Translates your natural language queries into KQL and executes them against Microsoft Defender's Advanced Hunting API. You'd reach for this when investigating security incidents or hunting for threats across your environment without manually writing Kusto queries. It bridges the gap between conversational requests and Defender's powerful query engine, letting you ask questions about process executions, network connections, file operations, and other telemetry in plain English. Assumes you already have Defender ATP deployed and appropriate API permissions configured. Best for security analysts who want faster threat hunting workflows or need to query Defender data without keeping KQL syntax in their head.
claude mcp add --transport stdio io.github.trickyfalcon-mcp-msdefenderkql -- uvx mcp-msdefenderkql