Investigate Microsoft Defender security events with natural language KQL hunting.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "MCP Defender (mcp-msdefenderkql)" yet — see the docs or source repo.
Use Microsoft Defender Advanced Hunting to find sign-in events from the last 24 hours involving unusual countries or repeated failures in a short period, then summarize high-risk accounts, source IPs, and the timeline.
Returns the relevant KQL results plus a readable risk summary, key accounts, and suggested next investigation steps.
Help me investigate whether a specific endpoint showed suspicious PowerShell or command-line activity, focusing on parent-child processes, execution arguments, and connections to suspicious external domains.
Outputs the hunting KQL, related process and network event details, and correlated analysis of suspicious behavior.
Analyze the last 7 days for signs of lateral movement, such as remote service creation, unusual admin account usage, or suspicious authentication chains across devices, and rank findings by severity.
Provides a summary of hunting results, affected devices and accounts, and investigation findings ranked by severity.
Query and manage Microsoft SQL Server databases with natural language.
Automatically scans and blocks malicious MCP traffic across popular AI desktop apps.
Execute Microsoft Defender XDR response and incident actions with natural language.
Analyze AI security, scan vulnerabilities, and monitor code leaks efficiently.
Securely connect AI assistants to SQL Server for queries, analysis, and admin tasks.
Analyze AWS security posture with natural language and get remediation guidance.