Skip to main content
Glama
deenesjakoruzh
dstreefkerk

ms-sentinel-mcp-server

by dstreefkerk
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

sentinel_ti_indicator_metrics_collect

Collect metrics for threat intelligence indicators in Microsoft Sentinel to analyze security data and monitor potential threats.

Instructions

Collect metrics for Sentinel threat intelligence indicators

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
kwargsYes

Implementation Reference

  • tools/threat_intel_tools.py:393-426 (handler)
    The core handler function that implements the tool logic. It fetches Azure workspace details, constructs the API endpoint for threat intelligence metrics, calls the API via self.call_api, and returns the metrics or an error.
    async def run(self, ctx: Context, **kwargs): """ Collect metrics for Sentinel Threat Intelligence indicators in the workspace. Args: ctx (Context): The MCP tool context. **kwargs: Not used. Returns: dict: Results as described in the class docstring. """ workspace_name, resource_group, subscription_id = self.get_azure_context(ctx) valid = self.validate_azure_context( True, workspace_name, resource_group, subscription_id, self.logger ) if not valid: return {"error": "Missing required Azure context", "valid": False} try: url = ( f"https://management.azure.com/subscriptions/{subscription_id}/" f"resourceGroups/{resource_group}/providers/Microsoft.OperationalInsights/" f"workspaces/{workspace_name}/providers/Microsoft.SecurityInsights/" f"threatIntelligence/main/metrics?api-version=2024-01-01-preview" ) metrics = await self.call_api( ctx, "GET", url, name="list_ti_indicator_metrics" ) return {"metrics": metrics, "valid": True} except Exception as e: self.logger.error("Error collecting threat intelligence metrics: %s", e) return { "error": "Error collecting threat intelligence metrics: %s" % e, "valid": False, }
  • tools/threat_intel_tools.py:378-392 (schema)
    Class definition including tool name, description, and docstring outlining the expected input (none) and output schema (metrics dict, valid bool, optional error).
    class SentinelThreatIntelligenceIndicatorMetricsCollectTool(MCPToolBase): """ Tool to collect metrics for Sentinel Threat Intelligence indicators. Returns: dict: { 'metrics': dict, # Metrics details as returned by the API 'valid': bool, # True if successful 'error': str (optional) } """ name = "sentinel_ti_indicator_metrics_collect" description = "Collect metrics for Sentinel threat intelligence indicators"
  • tools/threat_intel_tools.py:429-437 (registration)
    The registration function that registers this tool (via .register(mcp)) along with other related Sentinel TI tools to the FastMCP instance.
    def register_tools(mcp: FastMCP): """ Register all Sentinel Threat Intelligence tools with the given MCP instance. Args: mcp (FastMCP): The MCP instance to register tools with. """ SentinelThreatIntelligenceIndicatorGetTool.register(mcp) SentinelThreatIntelligenceIndicatorMetricsCollectTool.register(mcp)

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dstreefkerk/ms-sentinel-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server