🛡️

Response MCP

⚡ Model Context Protocol for Agentic SecOps

Intelligent Incident Response using Response MCP

Empower AI agents with direct access to Defender XDR's incident management and response capabilities. Investigate, analyze, and respond to security incidents through natural language. Built for autonomous security operations.

🔍 See Real Case Study 🔗 MCP Ecosystem

Agentic SOC

Two specialized MCPs working together for end-to-end autonomous security operations

🔭

Sentinel MCP Triage, Data Exploration & Threat Hunting

Query and analyze security data across Microsoft Sentinel & Defender XDR. The foundation for AI agents to understand what happened and identify threats.

📊

Advanced hunting Run advanced hunting queries across security tables
🔍

Data lake exploration Explore and investigate data lake
📋

Incident Investigation List, filter, and analyze security incidents
👤

Entity Analysis Analyze users, URLs, and threat indicators

→ DETECT → RESPOND →

🛡️

Response MCP Automated Response & Remediation

Execute response actions across endpoints and identities through Microsoft Defender. Turn threat intelligence into immediate defensive action.

🛑

Endpoint Response Stop processes, quarantine files, isolate devices
🔒

Code Execution Control Restrict to Microsoft-signed applications
👤

Identity Response Disable accounts, force password resets
📊

Incident Management Classify, assign, comment, and track incidents
📦

Forensic Collection Gather investigation packages from devices

Complete Response Capabilities

Every tool available to your AI agents through the Response MCP server

🛡️ Endpoint Response Actions

🛑

Stop & Quarantine File

Stop running processes and quarantine malicious files. Requires the SHA1 hash from incident evidence.

sha1 (required) device_id | device_name comment (required)

🚫

Isolate Device

Isolate device from network. Full isolation blocks all connections; Selective allows Outlook/Teams/Skype.

device_id | device_name isolation_type: Full | Selective comment (required)

🔌

Release Device

Remove device from isolation, restoring full network connectivity after threat containment.

device_id | device_name comment (required)

🔒

Restrict Code Execution

Restrict application execution to Microsoft-signed binaries only. Blocks attacker tools from running.

device_id | device_name comment (required)

🔓

Remove Code Restriction

Remove code execution restrictions, allowing all applications to run again after remediation.

device_id | device_name comment (required)

🔍

Run Antivirus Scan

Initiate Microsoft Defender scan. Quick scan checks common locations, Full scans entire disk.

device_id | device_name scan_type: Quick | Full comment (required)

📦

Collect Investigation Package

Collect forensic package with system info, logs, memory dumps, and diagnostic data.

device_id | device_name comment (required)

📋

Get Machine Actions

List recent response actions taken on machines. Filter by device, action type, or status.

device_id (optional) action_type (optional) status (optional)

🚫

Isolate Multiple Devices

Bulk isolate multiple devices in a single operation. Supports up to 100 devices at once.

device_ids (array) isolation_type: Full | Selective comment (required)

👤 Identity Response Actions

🚫

Disable AD Account

Disable compromised Active Directory account via Microsoft Defender for Identity integration.

upn (user principal name) comment (required)

✅

Enable AD Account

Re-enable Active Directory account after incident resolution and password reset.

upn (user principal name) comment (required)

🔑

Force Password Reset

Force user to change password at next logon. Critical for credential theft incidents.

upn (user principal name) comment (required)

🔓

Revoke Entra Sessions

Revoke all Entra ID sign-in sessions and refresh tokens. Forces re-authentication on all devices.

upn (user principal name) comment (required)

⚠️

Confirm User Compromised

Mark user as compromised in Identity Protection. Sets risk level to high and triggers CA policies.

upn (user principal name) comment (required)

✅

Confirm User Safe

Dismiss user risk in Identity Protection. Sets risk level to none after confirming no compromise.

upn (user principal name) comment (required)

📊 Incident Management

✅

Update Incident Status

Mark incidents as active, resolved, or redirected with proper classification.

incident_id (required) status: active | resolved | redirected

👥

Assign Incident

Assign incident to a specific analyst for investigation and remediation.

incident_id (required) assigned_to (email)

🏷️

Classify Incident

Set classification (True/False Positive) and determination for incident resolution.

incident_id (required) classification determination

🏷️

Add Incident Tags

Add custom tags to incidents for categorization and tracking.

incident_id (required) tags (array)

💬

Add Incident Comment

Add investigation notes and comments to incident timeline for documentation.

incident_id (required) comment (required)

Real-World Agentic Response

How an AI agent handled a Mimikatz credential theft attack autonomously

🔴 High Severity Incident

Incident #171: Multi-Stage Attack on SQL Server

Mimikatz credential theft detected with LSASS memory dump and Defender evasion attempts

Device: vet-sql.vetoniitti.com

Risk Score: HIGH

Alerts: 11 correlated alerts

User: admin@vetoniitti.com

🔭 Phase 1: Threat Intelligence (Sentinel MCP)

The AI agent queried Sentinel to extract critical evidence and indicators:

Compromised Account admin@vetoniitti.com

Source IP (Internal) 192.168.50.40

Source IP (External) 85.76.106.83

Device ID bdc60e583c8d4ef05de010973642487bde6e1f60

🔐 Malicious File Hashes (SHA1)

mimikatz.exe 040fbf1325d51358606b710bc3bd774c04bdb308

mimilib.dll 1c6913248131b5784b923eff1e76a443f738affc

mimidrv.sys fe18c58fbd0a83d67920e037d522c176704d2ca3

mimikatz.exe (64-bit) d1f7832035c3e8a73cc78afd28cfd7f4cece6d20

⚔️ MITRE ATT&CK Techniques

T1003 - Credential Dumping T1555 - Password Stores T1021.001 - RDP T1562.001 - Disable Security Tools T1550.003 - Pass the Ticket

🛡️ Phase 2: Autonomous Response (Response MCP)

🛑 Stop & Quarantine (x4 files) EXECUTED

Stopped all Mimikatz processes and quarantined 4 malicious files using SHA1 hashes.

