Bridges Claude to Microsoft Defender's Advanced Hunting API so you can query security telemetry using natural language instead of writing KQL by hand. You describe what you're looking for in plain English, and it translates that into proper Kusto Query Language and executes it against your Defender data. Reach for this when you're investigating security incidents or hunting for threats and want to avoid context switching between your AI conversation and the Defender portal. Requires Microsoft Defender credentials with appropriate API permissions to access your tenant's advanced hunting tables.
claude mcp add --transport stdio io.github.trickyfalcon-mcp-defender -- uvx mcp-defender