Sentinel
Createddstreefkerk
Provides read-only access to Microsoft Sentinel data for querying, incident viewing, and resource exploration, designed for use with LLMs in test environments.
About
Sentinel enables security operations and analysis by providing a modular interface to a Microsoft Sentinel instance. It facilitates read-only access to logs, incidents, analytics, and Entra ID data, making it ideal for integration with LLMs like Claude in non-production environments. Explore your Sentinel data through a queryable interface, accessing various security insights and resources.
Key Features
- Manages Log Analytics workspaces and tables
- Lists and views security incident details
- Analyzes analytics rules by MITRE tactics/techniques
- Performs domain WHOIS and IP geolocation lookups
- Executes and validates KQL queries
- 0 GitHub stars
Use Cases
- Security operations testing and analysis with LLMs
- Exploring and querying Sentinel data in a non-production environment
- Validating KQL queries and analyzing security incidents