Summary
Connects to Microsoft Sentinel's data lake via OAuth and lets Claude query security telemetry using natural language. You get tools to search for relevant tables and retrieve data without writing KQL by hand. Useful when building security agents that need to hunt for password sprays, detect impossible travel patterns, flag MFA anomalies, or spot dormant accounts that suddenly wake up. The server handles translating conversational queries into actual data lake operations, so you can prototype threat detection logic in Claude before formalizing it into production queries. Remote endpoint means no local setup, just authenticate and start exploring your security logs.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Microsoft Sentinel Data Exploration
INSTALL 
The data exploration tool collection in the Microsoft Sentinel MCP server lets you search for relevant tables and retrieve data from Microsoft Sentinel's data lake using natural language.
🌐 The Microsoft Sentinel Data Exploration MCP Server Endpoint
The Microsoft Sentinel Data Exploration MCP Server is accessible to any IDE, agent, or tool that supports the Model Context Protocol (MCP). Any compatible client can connect to the following remote MCP endpoint:
Authentication OAuth 2.0
🧩 Use cases
Password-Spray Hunt Build security agents that autonomously select relevant sign-in tables, aggregates login attempts by user and IP, and flags patterns consistent with password-spray behavior—like low-frequency attempts over several months across many accounts.
Impossible Travel Check Build security agents that correlate sign-in events by user, calculates geodistance and time gaps between logins, and flags cases where travel speed exceeds realistic thresholds, suggesting credential compromise.
Multi-factor authorization failures Build security agents that analyzes multi-factor auth logs to detect spikes in failure rates, clustering by user, IP, or time window, and surfaces anomalies that deviate from baseline behavior over long periods.
Dormant Account wake-up Build security agents that based on inactivity thresholds, scans for accounts with long silence followed by recent activity, and builds a timeline showing when and how these accounts re-engaged.
📚 Learn more
Explore Microsoft Sentinel data lake with data exploration collection
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
TransportHTTP
UpdatedJan 15, 2026
