Model Context Protocol overview

Model Context Protocol (MCP) is an open protocol that enables seamless integration between LLM applications and external data sources and tools. MCP tools are used to provide AI applications with data and capabilities to accomplish tasks.

The collection of Security Copilot agent creation MCP tools that are part of Microsoft Sentinel server enables you to create agents using natural language to describe its intent. These agents can be built directly within the developer environments that host an MCP client such as GitHub Copilot in Visual Studio Code. The tools provide the knowledge, data, and actions needed to build Security Copilot agents.

Developers can quickly begin building agents by prompting the MCP tools with a simple natural language request, such as "Build me an agent that can triage and respond to compromised accounts." The MCP tools generate an agent YAML file and support iterative development through conversational input with the AI assistant, and finally deploy the agent to Security Copilot.

The following sections help users understand how to use MCP tool collections to create Security Copilot agents.

Tools

The MCP tools support the following capabilities:

• Understand your intent to discover relevant tools (skills) within Security Copilot.

• Autogenerate an agent YAML file, which can be further customized.

• Deploy the agent to Security Copilot at user scope or workspace scope.

You can test the agent in Security Copilot standalone. To test agents built via the MCP tools, follow the steps outlined in Test agent.

For the detailed MCP tool collection, see Tool list.

Next steps

Get started with installing MCP server