Sentinel MCP Auto-Response Recommendation
When a Sentinel incident is created, the flow asks the Sentinel MCP (Preview) to recommend containment actions (disable user, isolate host, block IP) based on context, posts the recommendations to Teams with one-click approval, and on approval triggers the corresponding playbook. Adds AI-recommended, human-approved response.
Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.
Overview
This flow adds AI-recommended, human-approved incident response to Microsoft Sentinel. When a Sentinel incident is created, a Sentinel automation rule posts it to this flow. The flow asks the Sentinel MCP (Preview) to recommend containment actions (disable user, isolate host, block IP) from the incident context, posts the recommendations to the approver for one-click approval (surfaces in the Teams Approvals hub + email), and on approval runs the corresponding Sentinel playbook and writes an audit comment back to the incident.
Why it matters: Fully automated containment is risky; manual response is slow. MCP recommendations plus an approval gate balance speed and control, with a full audit trail tied together by a correlation id.
Status: Built and verified - Flow Checker 0 errors / 0 warnings (in-designer). Ships Off (demo). Going live requires only connection authorization, environment-variable configuration, and a Sentinel automation rule pointed at the flow URL.
Use Case
A SOC wants suggested containment for new Sentinel incidents with a human in the loop before any destructive action is taken, plus an auditable record of what was recommended, who approved/rejected, and which playbook ran.
Flow Architecture
When_a_Sentinel_incident_is_received
Request (HTTP), built-inA Sentinel automation rule POSTs the new incident (ARM id, number, title, severity, description, entities) to the flow URL.
Initialize variables
Initialize VariableCorrelation id, incident ARM id (prefer trigger, else build from env vars), and a short incident summary.
Open_MCP_Session
Sentinel MCP invokemcpdataexplorationJSON-RPC initialize to open an MCP session; session id read from the response header.
Get_Containment_Recommendations
Sentinel MCP invokemcpdataexplorationJSON-RPC tools/call passing the incident summary, description and entities; asks for containment recommendations.
Start_Containment_Approval
Approvals StartAndWaitForAnApproval (Basic)One-click Approve/Reject request to the approver (Teams Approvals + email); waits for the decision.
Check_Approval_Outcome
Condition (If)On approve: run the Sentinel playbook (ARM runPlaybook) + write approved audit comment. On reject: write a rejected audit comment, no action taken.
Environment Variables
| Schema name | Type | Default | Description |
|---|---|---|---|
| flowlibs_SentinelSubscriptionId | String | <configure> | Azure subscription of the Sentinel workspace (used to build the incident ARM path when the trigger omits it). |
| flowlibs_SentinelResourceGroup | String | rg-sentinel | Resource group of the Sentinel workspace. |
| flowlibs_SentinelWorkspaceName | String | law-sentinel | Log Analytics workspace name (Sentinel-enabled). |
| flowlibs_SentinelMcpToolName | String | run_hunting_query | Sentinel MCP (Preview) tool invoked via tools/call to recommend containment. Preview/tenant-specific - set to the real tool name. |
| flowlibs_ApproverEmail | String | you@yourcompany.com | SOC analyst who approves/rejects via the Approvals action. |
| flowlibs_SentinelPlaybookResourceId | String | <configure> | Full ARM resource id of the Logic Apps playbook to run on approval. |
| flowlibs_ArmBaseUrl | String | https://management.azure.com | ARM base URL - drives the OAuth audience and all Sentinel REST calls (sovereign-cloud portable). |
| flowlibs_GraphTenantId | String | <your-tenant-id> | Tenant for the ARM OAuth (reused app registration). |
Connectors & Connections
| Connector | API name | Actions used |
|---|---|---|
| Microsoft Sentinel MCP (Preview) | shared_sentinelmcp | invokemcpdataexploration |
| Approvals | shared_approvals | StartAndWaitForAnApproval |
Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.
Customization Guide
Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.
- Auto-approve low-risk
- Branch on severity/action type to skip the approval for safe actions.
- Tiered approval
- Require stricter or multiple approvers for destructive actions (disable user / isolate host).
- Multiple playbooks
- Map recommended action types to different playbook ids (extend flowlibs_SentinelPlaybookResourceId to a JSON map + a Switch).
- Rollback
- Add undo playbooks for reversible containment.
- Swap to the Sentinel connector
- If shared_azuresentinel is provisioned, replace the Request trigger with the incident-created trigger and the ARM HTTP calls with connector actions.
Key Expressions
The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.
EXPR.01Correlation id
Trace id minted in the first action
EXPR.02Incident ARM id (fallback build)
Prefer the trigger's ARM id, else build it from env vars
EXPR.03MCP session id
Captured from the handshake response header
EXPR.04MCP recommendation text
Normalizes the MCP result with a fallback
EXPR.05Approval outcome
Approve / Reject
EXPR.06ARM OAuth audience
OAuth audience for the ARM REST calls
Customize & download
Generate a ready-to-import copy of this solution with your environment-variable values baked in — available on Base, Pro, or Team.
Upgrade to customize
Comments
Sign in to join the conversation.
Sign inNo comments yet. Be the first to share your experience with this flow.