Accelerate connectors development using AI agent in Microsoft Sentinel

Today, we’re excited to announce the public preview of a Sentinel connector builder agent, via VS code extension, that helps developers build Microsoft Sentinel codeless connectors faster with low-code and AI-assisted prompts. This new capability brings guided workflows directly into the tooling developers already use, helping accelerate time to value as the Sentinel ecosystem continues to grow. Learn more at Create custom connectors using Sentinel connector AI agent

Why this matters 

As the Microsoft Sentinel ecosystem continues to expand, developers are increasingly tasked with delivering high‑quality, production‑ready connectors at a faster pace, often while working across different cloud platforms and development environments. Building these integrations involves coordinating schemas, configuration artifacts, Azure deployment concepts, and validation steps that provide flexibility and control, but can span multiple tools and workflows. As connector development scales across more partners and scenarios, there is a clear opportunity to better integrate these capabilities into the developer environments teams already rely on. 

The new Sentinel connector builder agent, using GitHub Copilot in the Sentinel VS code extension, brings more of the connector development lifecycle -- authoring, validation, testing, and deployment into a single, cohesive workflow. By consolidating these common steps, it helps developers move more easily from design to validation and deployment without disrupting established processes. 

A guided, AI‑assisted workflow inside VS Code 

The Sentinel connector builder agent for Visual Studio Code is designed to help developers move from API documentation to a working codeless connector more efficiently. 

The experience begins with an ISVs API documentation. Using GitHub Copilot chat inside VS Code, developers can describe the connector they want to build and point the extension to their API docs, either by URL or inline content. From there, the AI‑guided workflow reads and extracts the relevant details needed to begin building the connector. 

1. Open the VS Code chat and set the chat to Agent mode.
2. Prompt the agent using sentinel​. When prompted, select /create-connector and select any supported API.
3. For example in Contoso API, enter the prompt as: @sentinel /create-connector Create a connector for Contoso. Here are the API docs: https://contoso-security-api.azurewebsites.net/v0101/api-doc

Next, the agent generates the required artifacts such as polling configurations, data collection rules (DCRs), table schemas, and connector definitions, using guided prompts with built‑in validation. This step‑by‑step experience helps ensure configurations remain consistent and aligned as they’re created. 

 Note: During agent evaluation, select Allow responses once to approve changes, or select the option Bypass Approvals in the chat. It might take up to several minutes for the evaluations to finish.

As the connector takes shape, developers can validate and test configurations directly within VS Code, including testing API interactions before deployment. Validation of the API data source and polling configuration are surfaced in context, supporting faster iteration without leaving the development environment. 

When ready, connectors can be deployed directly from VS Code to accessible Microsoft Sentinel workspaces, streamlining the path from development to deployment without requiring manual navigation of the Azure portal. 

Key capabilities

The VS Code connector builder experience includes: 

• AI‑guided connector creation to generate codeless connectors from API documentation using natural language prompts. 

• Support for common authentication methods, including Basic authentication, OAuth 2.0, and API keys. 

• Automated validation to check schemas, cross‑file consistency, and configuration correctness as you build. 

• Built‑in testing to validate polling configurations and API interactions before deployment. 

• One‑click deployment that allows publishing connectors directly to accessible Microsoft Sentinel workspaces from within VS Code. 

Together, these capabilities support a more efficient path from API documentation to a working Microsoft Sentinel connector. 

Testimonials 

As partners begin using the Sentinel connector builder agent, feedback from the community will help shape future enhancements and refinements. 

Here is what some of our early adopters have to say about the experience: 

	“The connector builder agent accelerated our initial exploration of the codeless connector framework and helped guide our connector design decisions.”    -- Rodrigo Rodrigues, Technology Alliance Director
	“The connector builder agent helped us quickly explore and validate connector options on the codeless connector framework while developing our Sentinel integration.”    --Chris Nicosia, Head of Cloud and Tech Partnerships

Start building 

This public preview represents an important step toward simplifying how ISVs build and maintain integrations with Microsoft Sentinel. If you’re ready to get started, the Sentinel connector builder agent is available in public preview for all participants. 

In the unlikely event that an ISV encounters any issues in building or updating a CCF connector, App Assure is here to help. Reach out to us here.