MCP Defender (mcp-msdefenderkql)
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| AZURE_CLIENT_ID | Yes | Azure AD client ID | |
| AZURE_TENANT_ID | Yes | Azure AD tenant ID | |
| AZURE_CLIENT_SECRET | No | Azure AD client secret | |
| AZURE_CLIENT_CERTIFICATE_PATH | No | Path to combined certificate file (private key + certificate) |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| run_hunting_queryA | Execute a KQL (Kusto Query Language) query against Microsoft Defender Advanced Hunting. Use this to investigate security events across endpoints, email, identity, and cloud apps. Always call get_hunting_schema first to understand available tables and columns. |
| get_hunting_schemaA | Get the Advanced Hunting schema with available tables and columns. Call this before writing queries to understand what data is available. Returns table names, column names, and data types. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/trickyfalcon/mcp-defender'
If you have feedback or need assistance with the MCP directory API, please join our Discord server