Skip to main content
Glama
deenesjakoruzh
dstreefkerk

ms-sentinel-mcp-server

by dstreefkerk
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

sentinel_ml_analytics_setting_get

Retrieve a specific Microsoft Sentinel machine learning analytics setting by name to configure security monitoring rules.

Instructions

Get a specific Sentinel ML analytics setting by name.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
kwargsYes

Implementation Reference

  • tools/workspace_tools.py:462-567 (handler)
    The handler function that implements the tool logic. It extracts the 'setting_name' parameter, retrieves the Azure context, calls the Azure Security Insights API to get the ML analytics setting, enriches the data with properties and referenced analytic rules, and returns a structured result with validation and error handling.
    async def run(self, ctx: Context, **kwargs): """ Get a specific ML analytics setting by name. Parameters: setting_name (str, required): The name of the ML analytics setting. Returns MCP-compliant dict with 'setting', 'valid', 'errors', and 'error'. """ logger = self.logger # Extract parameters using the base class method setting_name = self._extract_param(kwargs, "setting_name") result = {"setting": {}, "valid": False, "errors": []} if not setting_name: error_msg = "Missing required parameter: setting_name" logger.error(error_msg) result["error"] = error_msg result["errors"].append(error_msg) return result workspace_name, resource_group, subscription_id = self.get_azure_context(ctx) if not (workspace_name and resource_group and subscription_id): error_msg = ( "Missing required Azure context (workspace_name, resource_group, " "subscription_id)." ) logger.error(error_msg) result["error"] = error_msg result["errors"].append(error_msg) return result try: client = self.get_securityinsight_client(subscription_id) s = client.security_ml_analytics_settings.get( resource_group, workspace_name, setting_name ) s_dict = s.as_dict() if hasattr(s, "as_dict") else dict(s) enriched = { "id": s_dict.get("id"), "name": s_dict.get("name"), "kind": s_dict.get("kind"), "etag": s_dict.get("etag"), "type": s_dict.get("type"), "description": s_dict.get("description"), "display_name": s_dict.get("display_name"), "enabled": s_dict.get("enabled"), "last_modified_utc": s_dict.get("last_modified_utc"), "required_data_connectors": s_dict.get("required_data_connectors"), "tactics": s_dict.get("tactics"), "techniques": s_dict.get("techniques"), "anomaly_version": s_dict.get("anomaly_version"), "customizable_observations": s_dict.get("customizable_observations"), "frequency": s_dict.get("frequency"), "settings_status": s_dict.get("settings_status"), "is_default_settings": s_dict.get("is_default_settings"), "anomaly_settings_version": s_dict.get("anomaly_settings_version"), "settings_definition_id": s_dict.get("settings_definition_id"), "properties": None, "referenced_by_analytic_rules": [], } # Parse 'properties' if present props = getattr(s, "properties", None) if props is not None: if hasattr(props, "as_dict"): enriched["properties"] = props.as_dict() elif isinstance(props, dict): enriched["properties"] = props else: enriched["properties"] = {"raw": str(props)} # Attempt to find analytic rules that reference this ML setting analytic_rules = [] for rule in client.alert_rules.list(resource_group, workspace_name): rule_dict = rule.as_dict() if hasattr(rule, "as_dict") else dict(rule) found_ref = False for val in rule_dict.values(): if isinstance(val, str) and ( enriched["name"] in val or enriched["id"] in val ): found_ref = True elif isinstance(val, dict): if any( enriched["name"] in str(v) or enriched["id"] in str(v) for v in val.values() ): found_ref = True elif isinstance(val, list): if any( enriched["name"] in str(v) or enriched["id"] in str(v) for v in val ): found_ref = True if found_ref: analytic_rules.append( { "rule_name": rule_dict.get( "display_name", rule_dict.get("name") ), "rule_id": rule_dict.get("id"), "rule_kind": rule_dict.get("kind"), } ) enriched["referenced_by_analytic_rules"] = analytic_rules result["setting"] = enriched result["valid"] = True except Exception as ex: error_msg = f"Error retrieving ML analytics setting: {ex}" logger.exception(error_msg) result["error"] = error_msg result["errors"].append(error_msg) return result
  • tools/workspace_tools.py:570-579 (registration)
    The registration function that registers the SentinelMLAnalyticsSettingGetTool (and other related tools) with the MCP server instance.
    def register_tools(mcp): """Register all Sentinel workspace-related tools with the MCP server instance.""" SentinelWorkspaceGetTool.register(mcp) SentinelSourceControlsListTool.register(mcp) SentinelSourceControlGetTool.register(mcp) SentinelMetadataListTool.register(mcp) SentinelMetadataGetTool.register(mcp) SentinelMLAnalyticsSettingsListTool.register(mcp) SentinelMLAnalyticsSettingGetTool.register(mcp)
  • tools/workspace_tools.py:454-461 (schema)
    Tool class definition including name, description, and docstring outlining input ('setting_name') and output schema.
    class SentinelMLAnalyticsSettingGetTool(MCPToolBase): """ Tool for retrieving a specific Sentinel ML analytics setting by name. """ name = "sentinel_ml_analytics_setting_get" description = "Get a specific Sentinel ML analytics setting by name."

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dstreefkerk/ms-sentinel-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server