From c77aa99b09cd5956b610f9a61f60a62eaf9d24f8 Mon Sep 17 00:00:00 2001 From: Guoyu Hao Date: Mon, 5 Jan 2026 15:27:21 -0800 Subject: [PATCH 1/5] Add a configuration file for Microsoft Sentinel Graph MCP tool --- .../microsoft-sentinel-graph-mcp-server.json | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 partners/servers/microsoft-sentinel-graph-mcp-server.json diff --git a/partners/servers/microsoft-sentinel-graph-mcp-server.json b/partners/servers/microsoft-sentinel-graph-mcp-server.json new file mode 100644 index 0000000..e082dd1 --- /dev/null +++ b/partners/servers/microsoft-sentinel-graph-mcp-server.json @@ -0,0 +1,47 @@ +{ + "name": "ms-sentinel-graph", + "title": "Microsoft Sentinel Graph", + "summary": "The graph MCP tool enables natural-language graph analysis across Microsoft Sentinel graphs, allowing users to explore relationships, traverse entities, and extract actionable security insights from first-party and custom graph data.", + "description": "The graph MCP tool enables natural-language graph analysis across Microsoft Sentinel graphs, allowing users to explore relationships, traverse entities, and extract actionable security insights from first-party and custom graph data. Learn more: https://aka.ms/mcp/data-exploration", + "vendor": "Microsoft", + "kind": "mcp", + "remote": "https://sentinel.microsoft.com/mcp/graph", + "icon": "https://cdn.jsdelivr.net/gh/Azure/MCP/community/registry/icons/Sentinel.svg", + "externalDocumentation": { + "title": "Microsoft Sentinel Graph documentation", + "url": "https://aka.ms/mcp/data-exploration" + }, + "license": { + "name": "Microsoft License", + "url": "https://www.microsoft.com/licensing/terms/welcome/welcomepage" + }, + "useCases": [ + { + "name": "Exposure-to-Critical Asset Path Analysis", + "description": "Build security agents that discover and enumerate realistic attack paths from exposed or vulnerable entry points—such as internet-facing virtual machines or compromised identities—to critical assets like databases, Key Vaults, or sensitive storage accounts, using walkable paths to focus on reachable risks." + }, + { + "name": "Compromised Entity Blast Radius Analysis", + "description": "Build security agents that assess the potential impact of a compromised user, managed identity, or virtual machine by traversing connected permissions, identities, and resources to determine how far an attacker could move and which assets could be affected." + } + ], + "categories": "Security", + "tags": ["security", "sentinel", "graph"], + "supportContactInfo": { + "name": "Microsoft Customer Support", + "email": "support@microsoft.com"}, + "versionName": "original", + "securitySchemes": { + "sentinelOAuth": { + "type": "oauth2", + "description": "Authenticate with Microsoft Sentinel using OAuth2 authorization code flow with PKCE support.", + "flows": ["authorizationCode"], + "authorizationUrl": "https://login.microsoftonline.com", + "tokenUrl": "https://login.microsoftonline.com", + "scopes": [] + } + }, + "visibility": "true", + "authSchemas":["OAuth2"], + "audience": "4500ebfb-89b6-4b14-a480-7f749797bfcd" +} \ No newline at end of file From 2061facac10ec2f38716ae37cf73410629ef69fa Mon Sep 17 00:00:00 2001 From: Guoyu Hao Date: Mon, 5 Jan 2026 15:35:51 -0800 Subject: [PATCH 2/5] Update the summary and description to make it shorter and clean --- partners/servers/microsoft-sentinel-graph-mcp-server.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/partners/servers/microsoft-sentinel-graph-mcp-server.json b/partners/servers/microsoft-sentinel-graph-mcp-server.json index e082dd1..a0c3efb 100644 --- a/partners/servers/microsoft-sentinel-graph-mcp-server.json +++ b/partners/servers/microsoft-sentinel-graph-mcp-server.json @@ -1,8 +1,8 @@ { "name": "ms-sentinel-graph", "title": "Microsoft Sentinel Graph", - "summary": "The graph MCP tool enables natural-language graph analysis across Microsoft Sentinel graphs, allowing users to explore relationships, traverse entities, and extract actionable security insights from first-party and custom graph data.", - "description": "The graph MCP tool enables natural-language graph analysis across Microsoft Sentinel graphs, allowing users to explore relationships, traverse entities, and extract actionable security insights from first-party and custom