Security Copilot
MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.
What is Security Copilot?
Security Copilot is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server that integrates with security copilot, sentinel and other tools (in the future). it enhance the process of developing , testing and uploading security copilot artifacts.
MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- MCP Server that integrates with Security Copilot, Sentinel a
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx securitycopilotmcpserverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Security Copilot
The Security Copilot MCP Server bridges AI assistants with Microsoft Security Copilot and Azure Sentinel, enabling you to run KQL queries against Sentinel workspaces, manage Security Copilot skillsets, upload custom plugins, and execute Security Copilot prompts — all from within your AI chat interface. It is built in Python and authenticates to Azure using either interactive browser login or service principal client secrets, making it suitable for both individual security analysts and automated CI/CD pipelines. This server streamlines the development, testing, and deployment of Security Copilot artifacts without requiring constant context-switching between tools.
Prerequisites
- Python 3.8+ with pip installed
- An Azure subscription with Microsoft Sentinel configured (workspace name, resource group, subscription ID, and workspace ID)
- Access to Microsoft Security Copilot (licensed and provisioned in your Azure tenant)
- Azure credentials: either an account with interactive login rights, or a service principal with AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET
- An MCP-compatible client such as Claude Desktop, Cursor, or Claude Code
Clone the repository and install Python dependencies
Clone the SecurityCopilotMCPServer repository and install its Python requirements using pip.
git clone https://github.com/jguimera/SecurityCopilotMCPServer.git
cd SecurityCopilotMCPServer
pip install -r requirements.txtCreate the .env configuration file
Create a `.env` file in the project root with your Azure Sentinel workspace details and preferred authentication type. Use `interactive` for browser-based login or `client_secret` for unattended service principal auth.
SENTINEL_SUBSCRIPTION_ID=your-azure-subscription-id
SENTINEL_RESOURCE_GROUP=your-resource-group-name
SENTINEL_WORKSPACE_NAME=your-sentinel-workspace-name
SENTINEL_WORKSPACE_ID=your-sentinel-workspace-id
AUTHENTICATION_TYPE=interactive
# For service principal auth, also add:
# AZURE_TENANT_ID=your-tenant-id
# AZURE_CLIENT_ID=your-client-id
# AZURE_CLIENT_SECRET=your-client-secretRun the built-in tests to verify connectivity
Before connecting an MCP client, validate your configuration by running the server in test mode. This checks Azure authentication and Sentinel connectivity.
python server.py --run-testsAdd the server to your MCP client configuration
Add a server entry to your MCP client's config file. The server runs via `python server.py` using stdio transport.
{
"mcpServers": {
"securitycopilot": {
"command": "python",
"args": ["/absolute/path/to/SecurityCopilotMCPServer/server.py"]
}
}
}Restart your MCP client and verify tools
Restart Claude Desktop or your editor. The four tools — run_sentinel_query, get_skillsets, upload_plugin, and run_prompt — should now be available in your AI assistant.
Security Copilot Examples
Client configuration
Claude Desktop configuration for the Security Copilot MCP server using the Python stdio transport.
{
"mcpServers": {
"securitycopilot": {
"command": "python",
"args": ["/path/to/SecurityCopilotMCPServer/server.py"]
}
}
}Prompts to try
Example prompts that use the four exposed tools against Sentinel and Security Copilot.
- "Run a Sentinel KQL query to list the top 10 sign-in failures from the last 24 hours"
- "List all available skillsets in Security Copilot"
- "Upload my custom phishing detection plugin to Security Copilot"
- "Run the Security Copilot prompt: List the most recent risky users in my tenant"
- "Query Sentinel for any alerts triggered by IP address 203.0.113.42 in the past week"Troubleshooting Security Copilot
Azure authentication fails or times out with interactive mode
Ensure your system browser can open the Azure login page. If running headlessly (e.g., in a container), switch to `client_secret` authentication by setting AUTHENTICATION_TYPE=client_secret and providing AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET in the .env file.
KQL queries return an empty result or a 403 error
Verify that your Azure account or service principal has at least the `Log Analytics Reader` role on the Sentinel workspace. Also confirm that SENTINEL_WORKSPACE_ID and SENTINEL_WORKSPACE_NAME are correct.
Python module not found errors on startup
Run `pip install -r requirements.txt` again in the same Python environment that the MCP server will use. If you have multiple Python versions, ensure the `python` command in your MCP config points to the correct interpreter (use absolute path, e.g. `/usr/local/bin/python3`).
Frequently Asked Questions about Security Copilot
What is Security Copilot?
Security Copilot is a Model Context Protocol (MCP) server that mcp server that integrates with security copilot, sentinel and other tools (in the future). it enhance the process of developing , testing and uploading security copilot artifacts. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Security Copilot?
Follow the installation instructions on the Security Copilot GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Security Copilot?
Security Copilot works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Security Copilot free to use?
Yes, Security Copilot is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
Security Copilot Alternatives — Similar Security Servers
Looking for alternatives to Security Copilot? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Security Copilot in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Security Copilot?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.