MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
process.env. You'll be asked to provide them before it can run.AZURE_WORKSPACE_ID— AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP, AZURE_WORKSPACE_NAME,AZURE_SUBSCRIPTION_ID— AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, , AZURE_RESOURCE_GROUP, AZURE_WORKSPACE_NAME, AZURE_WORKSPACE_IDAZURE_RESOURCE_GROUP— AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, , AZURE_WORKSPACE_NAME, AZURE_WORKSPACE_IDAZURE_TENANT_ID— , AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP, AZURE_WORKSPACE_NAME, AZURE_WORKSPACE_IDAZURE_WORKSPACE_NAME— AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP, , AZURE_WORKSPACE_IDAZURE_CLIENT_ID— and AZURE_CLIENT_SECRET from your MCP client config.AZURE_CLIENT_SECRET— AZURE_CLIENT_ID and from your MCP client config.MCP_DEBUG_LOG— Enable debug mode by setting the environment variable to true in your .env file:[](https://m8ven.ai/mcp/dstreefkerk-ms-sentinel-mcp-server-169cri)