Mcp Defender

Mcp Defender is an MCP (Model Context Protocol) server that allows AI tools and assistants (such as Claude, Cursor, and others) to execute advanced threat hunting queries on Microsoft Defender using natural language. The server translates natural language security queries into KQL, runs them against Defender's Advanced Hunting API, and delivers findings back to the AI for interpretation. It features dynamic schema discovery, certificate-based Azure AD authentication, and exposes tools to run security investigations and retrieve Defender data programmatically. This platform is ideal for cybersecurity teams, SOC analysts, and AI developers needing secure, natural language-driven threat detection workflows integrated into MCP-compatible environments.