Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| MCP_GITHUB_TOKEN | No | Optional GitHub personal access token used to avoid rate limits when querying live repositories or to access private repositories. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| analyze_solutions | Run full analysis on all Microsoft Sentinel solutions, extracting connector-table mappings |
| get_connector_tables | Get table mappings for a specific connector ID |
| search_solutions | Search solutions by name, publisher, or keyword |
| get_solution_details | Get detailed information about a specific solution (fast - only analyzes requested solution) |
| list_tables | Get all unique tables across all solutions |
| validate_connector | Validate a connector JSON definition and extract tables |
| list_detections | List and filter Microsoft Sentinel detection rules (analytics) - search by solution, severity, tactic, technique, name, query content, or file path. Returns max 100 results by default. |
| get_detection_details | Get detailed information about a specific detection rule |
| list_workbooks | List and filter Microsoft Sentinel workbooks - search by solution, category, name, or file path. Returns max 100 results by default. |
| get_workbook_details | Get detailed information about a specific workbook |
| list_hunting_queries | List and filter Microsoft Sentinel hunting queries - search by solution, tactic, technique, name, query content, or file path. Returns max 100 results by default. |
| list_playbooks | List Microsoft Sentinel playbooks (Logic Apps) - search by solution, name, or file path. Returns max 100 results by default. |
| list_parsers | List Microsoft Sentinel parsers (KQL functions) - search by solution, name, query content, or file path. Returns max 100 results by default. |
| list_watchlists | List Microsoft Sentinel watchlists - search by solution, name, or file path. Returns max 100 results by default. |
| list_notebooks | List Microsoft Sentinel Jupyter notebooks - search by solution, name, or file path. Returns max 100 results by default. |
| list_exploration_queries | List Microsoft Sentinel exploration queries - search by solution, name, query content, or file path. Returns max 100 results by default. |
| list_functions | List Microsoft Sentinel saved functions - search by solution, name, query content, or file path. Returns max 100 results by default. |
| list_asim_content | List Microsoft Sentinel ASIM (Advanced Security Information Model) content - search by type, name, or file path. Returns max 100 results by default. |
| list_summary_rules | List Microsoft Sentinel summary rules - search by solution, name, query content, or file path. Returns max 100 results by default. |
| list_tools | List Microsoft Sentinel tools and utilities - search by category, name, or file path. Returns max 100 results by default. |
| list_tutorials | List Microsoft Sentinel tutorials and learning resources - search by name or file path. Returns max 100 results by default. |
| list_dashboards | List Microsoft Sentinel dashboards - search by solution, name, or file path. Returns max 100 results by default. |
| list_data_connectors | List Microsoft Sentinel data connectors - search by connector type, name, or file path. Returns max 100 results by default. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |