Skip to main content
Glama
deenesjakoruzh
dstreefkerk

ms-sentinel-mcp-server

by dstreefkerk
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

sentinel_analytics_rule_get

Retrieve detailed information about a specific analytics rule in Microsoft Sentinel to understand its configuration and behavior.

Instructions

Get details for a specific analytics rule

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
kwargsYes

Implementation Reference

  • tools/analytics_tools.py:120-176 (handler)
    The handler implementation of the 'sentinel_analytics_rule_get' tool. This class inherits from MCPToolBase and defines the async run() method that extracts the rule_name parameter, retrieves Azure context, and uses the SecurityInsightsClient to get the specific alert rule, returning a summary and full details or error.
    class SentinelAnalyticsRuleGetTool(MCPToolBase): name = "sentinel_analytics_rule_get" description = "Get details for a specific analytics rule" async def run(self, ctx: Context, rule_name: str = None, **kwargs): """ Get details for a specific analytics rule. Supports both MCP server and direct (test) invocation. Returns a dict with summary fields and full rule details, or error details. """ logger = self.logger # Robust parameter extraction: support both direct and nested kwargs if rule_name is None: rule_name = self._extract_param(kwargs, "rule_name") workspace, resource_group, subscription_id = self.get_azure_context(ctx) if not (workspace and resource_group and subscription_id): logger.error("Missing Azure Sentinel context for analytics rule retrieval.") return {"error": "Missing Azure Sentinel context."} if not rule_name: logger.error("No rule_name provided for analytics rule retrieval.") return {"error": "No rule_name provided."} try: client = self.get_securityinsight_client(subscription_id) rule = client.alert_rules.get( resource_group_name=resource_group, workspace_name=workspace, rule_id=rule_name, ) if hasattr(rule, "as_dict"): rule_dict = rule.as_dict() else: rule_dict = dict(rule) display_name = rule_dict.get("display_name") or rule_dict.get("displayName") severity = rule_dict.get("severity") enabled = rule_dict.get("enabled") summary = { "id": rule_dict.get("id"), "name": rule_dict.get("name"), "kind": rule_dict.get("kind"), "displayName": display_name, "severity": severity, "enabled": enabled, } summary["_full"] = rule_dict return summary except ResourceNotFoundError as e: logger.error("Analytics rule not found: %s", e) return {"error": "Analytics rule not found", "details": str(e)} except HttpResponseError as e: logger.error("HTTP error retrieving analytics rule: %s", e) return {"error": "HTTP error", "details": str(e)} except Exception as e: logger.error( "Unexpected error retrieving analytics rule '%s': %s", rule_name, e ) return {"error": "Unexpected error", "details": str(e)}
  • tools/analytics_tools.py:608-623 (registration)
    The register_tools function registers the SentinelAnalyticsRuleGetTool (among other analytics tools) with the MCP server instance. This function is called during server startup to make the tool available via the MCP protocol.
    def register_tools(mcp): """ Register all analytics tools with the given MCP server instance. Args: mcp: The MCP server instance to register tools with. """ SentinelAnalyticsRuleListTool.register(mcp) SentinelAnalyticsRuleGetTool.register(mcp) SentinelAnalyticsRuleTemplatesListTool.register(mcp) SentinelAnalyticsRuleTemplateGetTool.register(mcp) SentinelAnalyticsRulesCountByTacticTool.register(mcp) SentinelAnalyticsRuleTemplatesCountByTacticTool.register(mcp) SentinelAnalyticsRulesCountByTechniqueTool.register(mcp) SentinelAnalyticsRuleTemplatesCountByTechniqueTool.register(mcp)

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dstreefkerk/ms-sentinel-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server