Public Sentinel Attack Simulator

1 MIT

FreeCommunity

AI Systems

AI based attack Simulator for Microsoft Sentinel using Claude and Model Context Protocol

What is Public Sentinel Attack Simulator

PUBLIC-Sentinel-Attack-Simulator is an AI-based attack simulator designed for Microsoft Sentinel, utilizing Claude and the Model Context Protocol to generate and test security events.

Use cases

Use cases include simulating various security events, testing security responses, training security teams, and validating security configurations within Microsoft Sentinel.

How to use

To use PUBLIC-Sentinel-Attack-Simulator, install Node.js, deploy Azure resources using Bicep templates, configure Claude Desktop integration, and set up necessary environment variables and authentication.

Key features

Key features include integration with Claude Desktop, support for multiple Data Collection Rule types, automated deployment with Azure Bicep templates, configurable security event generation, and enterprise-grade authentication and security.

Where to use

PUBLIC-Sentinel-Attack-Simulator can be used in cybersecurity environments, particularly for organizations utilizing Microsoft Sentinel for security event management and simulation.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Overview

What is Public Sentinel Attack Simulator

PUBLIC-Sentinel-Attack-Simulator is an AI-based attack simulator designed for Microsoft Sentinel, utilizing Claude and the Model Context Protocol to generate and test security events.

Use cases

Use cases include simulating various security events, testing security responses, training security teams, and validating security configurations within Microsoft Sentinel.

How to use

Key features

Where to use

PUBLIC-Sentinel-Attack-Simulator can be used in cybersecurity environments, particularly for organizations utilizing Microsoft Sentinel for security event management and simulation.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Content

Sentinel Writer Model Context Protocol (SWMCP)

Overview

The Sentinel Writer Model Context Protocol (SWMCP) is an advanced tool designed to integrate with Claude Desktop and Microsoft Sentinel for AI-driven security event simulation and testing. This tool leverages the Model Context Protocol to enable sophisticated security event generation and testing scenarios within Microsoft Sentinel environments.

Key Features

Integration with Claude Desktop via Model Context Protocol
Support for multiple Data Collection Rule (DCR) types including:
- ASIM (Advanced Security Information Model) logs
- AWS security logs (CloudTrail, CloudWatch, GuardDuty, VPCFlow)
- GCP security logs (Audit Logs, Cloud SCC)
- Windows and Syslog events
- Common Security Log format
Automated deployment using Azure Bicep templates
Configurable security event generation
Enterprise-grade authentication and security

Quick Start

Install Node.js on your Windows machine
Deploy the required Azure resources using the provided Bicep templates
Configure the Claude Desktop integration
Set up the necessary environment variables and authentication

Detailed installation and configuration instructions can be found in the Installation Guide.

Project Structure

PUBLIC-Sentinel-Attack-Simulator/
├── .git/                           # Git repository data
├── docs/                           # Documentation files
│   ├── installation.md            # Installation instructions
│   ├── configuration.md           # Configuration guide
│   ├── architecture.md            # Architecture documentation
│   └── usage.md                   # Usage guide
├── infrastructure/                 # Azure infrastructure as code
│   ├── main.bicep                # Main Bicep deployment template
│   ├── parameters.json           # Deployment parameters
│   ├── DCR-Anomalies.bicep       # Anomalies DCR template
│   ├── DCR-ASimAuditEventLogs.bicep
│   ├── DCR-ASimAuthenticationEventLogs.bicep
│   ├── DCR-ASimDhcpEventLogs.bicep
│   ├── DCR-ASimDnsActivityLogs.bicep
│   ├── DCR-ASimFileEventLogs.bicep
│   ├── DCR-ASimNetworkSessionLogs.bicep
│   ├── DCR-ASimProcessEventLogs.bicep
│   ├── DCR-ASimRegistryEventLogs.bicep
│   ├── DCR-ASimUserManagementActivityLogs.bicep
│   ├── DCR-ASimWebSessionLogs.bicep
│   ├── DCR-AWSCloudTrail.bicep
│   ├── DCR-AWSCloudWatch.bicep
│   ├── DCR-AWSGuardDuty.bicep
│   ├── DCR-AWSVPCFlow.bicep
│   ├── DCR-CommonSecurityLog.bicep
│   ├── DCR-GCPAuditLogs.bicep
│   ├── DCR-GoogleCloudSCC.bicep
│   ├── DCR-SecurityEvent.bicep
│   ├── DCR-Syslog.bicep
│   └── DCR-WindowsEvent.bicep
├── src/                           # Source code
│   ├── claude_desktop_config.json # Claude Desktop configuration
│   └── server-sentinel-writer/    # Sentinel Writer MCP server
├── README.md                      # Project README
└── PROJECT.md                     # This file - Project structure and documentation map

Key Components

Infrastructure Components

Data Collection Rules (DCRs)
- ASIM (Advanced Security Information Model) templates
- Cloud provider log templates (AWS, GCP)
- Traditional security log templates
- System event templates
Source Code
- Claude Desktop configuration
- Sentinel Writer MCP server implementation
- Supporting utilities and tools

Integration Points

Claude Desktop Integration
- MCP server configuration
- Event generation interface
Azure Integration
- Data Collection Endpoints
- Data Collection Rules
- Microsoft Sentinel workspace
Model Context Protocol
- Brave Search integration (optional)
- Event generation protocol
- Server communication

Documentation

Prerequisites

Windows operating system
Node.js
Azure subscription
Microsoft Sentinel workspace
Claude Desktop application
Appropriate Azure permissions for DCR deployment

Contributing

At this stage, code is provide as a learning example only. If there was interest the project could be evolved for active development but this is not planned for.

License

This project is released under MIT license.

Dev Tools Supporting MCP

The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.

Zed: High-performance collaborative code editor, supports MCP protocol, providing a smooth programming experience. zed.dev

Cursor: AI code editor built on VS Code, supports MCP protocol for context-aware programming. cursor.com

Windsurf: AI code editor from Codeium, integrates MCP protocol to provide intelligent code assistance. windsurf.com

Continue: Open-source AI programming assistant plugin, supports VS Code and JetBrains, compatible with MCP protocol. continue.dev

Trae: AI-driven code editor, supports MCP protocol, focusing on enhancing developer programming experience. trae.ai

View More MCP Dev Tools

Tools

No tools

Comments

Recommend MCP Servers

Tavily MCP Server The Tavily MCP server provides: search, extract, map, crawl tools Real-time web search capabilities through the tavily-search tool Intelligent data extraction from web pages via the tavily-extract tool Powerful web mapping tool that creates a structured map of website Web crawler that systematically explores websites.

MCP Server Chart This is a TypeScript-based MCP server that provides chart generation capabilities. It allows you to create various types of charts through MCP tools. You can also use it in Dify.

GitHub MCP Server MCP Server for the GitHub API, enabling file operations, repository management, search functionality, and more.

Brave Search MCP Server Web and local search using Brave's Search API

Firecrawl MCP Server Advanced web scraping with JavaScript rendering, PDF support, and smart rate limiting

Context7 MCP LLMs rely on outdated or generic information about the libraries you use. You get:

Slack MCP server Channel management and messaging capabilities

Sequential Thinking MCP Server Dynamic and reflective problem-solving through thought sequences

Fetch MCP Server A Model Context Protocol server that provides web content fetching capabilities.

Playwright MCP A Model Context Protocol (MCP) server that provides browser automation capabilities using [Playwright](https://playwright.dev). This server enables LLMs to interact with web pages through structured accessibility snapshots, bypassing the need for screenshots or visually-tuned models.

View All MCP Servers