Listen to this Post

Introduction: Security Operations Centers are undergoing a transformative shift with the integration of Generative AI. Microsoft’s Model Context Protocol (MCP) architecture now enables SOC analysts and managers to interact with critical security tools like Microsoft Sentinel through AI agents, automating complex data queries and incident analysis. This guide explores the practical implementation of these agents using Security Copilot and Copilot Studio.
Learning Objectives:
- Understand the architecture and components of Microsoft’s MCP servers and AI agents for security.
- Learn to build a custom toolset for the Sentinel MCP Server and a specialized agent in Security Copilot.
- Master advanced orchestration of multiple agents and workflows in Copilot Studio for scalable SOC automation.
1. Understanding the MCP Architecture and Core Components
Step‑by‑step guide explaining what this does and how to use it.
The Model Context Protocol (MCP) is the backbone that allows AI agents to interact securely with external systems and data. In the Microsoft security ecosystem, the Sentinel MCP Server acts as a bridge, exposing tools (like Kusto Query Language – KQL – capabilities) to AI clients such as Security Copilot.
Core Components: The architecture consists of MCP Servers (like the one for Sentinel), MCP Clients/AI Agents (built in Security Copilot or Copilot Studio), and Toolsets (collections of functions the server can execute).
Official Toolset References: The interaction is governed by specific tool collections within the Sentinel MCP Server:
Data Exploration Toolset: Used for ad-hoc KQL queries. Official Docs
Triage Toolset: Designed for incident-specific operations. Official Docs
Custom Toolsets: Allow you to publish your own specialized KQL queries as reliable, callable functions.
Getting Started: Before coding, ensure you have access to a Microsoft Sentinel workspace, Security Copilot, and the necessary permissions to create custom agents and toolsets.
2. Building the Foundation: Creating Specialized KQL Queries
Step‑by‑step guide explaining what this does and how to use it.
The power of a custom agent lies in the precision of its underlying queries. These KQL queries are later published as tools.
Objective: Create parameterized KQL queries that answer specific SOC questions (e.g., Mean Time to Resolve – MTTR, top impacted users).
Process: Use the Data Exploration toolset in Visual Studio Code (via the Sentinel MCP Server) to draft and refine your queries. Test them thoroughly in the Azure Data Explorer or Sentinel Logs interface first.
Example – Get MTTR for a Date Range: This query calculates the average time to close incidents. Strategic parameterization (like `StartTime` and EndTime) is crucial for agent flexibility.
// GetMeanTimeToResolve.kql - Parameterized Example SecurityIncident | where TimeGenerated >= datetime(StartTime) and TimeGenerated <= datetime(EndTime) | where Status == "Closed" | extend TimeToResolve = (LastModifiedTime - CreatedTime) | summarize MeanTimeToResolve = avg(TimeToResolve) by Classification | project Classification, MeanTimeToResolve
Key Practice: Design queries with clear input parameters that align with how a SOC manager might phrase a question in natural language.
- Publishing Queries as a Custom Toolset for the MCP Server
Step‑by‑step guide explaining what this does and how to use it.
Publishing queries as a custom toolset transforms them into stable, AI-callable functions, ensuring more consistent results than open-ended data exploration.
Objective: Package your KQL queries into a defined toolset the Sentinel MCP Server can offer to AI agents.
Process: Follow the Microsoft documentation to create and register your custom toolset. This involves defining your tools in a YAML manifest file.
Example YAML Manifest Snippet: This defines the `GetMeanTimeToResolve` tool from our KQL file.
IncidentsStatisticsToolset.yaml - Excerpt name: SOC-HighView-MCP description: Custom toolset for SOC high-level incident statistics. tools: - name: GetMeanTimeToResolve description: Calculates the Mean Time to Resolve (MTTR) for closed incidents within a specified time range. inputSchema: type: object properties: StartTime: type: string description: "Start time for the query (e.g., '2025-01-01')." EndTime: type: string description: "End time for the query (e.g., '2025-12-31')." ... configuration to link to the actual KQL file
Verification: After uploading the manifest via the Microsoft Defender portal (under “Configuration” > “MCP servers”), the new toolset appears as a connected data source for your agents.
- Creating and Testing a Specialized Agent in Security Copilot
Step‑by‑step guide explaining what this does and how to use it.
Agents in Security Copilot are configured to perform specific tasks using a defined set of tools and instructions.
Objective: Build a “Incidents Statistics Agent” that uses your custom toolset.
Process: Use the Agent Builder in Security Copilot. Provide a clear name, description, and, most importantly, precise instructions. The agent’s YAML definition is key.
Example Agent YAML Instructions: These instructions govern the agent’s behavior.
IncidentsStatisticsAgent.yaml - Instructions Excerpt instructions: | You are the Incidents Statistics Agent. Your purpose is to answer questions about incident statistics. - If asked about your capabilities, list the tools from the SOC-HighView-MCP toolset. - For questions about MTTR, MTTA, incident breakdowns, top impacted entities, etc., call the appropriate tool from the SOC-HighView-MCP toolset. - You MUST obtain values for the required parameters (like StartTime, EndTime) from the user's prompt. If not provided, ask for clarification or use sensible defaults like "last 7 days." - Decline any request unrelated to incident statistics. capabilities: - SOC-HighView-MCP Toolset
Testing: Rigorously test the agent with in-scope and out-of-scope prompts. A known limitation is that agents may struggle with prompts requiring sequential tool execution (e.g., “Get top users AND top devices”) and may run tools in parallel, causing failures.
5. Implementing Advanced Orchestration in Copilot Studio
Step‑by‑step guide explaining what this does and how to use it.
For complex, multi-step workflows, Copilot Studio provides a more powerful orchestration layer, allowing you to create a coordinator agent that manages multiple specialized child agents and Agent Flows.
Objective: Build a modular “SOC Manager Assistant” that can handle data retrieval, analysis, and reporting through separate components.
Architecture: Create a main agent that routes requests. For example, a request for “recommendations based on last month’s stats” would trigger an Agent Flow that:
1. Calls the “Incident Statistics” agent to get data.
2. Passes that data to the “Statistics Analyzer” agent for insights.
3. Formats the output and sends it via email using the Outlook connector.
Agent Flow Advantage: Flows enforce a fixed sequence of steps and can pass the output of one agent as the input to the next, which is a limitation when agents call each other directly.
- Solving the Workspace ID Challenge with Agent Flows
Step‑by‑step guide explaining what this does and how to use it.
A common hurdle is that custom toolsets often require an explicit `workspaceId` parameter, which SOC users don’t know. Built-in tools can auto-discover this, but custom tools cannot reliably identify a “default” workspace.
Problem: The agent constantly prompts the non-technical user for a workspaceId, breaking the conversation flow.
Solution: Implement an Agent Flow (e.g., GetWorkspaceId) that programmatically retrieves the ID. The flow can call a child agent that uses the built-in `list_sentinel_workspaces` tool, filter by a user-provided workspace name, and return the ID.
Implementation: The “Incident Statistics” agent’s instructions are updated to first call the `GetWorkspaceId` flow when needed, then pass the returned ID to the custom toolset. While not perfect, this pattern significantly improves user experience.
7. Configuring Automated Email Reporting
Step‑by‑step guide explaining what this does and how to use it.
Automating the delivery of reports via email completes the automation loop for SOC managers.
Objective: Configure an Agent Flow to send formatted analysis results by email.
Process: Within a Copilot Studio Agent Flow, after retrieving and analyzing data, use the Outlook connector action.
Key Consideration: For workflows taking over two minutes (e.g., complex data analysis), you must use a fire-and-forget invocation. The flow is triggered asynchronously, and the final report is delivered via email, as the result cannot be streamed back to the initiating user chat session in real-time.
What Undercode Say:
Key Takeaway 1: The Paradigm is Shifting from Tools to Agents. The core value is no longer just in Sentinel or KQL alone, but in the MCP-powered AI agent layer that abstracts complexity. SOC personas will increasingly interact with conversational agents that orchestrate underlying tools, making advanced analytics accessible to non-experts and drastically reducing manual query writing.
Key Takeaway 2: Modular Design is Non-Negotiable for Production. The evolution from a single, instruction-heavy Security Copilot agent to a modular Copilot Studio architecture with a coordinator agent, child agents, and Agent Flows is a critical lesson. This approach solves instruction limits, improves maintainability, and mirrors modern software engineering principles, separating concerns (data retrieval, analysis, formatting, delivery) into discrete, manageable components.
The analysis underscores that this technology is moving at “the speed of light.” Current limitations, like the clumsy `workspaceId` handoff or sporadic tool disconnections, are likely temporary growing pains. The strategic implication is profound: security platforms are becoming AI-native operating environments. Mastery is moving from writing perfect KQL to designing effective agent instructions, tool contracts, and orchestration workflows. The organizations that learn to architect these intelligent, automated workflows will achieve a decisive efficiency advantage in threat detection, investigation, and reporting.
Prediction:
The integration of GenAI agents into SOC workflows will move from being an exploratory “copilot” feature to the primary interface for security operations within the next 18-24 months. We will see the emergence of standardized “security agent patterns” – pre-built, certified workflows for common tasks like incident triage, false-positive reduction, and compliance reporting – that can be deployed and customized. This will democratize advanced security analytics but also create a new attack surface, leading to a focus on securing the AI agent pipeline itself, including prompt injection defenses, tool call authorization audits, and integrity checks for agent instructions and MCP server communications.
▶️ Related Video (84% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Stefanopescosolido Microsoftsentinel – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


