Related MCP Server Resources

Explore more AI models, providers, and integration options:

  • Explore AI Models
  • Explore AI Providers
  • Explore MCP Servers
  • LangDB Pricing
  • Documentation
  • AI Industry Blog
  • Xano MCP Server
  • MCP SSH Server
  • Kali Linux MCP Server
  • Image Processor MCP Server
  • Jokes MCP Server
Back to MCP Servers
Security Copilot MCP Server

Security Copilot MCP Server

Public
jguimera/SecurityCopilotMCPServer

Python-based Model Context Protocol server enabling KQL query execution in Microsoft Sentinel, management and deployment of Security Copilot skillsets/plugins, and running prompts with Azure Identity Authentication support.

python
0 tools
May 30, 2025
Updated Jun 4, 2025

Supercharge Your AI with Security Copilot MCP Server

MCP Server

Unlock the full potential of Security Copilot MCP Server through LangDB's AI Gateway. Get enterprise-grade security, analytics, and seamless integration with zero configuration.

Unified API Access
Complete Tracing
Instant Setup
Get Started Now

Free tier available • No credit card required

Instant Setup
99.9% Uptime
10,000+Monthly Requests

Security Copilot and Sentinel MCP Server

A Python-based MCP server using FastMCP library that provides integration with Microsoft Security Copilot and Microsoft Sentinel using Azure Identity Authentication. !Diagram

Overview

This project implements an MCP server that enables:

  • Running KQL queries against Microsoft Sentinel
  • Uploading/Updating Microsoft Security Copilot skillsets/plugins
  • Running prompts and skills in Microsoft Security Copilot

The server acts as a bridge between development environments and Microsoft Security Copilot, allowing for testing, deployment, and execution of skills and plugins. It uses SSE as transport layer for the MCP server. There are many use cases for the current integration. One of the most interesting ones is to support the development, test and deployment of Security Copilot KQL Skills.

!AgentFlow1 !AgentFlow2

Features

  • Sentinel Integration: Execute KQL queries against your Sentinel workspace
  • Security Copilot Management:
    • List existing skillsets/plugins
    • Upload new or update existing skillsets/plugins
    • Run prompts or skills within Security Copilot
  • Authentication Support: Multiple authentication methods including interactive browser, client secret, and managed identity

Roadmap

The next features will include:

  • Promptbook test and Update
  • Run Advance Hunting queries in Defender XDR

Prerequisites

  • Python 3.8+
  • Microsoft Sentinel workspace
  • Microsoft Security Copilot access
  • Appropriate Azure permissions for Sentinel and Security Copilot

Installation

  1. Clone the repository:

    git clone https://github.com/jguimera/SecurityCopilotMCPServer.git
cd SecurityCopilotMCPServer

  2. Install dependencies:

    pip install -r requirements.txt

  3. Create a .env file with the following configuration:

    #Add App Reg to use ClientID and Secret authentication
#AZURE_TENANT_ID=your_tenant_id
#AZURE_CLIENT_ID=your_client_id
#AZURE_CLIENT_SECRET=your_client_secret
SENTINEL_SUBSCRIPTION_ID=your_subscription_id
SENTINEL_RESOURCE_GROUP=your_resource_group
SENTINEL_WORKSPACE_NAME=your_workspace_name
SENTINEL_WORKSPACE_ID=your_workspace_id
#Authentication Options: interactive, client_secret
AUTHENTICATION_TYPE=interactive

Usage

Starting the Server

Run the MCP server:

python server.py

To run tests before starting the server:

python server.py --run-tests

Available Tools

The MCP server provides the following tools:

  1. run_sentinel_query: Execute KQL queries in Sentinel
  2. get_skillsets: List skillsets in Security Copilot
  3. upload_plugin: Upload or update a skillset/plugin
  4. run_prompt: Run a prompt or skill in Security Copilot

MCP Client Config for Cursor

You can use this MCP server from the Client of your choice. In this repo you can find intructions and config files for Cursor.

Add the .cursor folder inside your client project to enable the MCP tools. This folder contains two files:

  1. Cursor Project Rules (securitycopilotdev.mdc): This file include some Custom Cursor Rules to help the agents in the process definition and understanding user prompts.
  2. MCP Client Configuration (mcp.json): File that connects Cursor to the MCP server.

You can invoke the tool directly using /tool_name parameter1="Value of the tool parameter" For example: /run_prompt content="List the most recent risky users"

More info: https://docs.cursor.com/context/model-context-protocol#configuring-mcp-servers

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Publicly Shared Threads0

Discover shared experiences

Shared threads will appear here, showcasing real-world applications and insights from the community. Check back soon for updates!

Share your threads to help others
Related MCPs5
  • Xano MCP Server
    Xano MCP Server

    Python-based Model Context Protocol server enabling AI assistants to securely interact with Xano ins...

    Added May 30, 2025
  • MCP SSH Server
    MCP SSH Server

    Secure Model Context Protocol (MCP) SSH server enabling remote command execution, file and directory...

    Added May 30, 2025
  • Kali Linux MCP Server
    Kali Linux MCP Server

    A Kali Linux-based Model Context Protocol (MCP) server enabling execution of returnable commands for...

    5 tools
    Added May 30, 2025
  • Image Processor MCP Server
    Image Processor MCP Server

    A TypeScript-based Model Context Protocol server enabling creation, access, and summarization of tex...

    2 tools
    Added May 30, 2025
  • Jokes MCP Server
    Jokes MCP Server

    Deploy a Model Context Protocol (MCP) server to seamlessly integrate AI models with diverse data sou...

    Added May 30, 2025