mcp-defender-xdr

MFisher14/mcp-defender-xdr

★ 1 stars Python 🔒 Security Updated 7d ago

An MCP server exposing Microsoft Defender XDR (Advanced Hunting, incidents, alerts) to Claude and other MCP clients. Certificate auth, multi-tenant, read-only.

View on GitHub →

Quick Install

Copy the config for your editor. Some servers may need additional setup — check the README.

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-defender-xdr": {
      "command": "uvx",
      "args": [
        "mcp-defender-xdr"
      ]
    }
  }
}

Or install with pip: pip install mcp-defender-xdr

README Excerpt

An [MCP](https://modelcontextprotocol.io/) server that exposes Microsoft Defender XDR — Advanced Hunting (KQL), incidents, and alerts — as tools Claude and other MCP clients can call. It lets a security analyst (or an agent on their behalf) drive hunts, pivot through incidents, and triage alerts in natural language without leaving Claude. The server runs locally

Tools (7)

AZURE_CERT_PASSPHRASEAZURE_CERT_PATHAZURE_CLIENT_IDAZURE_TENANT_IDDEFENDER_API_BASEMCP_DEFENDER_XDR_LOG_LEVELtenant

mcp-defender-xdr

Quick Install

README Excerpt

Tools (7)

Related Security Servers