I am pleased to share an open-source Model Context Protocol (MCP) server that provides structured access to Microsoft Graph Security APIs for AI assistant integrations.
https://github.com/LaurieRhodes/MCP-GraphSecurityIncidents
This project taught me some unexpected lessons. Claude's safety protocols preventing display of incident data was a surprise - had to architect around that. Even more surprising: the cheapest LLMs often outperformed expensive ones for security alert management tasks.
LLM Testing Results
What emerged is proof that agentic triage of Microsoft security alerts has moved from theoretical to practical. This is a Golang based project suitable for integration with Function App workflows.
The project is built as an extensible MCP framework using data-driven schemas for Graph Security management. You'll likely need to adapt it for your environment, but the foundation handles the heavy lifting extremely well.
Core Development Features:
- 🔧 Universal Tools Framework: 10 self-documenting MCP tools that work with any Graph entity type
- 🧩 Modular Entity System: Self-contained entity modules with complete functionality
- 🤖 Smart Context Management: Token-optimized context with 4 detail levels (up to 85% token reduction)
- 🕒 Temporal Intelligence: Automatic date/time correction and natural language processing
- 🔍 Enhanced Filtering: Intelligent filter validation and guidance
- 🔗 Cross-Entity Navigation: Automated relationship traversal between security entities
- ⚡ Native $select Optimization: Uses Microsoft Graph's built-in field selection
- 📊 Response Transparency: Comprehensive metadata showing optimization decisions
The repository includes comprehensive documentation and deployment examples.
- Log in to post comments