Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The Model Context Protocol (MCP) allows servers to expose tools that can be invoked by language models. Tools enable models to interact with external systems or perform computations. Each tool is uniquely identified by a name and includes metadata describing its schema.
This article provides detailed information on the MCP agent creation tool collection to build Security Copilot agents.
Prerequisites
- Microsoft Sentinel MCP Server
- Visual Studio Code
- GitHub Copilot Visual Studio (VS) Code extension
Tool list in the agent creation collection
The list of tools in the collection are as follows:
Search for tools (search_for_tools)
Purpose
This tool finds relevant tools, including skills, agents and MCP tools, in Security Copilot that can be used to fulfill the intent.
Parameters
| Name | Required | Description |
|---|---|---|
| userQuery | Yes | The query or problem statement to find relevant tools for. For example, Defender incident details. |
Start agent creation (start_agent_creation)
Purpose
This tool creates a new Security Copilot session to start building a new agent.
Parameters
| Name | Required | Description |
|---|---|---|
| userQuery | Yes | The problem statement for the agent. |
Compose agent (compose_agent)
Purpose
This tool iterates on composing the Security Copilot agent YAML.
Parameters
| Name | Required | Description |
|---|---|---|
| sessionID | Yes | The start_agent_creation tool creates the Security Copilot session ID. This shouldn't be a session ID created by search_for_tools. |
| userQuery | Yes | User input for the agent builder to process. This can be confirmations, clarifications, or additional information. |
| existingDefinition | No | (Optional) Existing agent definition YAML for the tool to edit. The YAML can be generated from previous runs of this tool or provided through adding a YAML file to the context. |
Get evaluation (get_evaluation)
Purpose
This tool is called after running the search_for_tools, start_agent_creation, and compose_agent tools to retrieve the result.
Parameters
| Name | Required | Description |
|---|---|---|
| sessionID | Yes | Session ID of evaluation |
| promptID | Yes | Prompt ID of evaluation |
| evaluationID | Yes | Evaluation ID of evaluation |
Deploy agent (deploy_agent)
Purpose
This tool uploads the agent to the Security Copilot user or workspace scope.
Parameters
| Name | Required | Description |
|---|---|---|
| agentDefinition | Yes | Agent definition in YAML format. The YAML can be generated from the compose_agent tool or provided through adding a YAML file to the context. |
| scope | Yes | Scope to upload the agent to. It can be either 'User' or 'Workspace' only. |
| agentSkillsetName | Yes | Agent skillset name. It must exactly match the 'Name' value under 'Descriptor' in the agent definition YAML. |