SecurityCopilotMCPServer

SecurityCopilotMCPServer

14
securitycommunicationdeveloper_tools

This project provides a Python-based MCP server for the integration of Microsoft Security Copilot and Microsoft Sentinel, leveraging Azure Identity Authentication. It facilitates running KQL queries, managing skillsets, and executing skills in Security Copilot.

Overview

This project implements an MCP server using Python and the FastMCP library to integrate Microsoft Security Copilot and Microsoft Sentinel with Azure Identity Authentication.

Features

  • Run KQL queries against Microsoft Sentinel.
  • Manage Security Copilot skillsets/plugins: list, upload/update.
  • Run prompts and skills within Security Copilot.
  • Authentication support with methods like interactive browser and client secret.

Usage

Starting the Server

Run the MCP server and test it.

Available Tools

  • Execute KQL queries in Sentinel.
  • Manage Security Copilot skillsets and plugins.

Installation

Clone the repository, install dependencies, and configure the .env file.

Roadmap

Future updates to include advanced hunting queries in Defender XDR.