Querying the Microsoft Security Data Lake via REST
The API endpoints, authentication scope, and request format for running KQL against Sentinel's long-term security store.
A Go MCP Server for System-Level Bash Execution
Persistent sessions, nested MCP support, and a compiled server that deploys as a single binary.
The Model Context Protocol gives Claude the ability to call external tools, and bash execution is one of the most immediately useful. The MCP Bash Server is a Go implementation that provides Claude with a persistent bash session on the host system, allowing it to run commands, build projects, manage files, and interact with the operating environment while maintaining state between calls.
Small LLM Tool Calling via Anthropic Skills
This is quite a big write-up but really quite important to understand as it hints at a different direction for AI automation in 2026.
- Read more about Small LLM Tool Calling via Anthropic Skills
- Log in to post comments
Why Anthropic Skills Will Transform Enterprise AI (And The Models That Actually Work)
It's only been a year since Anthropic released Model Context Protocol (MCP), which became the standardised "interface" solution for AI models. Over the Christmas break, Anthropic Skills went live, and I believe they represent the missing piece for reliable AI automation in enterprise environments.
ADX to Sentinel - Real-Time Data Pipeline
This project demonstrates the usability of an Azure Function App for reliable, continuous scanning for near real-time forwarding of data (using KQL queries) to Log Analytics / Sentinel. This example solution may be also used for KQL forwarding of events to nominated Event Hubs.
- Read more about ADX to Sentinel - Real-Time Data Pipeline
- Log in to post comments
PowerShell / Kusto Schema Tools
I would like to share my collection of PowerShell based Kusto Schema Tools with the community. The tools are written to managing data interchange between Azure Data Explorer (ADX), EventHouse and Microsoft Sentinel.
- Read more about PowerShell / Kusto Schema Tools
- Log in to post comments
The Sentinel Data Lake – Not Right for All
OPINION: The Sentinel Data Lake is being heavily promoted as a game-changing development in SIEM. After two years of working with Microsoft's technology on a Big Data SIEM, I have a different perspective on this development.
This is a long read but a different assessment to every other perspective I have come across.
- Read more about The Sentinel Data Lake – Not Right for All
- Log in to post comments
PowerShell access to the Sentinel Data Lake
It's early days for the Sentinel Data Lake and Microsoft haven't yet released any information about the APIs that are going to be exposed. For the small number of API calls that can be found, the following PowerShell script can provide some access from PowerShell so we can at least get an idea about authentication!
- Read more about PowerShell access to the Sentinel Data Lake
- Log in to post comments
Running 'Machine Learning' off Azure Data Explorer
Example updated and adapted from Mohammad Ghodratigohar's 2022 YouTube tutorial for contemporary Azure Data Explorer (Updated July 2025).
This full notebook is available for download at:
https://github.com/LaurieRhodes/PUBLIC-Scripts/tree/main/Jupyter_ADX
This demonstrates how to integrate Machine Learning into Azure Data Explorer data processing.
Microsoft Graph Security MCP Server
I am pleased to share an open-source Model Context Protocol (MCP) server that provides structured access to Microsoft Graph Security APIs for AI assistant integrations.
- Read more about Microsoft Graph Security MCP Server
- Log in to post comments