Microsoft Security Copilot
Summary
A Python-based MCP server that provides integration between Microsoft Security Copilot and Microsoft Sentinel using Azure Identity Authentication. Developed by Jaime Guimera Coll, this implementation enables running KQL queries against Sentinel workspaces, managing Security Copilot skillsets/plugins, and executing prompts within Security Copilot. The server uses FastMCP for the transport layer and supports multiple authentication methods including interactive browser, client secret, and managed identity. It's particularly useful for security professionals developing, testing, and deploying Security Copilot KQL skills, allowing for seamless workflow from development to production environments.
Available Actions(4)
run_sentinel_query
Execute KQL queries in Sentinel.
get_skillsets
List skillsets in Security Copilot.
upload_plugin
Upload or update a skillset/plugin.
run_prompt
Run a prompt or skill in Security Copilot.
社区评论
暂无评论. 成为第一个评论的人!
登录以参与讨论
