Connects to Microsoft Sentinel's data lake via OAuth and lets Claude query security telemetry using natural language. You get tools to search for relevant tables and retrieve data without writing KQL by hand. Useful when building security agents that need to hunt for password sprays, detect impossible travel patterns, flag MFA anomalies, or spot dormant accounts that suddenly wake up. The server handles translating conversational queries into actual data lake operations, so you can prototype threat detection logic in Claude before formalizing it into production queries. Remote endpoint means no local setup, just authenticate and start exploring your security logs.
claude mcp add --transport http com.microsoft-sentinel-data-exploration https://sentinel.microsoft.com/mcp/data-exploration