Sentinel Foundry - MCP Server (Preview) (Github Community Release)

I’ve been cooking something that a lot of people in SOC have been struggling with — especially on the engineering side of Microsoft Sentinel. Thanks to the Microsoft Security team for shaping the capabilities of Sentinel even better with Sentinel Data Lake & Modern SecOps.

Today’s the day I can finally share it.

Note: This is not an official Microsoft product, but it is designed to make the Sentinel Build even better (complement) with much more intelligence.

🚀 Sentinel Foundry is now in public preview with 43 tools. (Sentinel Foundry - MCP Server)
It’s an MCP server built to act like the brain of a strong Sentinel engineer — helping make building, improving, and operating Sentinel far more practical, faster, and honestly more enjoyable.

For a lot of teams, the challenge is not understanding what Sentinel can do. The hard part is the engineering work around it:
-> Deciding what data should actually be ingested
-> Building a clean, scalable Sentinel foundation
-> Writing useful detections instead of noisy ones
-> Balancing security value with cost
-> Turning ideas into deployable engineering outputs

That is exactly why I built Sentinel Foundry to help communities grow stronger.

It helps with the real engineering tasks behind Sentinel — from architecture thinking to detection design, deployment planning, ingestion strategy, automation ideas, and many of the workflows outlined in the GitHub project.

How does it work?

Here’s one of the flagship prompts I ran with it:

“Give me a complete security posture report for our workspace. Score each pillar and tell me what to prioritise.”

And within seconds, it produced a structured engineering blueprint that would normally take a lot longer to pull together manually.

You can see the example prompts here in what it can do: https://github.com/prabhukiranveesam/Sentinel-Foundry#what-can-it-do

I want building Sentinel to feel less like repetitive engineering overhead — and more like real security engineering that is fast, creative, and enjoyable.

If you work with Sentinel as a SOC L2 analyst, engineer, detection engineer, consultant, or architect, I’d genuinely love for you to try it and tell me what you think.

🔗 Public Preview: https://github.com/prabhukiranveesam/Sentinel-Foundry

This is just the start of an AI era — and I’m excited to keep shaping it with more powerful features over the coming days. 

This is very easy to set up and will be available to all of you at no cost during this month as part of the public preview, and your feedback is extremely valuable to shape this as a powerful solution.