graph data. Learn more: https://aka.ms/mcp/data-exploration", + "summary": "The Graph MCP tool enables natural-language analysis of Microsoft Sentinel graphs to explore relationships and uncover security insights.", + "description": "The Graph MCP tool enables natural-language analysis of Microsoft Sentinel graphs to explore relationships and uncover security insights. Learn more: https://aka.ms/mcp/data-exploration", "vendor": "Microsoft", "kind": "mcp", "remote": "https://sentinel.microsoft.com/mcp/graph", From d7f4ee8fedc418688da485195a4e9e43fefeebac Mon Sep 17 00:00:00 2001 From: Guoyu Hao Date: Mon, 5 Jan 2026 15:45:34 -0800 Subject: [PATCH 3/5] Update the key of security scheme to avoid conflict --- partners/servers/microsoft-sentinel-graph-mcp-server.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/partners/servers/microsoft-sentinel-graph-mcp-server.json b/partners/servers/microsoft-sentinel-graph-mcp-server.json index a0c3efb..0a5e681 100644 --- a/partners/servers/microsoft-sentinel-graph-mcp-server.json +++ b/partners/servers/microsoft-sentinel-graph-mcp-server.json @@ -32,7 +32,7 @@ "email": "support@microsoft.com"}, "versionName": "original", "securitySchemes": { - "sentinelOAuth": { + "sentinelGraphOAuth": { "type": "oauth2", "description": "Authenticate with Microsoft Sentinel using OAuth2 authorization code flow with PKCE support.", "flows": ["authorizationCode"], From 277e9d305df8d226ab94da9f21f4dde7e8d17464 Mon Sep 17 00:00:00 2001 From: Guoyu Hao Date: Thu, 8 Jan 2026 04:36:22 -0800 Subject: [PATCH 4/5] Add one more use case to cover exposure perimeter scenario --- partners/servers/microsoft-sentinel-graph-mcp-server.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/partners/servers/microsoft-sentinel-graph-mcp-server.json b/partners/servers/microsoft-sentinel-graph-mcp-server.json index 0a5e681..490a25e 100644 --- a/partners/servers/microsoft-sentinel-graph-mcp-server.json +++ b/partners/servers/microsoft-sentinel-graph-mcp-server.json @@ -23,6 +23,10 @@ { "name": "Compromised Entity Blast Radius Analysis", "description": "Build security agents that assess the potential impact of a compromised user, managed identity, or virtual machine by traversing connected permissions, identities, and resources to determine how far an attacker could move and which assets could be affected." + }, + { + "name": "Exposure Perimeter Mapping", + "description": "Build security agents that identify the exposure perimeter of a resource, identity, or service by finding all incoming access paths from external or less-trusted entities, highlighting how attackers could reach the target and where defensive controls can be applied." } ], "categories": "Security", From b7ccefb0462bba5a61bd2f8c8a989fb339ab854d Mon Sep 17 00:00:00 2001 From: Guoyu Hao Date: Mon, 12 Jan 2026 10:30:33 -0800 Subject: [PATCH 5/5] Update the documentation link --- partners/servers/microsoft-sentinel-graph-mcp-server.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/partners/servers/microsoft-sentinel-graph-mcp-server.json b/partners/servers/microsoft-sentinel-graph-mcp-server.json index 490a25e..8f66cf3 100644 --- a/partners/servers/microsoft-sentinel-graph-mcp-server.json +++ b/partners/servers/microsoft-sentinel-graph-mcp-server.json @@ -2,14 +2,14 @@ "name": "ms-sentinel-graph", "title": "Microsoft Sentinel Graph", "summary": "The Graph MCP tool enables natural-language analysis of Microsoft Sentinel graphs to explore relationships and uncover security insights.", - "description": "The Graph MCP tool enables natural-language analysis of Microsoft Sentinel graphs to explore relationships and uncover security insights. Learn more: https://aka.ms/mcp/data-exploration", + "description": "The Graph MCP tool enables natural-language analysis of Microsoft Sentinel graphs to explore relationships and uncover security insights. Learn more: https://aka.ms/mcp/sentinel-graph", "vendor": "Microsoft", "kind": "mcp", "remote": "https://sentinel.microsoft.com/mcp/graph", "icon": "https://cdn.jsdelivr.net/gh/Azure/MCP/community/registry/icons/Sentinel.svg", "externalDocumentation": { "title": "Microsoft Sentinel Graph documentation", - "url": "https://aka.ms/mcp/data-exploration" + "url": "https://aka.ms/mcp/sentinel-graph" }, "license": { "name": "Microsoft License",