Building an AI-Driven SOC with Sentinel MCP - Hands On Demo

Drowning in alerts, logs, and manual triage? AI is changing the way SOCs operate, and Microsoft Sentinel’s MCP brings that change to your fingertips.

Join us for a hands on session where we’ll cover the fundamentals of Microsoft Sentinel MCP. You’ll see how MCP can help understand context, analyze data, and assist with investigations. This session will guide you through configuring MCP and exploring data in a practical, controlled environment, laying the groundwork for more advanced threat hunting in future sessions.

This session is ideal for defenders, SOC analysts, researchers, and managers who want to see AI applied in real life security operations.

By the end of this session, you’ll understand Sentinel MCP, be able to explore data, and see AI assisted triage in action.

Agenda

• The existing SOC: challenges and limitations
• How Sentinel MCP works: architecture and use cases
• Configuring MCP with VSCode
• Sentinel MCP in action (the first step)
• Q&A and open discussion

Note: We’ll focus on the fundamentals in this session. Advanced hunting, forensics, and Security Copilot will be covered in future online events.

Notes

• Level: Practical, technical (200-300)
• Language: Hebrew
• Format: Online, interactive, and recorded

Connect with the community

• MSFT.SEC.ADVOCATE on WhatsApp
• Community Notifications on WhatsApp
• A landing page for all Community Groups
• The Circle Community on LinkedIn