Microsoft Sentinel MCP Server

Why use Microsoft Sentinel Data Exploration MCP?

• Search for relevant security tables and retrieve data from Microsoft Sentinel's data lake using natural language
• OAuth 2.0 authentication with remote MCP endpoint accessible to any MCP-compatible IDE, agent, or tool
• Purpose-built for security operations with autonomous agents that select tables, aggregate data, and flag patterns

What can you do with Microsoft Sentinel Data Exploration MCP?

• Build security agents for password-spray detection by aggregating login attempts and flagging suspicious patterns
• Detect impossible travel by correlating sign-in events, calculating geodistance, and identifying credential compromise
• Analyze multi-factor auth failures, scan for dormant account wake-ups, and build security investigation timelines

For clarity, this is a Non-SFDC Application as defined in Customer's Main Services Agreement at Agreements - Salesforce.com or a written Main Services Agreement if executed by Customer.