Skip to main content
Glama
deenesjakoruzh
dstreefkerk

ms-sentinel-mcp-server

by dstreefkerk
OverviewInspectSchemaRelated ServersScoreDiscussions
Python
Remote

sentinel_workspace_get

Retrieve workspace details from Microsoft Sentinel to monitor security operations and manage incident response data.

Instructions

Get workspace information (refactored, MCP-compliant)

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
kwargsYes

Implementation Reference

  • tools/workspace_tools.py:25-104 (handler)
    The main handler function (run method) of SentinelWorkspaceGetTool that retrieves detailed information about the Sentinel Log Analytics workspace using Azure SDK clients.
    async def run(self, ctx: Context, **kwargs): """ Get detailed information about the current Sentinel Log Analytics workspace. Returns: dict: { 'workspace_name': str, 'resource_group': str, 'subscription_id': str, 'properties': dict, # workspace properties or empty if unavailable 'additional_information': list[str], 'error': str (optional, present only if an error occurs) } Output Fields: - workspace_name: The name of the Sentinel Log Analytics workspace. - resource_group: The Azure resource group for the workspace. - subscription_id: The Azure subscription ID. - properties: Detailed properties about the workspace (location, SKU, retention, etc.). - additional_information: Guidance on related tools and next steps. - error: Error message if an error occurs (optional). Error cases will always include an 'error' key for testability. Parameters are extracted from both kwargs and kwargs['kwargs'] for MCP compatibility. Azure Context Fallback: - Supports both MCP server and direct invocation. - If ctx.request_context is not available, falls back to environment variables for Azure context: AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_SUBSCRIPTION_ID, AZURE_RESOURCE_GROUP, AZURE_WORKSPACE_NAME. """ logger = self.logger # Extract parameters from both kwargs and kwargs['kwargs'] (future-proof, # even if unused) params = dict(kwargs) if "kwargs" in kwargs and isinstance(kwargs["kwargs"], dict): params.update(kwargs["kwargs"]) # Extract context (assume .env is loaded and Context is configured) workspace_name, resource_group, subscription_id = self.get_azure_context(ctx) result = { "workspace_name": workspace_name, "resource_group": resource_group, "subscription_id": subscription_id, "properties": {}, "additional_information": [ "For data connector details, use the `sentinel_connectors_list` tool.", "For analytics rules details, use the `list_analytics_rules` tool.", ], } try: client = self.get_loganalytics_client(subscription_id) ws = await run_in_thread( client.workspaces.get, resource_group, workspace_name ) result["properties"] = { "location": ws.location, "sku": getattr(ws.sku, "name", None), "sku_description": getattr(ws.sku, "description", None), "last_sku_update": str(getattr(ws, "last_sku_update", "")), "retention_period_days": ws.retention_in_days, "daily_quota_gb": getattr(ws, "daily_quota_gb", None), "quota_reset_time": str(getattr(ws, "quota_reset_time", "")), "ingestion_status": getattr(ws, "ingestion_status", None), "public_network_access_ingestion": getattr( ws, "public_network_access_for_ingestion", None ), "public_network_access_query": getattr( ws, "public_network_access_for_query", None ), "created": str(getattr(ws, "created_date", "")), "last_modified": str(getattr(ws, "modified_date", "")), "features": getattr(ws, "features", {}), } except Exception as ex: error_msg = "Error retrieving workspace info: %s" % ex logger.exception("%s", error_msg) result["error"] = error_msg return result
  • tools/workspace_tools.py:570-579 (registration)
    The register_tools function that registers SentinelWorkspaceGetTool (sentinel_workspace_get) along with other workspace tools to the MCP server.
    def register_tools(mcp): """Register all Sentinel workspace-related tools with the MCP server instance.""" SentinelWorkspaceGetTool.register(mcp) SentinelSourceControlsListTool.register(mcp) SentinelSourceControlGetTool.register(mcp) SentinelMetadataListTool.register(mcp) SentinelMetadataGetTool.register(mcp) SentinelMLAnalyticsSettingsListTool.register(mcp) SentinelMLAnalyticsSettingGetTool.register(mcp)
  • tools/workspace_tools.py:16-24 (schema)
    Class definition including the tool name, description, and docstring outlining input/output schema.
    class SentinelWorkspaceGetTool(MCPToolBase): """ Tool for retrieving detailed information about the current Sentinel Log Analytics workspace. """ name = "sentinel_workspace_get" description = "Get workspace information (refactored, MCP-compliant)"

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/dstreefkerk/ms-sentinel-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server