AI agent reasoning: SHA1 hashes available in incident evidence. Most surgical approach to neutralize active threats without collateral impact. Each file represents an active component of the attack toolkit.

🔒 Restrict Code Execution EXECUTED

Limited execution to Microsoft-signed applications only on the SQL server.

AI agent reasoning: Hands-on-keyboard activity detected. Attacker may have additional tools staged. This blocks any further unsigned attacker tools while maintaining SQL Server operations.

🚫 Disable AD Account EXECUTED

Disabled compromised account admin@vetoniitti.com.

AI agent reasoning: Credential theft tool detected with LSASS memory access. All credentials on this account must be considered compromised. Immediate account disable prevents lateral movement.

🔍 Run Full Antivirus Scan EXECUTED

Executed full disk scan to detect any remaining or hidden malware.

AI agent reasoning: Files found in multiple locations (Downloads, Edge cache, Temp, Documents). Full scan ensures complete remediation and validates quarantine effectiveness.

📦 Collect Investigation Package EXECUTED

Gathered forensic evidence including memory dumps, event logs, and system state.

AI agent reasoning: LSASS memory access, registry modifications (disabled Real-Time Protection), and RDP sessions detected. Forensic package captures complete timeline for post-incident analysis.

🏷️ Classify Incident EXECUTED

Classified as True Positive - Multi-stage attack with automated response completion.

AI agent reasoning: Confirmed malware detected and neutralized. Response actions completed successfully. Documenting classification for compliance and metrics.

🚫 Isolate Device SKIPPED

Device isolation was not performed.

AI agent reasoning: This is a SQL server - critical infrastructure. Full isolation causes immediate business disruption. Microsoft Attack Disruption already contained the compromised account, blocking lateral movement. Less disruptive actions achieved containment without database downtime.

AI Agent Decision Framework

A prioritized approach AI agents follow for effective incident response

1

🛑 Stop & Quarantine Malicious Files

When SHA1/SHA256 hashes are available in incident evidence, immediately stop processes and quarantine files. Most direct and surgical approach to neutralize active threats.

Critical Priority Requires SHA1 Hash Immediate Effect

2

👤 Disable Compromised Accounts

If credential theft tools detected (Mimikatz, etc.) or suspicious authentication patterns, disable affected accounts immediately to prevent lateral movement.

High Priority Blocks Lateral Movement Identity Protection

3

🔒 Restrict Code Execution

Limit execution to Microsoft-signed applications. Prevents attackers from running additional tools while AI agent investigates. Attacker tools are typically unsigned.

High Priority Defense in Depth Reversible

4

🔍 Run Full Scan & Collect Forensics

Execute full disk scan to detect dormant threats. Collect investigation package for timeline reconstruction, compliance, and post-incident analysis.

Comprehensive Validation Step Forensics

⚠️ Device Isolation Decision Logic

AI agents consider device isolation when:

Active lateral movement in progress that can't be contained by identity-level actions
Device is NOT critical infrastructure (not a DC, SQL server, or production system)
Less disruptive actions have failed or are insufficient
Business impact assessment allows for isolation

AI agent tip: For critical servers, Selective isolation allows Outlook, Teams, and Skype while blocking other network traffic.

20+

Response Actions

<5s

Action Execution

2

Integrated MCPs

100%

Autonomous

Natural Language Commands

Just describe what you want - AI agents handle the rest

                    // Step 1: AI agent queries Sentinel MCP
"Show me high severity incidents from the past 1h"

// Sentinel MCP returns incident data:
Incident #171 - Mimikatz detected on vet-sql.vetoniitti.com
├── SHA1: 040fbf1325d51358606b710bc3bd774c04bdb308 (mimikatz.exe)
├── SHA1: 1c6913248131b5784b923eff1e76a443f738affc (mimilib.dll)
├── Account: admin@vetoniitti.com (COMPROMISED)
├── MITRE: T1003 (Credential Dumping), T1562 (Disable Security)
└── Status: ACTIVE

// Step 2: User instructs AI agent
"Respond to this incident autonomously"

// AI agent uses Response MCP to execute prioritized actions:
✓ StopAndQuarantine(sha1: "040fbf...", device: "vet-sql")
✓ StopAndQuarantine(sha1: "1c6913...", device: "vet-sql")
✓ StopAndQuarantine(sha1: "fe18c5...", device: "vet-sql")
✓ DisableADAccount(upn: "admin@...")
✓ RestrictCodeExecution(device: "vet-sql")
✓ RunAntivirusScan(type: "Full", device: "vet-sql")
✓ CollectInvestigationPackage(device: "vet-sql")
✓ ClassifyIncident(id: 171, class: "TruePositive")
⊘ IsolateDevice // Skipped - SQL server, business-critical

// Step 3: AI agent reports back
Response completed. Malware neutralized, account disabled, forensics collected.
Incident #171 classified as True Positive - Multi-stage attack.
Time to remediation: 47 seconds
                