maybe modules you can adapt. Instead of starting from zero, you have a reference.

  • Bridging AI + SOC, while many SOC teams focus purely on KQL and alerts, this repo helps illustrate how the emerging semantic/agentic layer can be added.

  • Extendable and customizable: Because your focus is cloud security, identity, and endpoint, you can tailor this repo to your telemetry (Azure AD sign-ins, Defender for Endpoint logs, AWS CloudTrail logs, etc.).

  • Awareness of limitations and adjustments: By working through the sample configs, you’ll internalize gaps (e.g., custom table support) and build mitigation/workaround strategies.

How to leverage the repo in your workflows

Here’s a suggested path:

  • Clone the repo into your lab/POC environment.

  • Identify your telemetry sources: On-board Sentinel data lake, ingest Azure AD, Defender XDR, CloudTrail logs, etc.

  • Locate mcp.json (or similar) config file in the repo. Review workspace boundary, tool collection, and incident analysis parameters. The blog article highlights this as best practice.

  • Adjust boundaries and add your workspace IDs, names, time windows, and correlation rules (incidents/alerts) in the config.

  • In VS Code (or compatible AI client) add the Sentinel MCP server endpoint: e.g., https://sentinel.microsoft.com/mcp/data-exploration (and maybe …/mcp/security-copilot-agent-creation).

  • Enable Agent mode in your client tool and review the tool catalog (data exploration, agent creation).

  • Test workflows: e.g., “Find devices with more than 100 outbound connections from last 24h”, “List users with failed MFA attempts & risk scores”, “Summarize incident XYZ across alerts/devices/users”.

  • Evaluate outputs: Are you getting structured entity lists, risk drivers, and evidence links? Compare to manual KQL + pivoting to assess quality and gaps.

Note: This Sentinel MCP with the dedicated info is running correctly on a few environments. If you find any issues, feel free to note them and notify me. Thanks.

More about https://cyberdom.blog/unlocking-microsoft-sentinel-mcp/

Tags:

Discover more from CYBERDOM

Subscribe now to keep reading and get access to the full archive.

Continue reading