ms-sentinel-mcp-server

Overview Inspect Schema Related Servers Score Discussions

sentinel_ti_indicator_metrics_collect

Collect metrics for threat intelligence indicators in Microsoft Sentinel to analyze security data and monitor potential threats.

Instructions

Collect metrics for Sentinel threat intelligence indicators

Input Schema

TableJSON Schema

Name	Required	Description	Default
`kwargs`	Yes

Implementation Reference

tools/threat_intel_tools.py:393-426 (handler)
The async `run` method that executes the tool's core logic: validates Azure context, constructs the API URL for Sentinel TI metrics, calls the REST API, and returns metrics or error.
async def run(self, ctx: Context, **kwargs): """ Collect metrics for Sentinel Threat Intelligence indicators in the workspace. Args: ctx (Context): The MCP tool context. **kwargs: Not used. Returns: dict: Results as described in the class docstring. """ workspace_name, resource_group, subscription_id = self.get_azure_context(ctx) valid = self.validate_azure_context( True, workspace_name, resource_group, subscription_id, self.logger ) if not valid: return {"error": "Missing required Azure context", "valid": False} try: url = ( f"https://management.azure.com/subscriptions/{subscription_id}/" f"resourceGroups/{resource_group}/providers/Microsoft.OperationalInsights/" f"workspaces/{workspace_name}/providers/Microsoft.SecurityInsights/" f"threatIntelligence/main/metrics?api-version=2024-01-01-preview" ) metrics = await self.call_api( ctx, "GET", url, name="list_ti_indicator_metrics" ) return {"metrics": metrics, "valid": True} except Exception as e: self.logger.error("Error collecting threat intelligence metrics: %s", e) return { "error": "Error collecting threat intelligence metrics: %s" % e, "valid": False, }
tools/threat_intel_tools.py:437-437 (registration)
Registers the `SentinelThreatIntelligenceIndicatorMetricsCollectTool` (which defines the 'sentinel_ti_indicator_metrics_collect' tool) with the FastMCP server instance.
SentinelThreatIntelligenceIndicatorMetricsCollectTool.register(mcp)
tools/threat_intel_tools.py:378-392 (schema)
Class definition including tool name, description, and docstring outlining input (none) and output schema (metrics dict, valid bool, optional error).
class SentinelThreatIntelligenceIndicatorMetricsCollectTool(MCPToolBase): """ Tool to collect metrics for Sentinel Threat Intelligence indicators. Returns: dict: { 'metrics': dict, # Metrics details as returned by the API 'valid': bool, # True if successful 'error': str (optional) } """ name = "sentinel_ti_indicator_metrics_collect" description = "Collect metrics for Sentinel threat intelligence indicators"

This server cannot be installed

Other Tools

Latest Blog Posts

Model Context Protocol Proxies: Enabling Enterprise Control with Virtual MCPs
By Om-Shree-0709 on December 9, 2025.
AI Security
Virtual MCP
Kubernetes Operator
The State of MCP in 2025: Who's Building What and Why It Matters
By punkpeye on December 7, 2025.
mcp
startups
MCP hosting with persistent storage
By punkpeye on December 6, 2025.
changelog

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dstreefkerk/ms-sentinel-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server