Security Copilot

v1.0.0Securitystable

MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.

securitycopilotmcpservermcpai-integration
Share:
23
Stars
0
Downloads
0
Weekly
0/5

What is Security Copilot?

Security Copilot is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp server that integrates with security copilot, sentinel and other tools (in the future). it enhance the process of developing , testing and uploading security copilot artifacts.

MCP Server that integrates with Security Copilot, Sentinel and other tools (in the future). It enhance the process of developing , testing and uploading Security Copilot artifacts.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • MCP Server that integrates with Security Copilot, Sentinel a

Use Cases

Develop, test, and upload Security Copilot artifacts.
Integrate with Microsoft Sentinel and other security tools.
jguimera

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedApr 23, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx securitycopilotmcpserver

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Security Copilot

The Security Copilot MCP Server bridges AI assistants with Microsoft Security Copilot and Azure Sentinel, enabling you to run KQL queries against Sentinel workspaces, manage Security Copilot skillsets, upload custom plugins, and execute Security Copilot prompts — all from within your AI chat interface. It is built in Python and authenticates to Azure using either interactive browser login or service principal client secrets, making it suitable for both individual security analysts and automated CI/CD pipelines. This server streamlines the development, testing, and deployment of Security Copilot artifacts without requiring constant context-switching between tools.

Prerequisites

  • Python 3.8+ with pip installed
  • An Azure subscription with Microsoft Sentinel configured (workspace name, resource group, subscription ID, and workspace ID)
  • Access to Microsoft Security Copilot (licensed and provisioned in your Azure tenant)
  • Azure credentials: either an account with interactive login rights, or a service principal with AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET
  • An MCP-compatible client such as Claude Desktop, Cursor, or Claude Code
1

Clone the repository and install Python dependencies

Clone the SecurityCopilotMCPServer repository and install its Python requirements using pip.

git clone https://github.com/jguimera/SecurityCopilotMCPServer.git
cd SecurityCopilotMCPServer
pip install -r requirements.txt
2

Create the .env configuration file

Create a `.env` file in the project root with your Azure Sentinel workspace details and preferred authentication type. Use `interactive` for browser-based login or `client_secret` for unattended service principal auth.

SENTINEL_SUBSCRIPTION_ID=your-azure-subscription-id
SENTINEL_RESOURCE_GROUP=your-resource-group-name
SENTINEL_WORKSPACE_NAME=your-sentinel-workspace-name
SENTINEL_WORKSPACE_ID=your-sentinel-workspace-id
AUTHENTICATION_TYPE=interactive

# For service principal auth, also add:
# AZURE_TENANT_ID=your-tenant-id
# AZURE_CLIENT_ID=your-client-id
# AZURE_CLIENT_SECRET=your-client-secret
3

Run the built-in tests to verify connectivity

Before connecting an MCP client, validate your configuration by running the server in test mode. This checks Azure authentication and Sentinel connectivity.

python server.py --run-tests
4

Add the server to your MCP client configuration

Add a server entry to your MCP client's config file. The server runs via `python server.py` using stdio transport.

{
  "mcpServers": {
    "securitycopilot": {
      "command": "python",
      "args": ["/absolute/path/to/SecurityCopilotMCPServer/server.py"]
    }
  }
}
5

Restart your MCP client and verify tools

Restart Claude Desktop or your editor. The four tools — run_sentinel_query, get_skillsets, upload_plugin, and run_prompt — should now be available in your AI assistant.

Security Copilot Examples

Client configuration

Claude Desktop configuration for the Security Copilot MCP server using the Python stdio transport.

{
  "mcpServers": {
    "securitycopilot": {
      "command": "python",
      "args": ["/path/to/SecurityCopilotMCPServer/server.py"]
    }
  }
}

Prompts to try

Example prompts that use the four exposed tools against Sentinel and Security Copilot.

- "Run a Sentinel KQL query to list the top 10 sign-in failures from the last 24 hours"
- "List all available skillsets in Security Copilot"
- "Upload my custom phishing detection plugin to Security Copilot"
- "Run the Security Copilot prompt: List the most recent risky users in my tenant"
- "Query Sentinel for any alerts triggered by IP address 203.0.113.42 in the past week"

Troubleshooting Security Copilot

Azure authentication fails or times out with interactive mode

Ensure your system browser can open the Azure login page. If running headlessly (e.g., in a container), switch to `client_secret` authentication by setting AUTHENTICATION_TYPE=client_secret and providing AZURE_TENANT_ID, AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET in the .env file.

KQL queries return an empty result or a 403 error

Verify that your Azure account or service principal has at least the `Log Analytics Reader` role on the Sentinel workspace. Also confirm that SENTINEL_WORKSPACE_ID and SENTINEL_WORKSPACE_NAME are correct.

Python module not found errors on startup

Run `pip install -r requirements.txt` again in the same Python environment that the MCP server will use. If you have multiple Python versions, ensure the `python` command in your MCP config points to the correct interpreter (use absolute path, e.g. `/usr/local/bin/python3`).

Frequently Asked Questions about Security Copilot

What is Security Copilot?

Security Copilot is a Model Context Protocol (MCP) server that mcp server that integrates with security copilot, sentinel and other tools (in the future). it enhance the process of developing , testing and uploading security copilot artifacts. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Security Copilot?

Follow the installation instructions on the Security Copilot GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Security Copilot?

Security Copilot works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Security Copilot free to use?

Yes, Security Copilot is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Security Copilot Alternatives — Similar Security Servers

Looking for alternatives to Security Copilot? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "securitycopilotmcpserver": { "command": "npx", "args": ["-y", "securitycopilotmcpserver"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Security Copilot?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides