AnalyticalRules - sentinel.blog

sentinel.blog

Sign in Subscribe

AnalyticalRules

A collection of 3 posts

Becoming the Puppet Master of an AI SOC team

I released a Model Context Protocol server called KQL Search MCP last week. The idea was stop manually searching through GitHub repositories every time I needed a KQL query. It search thousands of queries from all GitHub repos, validates them against table schemas, and can even generate new queries from

Finding and Writing KQL Queries with the Model Context Protocol

If you work with Microsoft security products, you've probably spent time writing KQL queries. You might search through documentation, look at examples on GitHub, or copy queries from colleagues. KQL-Search-MCP Server makes this easier by bringing query search and generation directly into AI assistants like Claude Desktop, GitHub

Sentinel Content Hub Updates: Why Manual Management Doesn't Scale

Managing Microsoft Sentinel Content Hub solutions and their associated analytics rules across multiple workspaces starts simple but quickly becomes overwhelming. What begins as deploying a few solution packages in a single workspace evolves into hours of repetitive portal navigation, ensuring consistent Content Hub deployments between environments, and inevitably missing critical