Building an AI-Driven SOC with Sentinel MCP

How AI Changes Investigation, Triage, and Hunting in Real Environments

Security teams are drowning in data, alerts, and manual work. Microsoft Sentinel’s Model Context Protocol (MCP) introduces a new way to operate. An agentic SOC where AI can understand context, analyze data, and assist with investigations in a controlled, secure way.

In this meetup, we will break down how MCP works, what it unlocks, and how it transforms daily SOC tasks like data exploration, triage, and threat hunting.

This session is for defenders, analysts, researchers, and anyone curious about how AI is reshaping Microsoft Sentinel.

Note: The first Live Online Session for Sentinel MCP

Agenda

• SOC Nowadays, with challenges and limitations
• What Sentinel MCP actually does
• Configure Sentinel MCP
• Sentinel MCP in Action
• Q & A and open discussion

Notes

• Level 200-300 (Practical, technical, demo)
• ​​The event will be recorded
• The event will be delivered in Hebrew

Community Channels

• MSFT.SEC.ADVOCATE on WhatsApp
• Community Notifications on WhatsApp
• A landing page for all Community Groups
• The Circle Community on LinkedIn