This session builds an end-to-end threat-hunting flow: from MCP Server for natural-language analyst tools, to graph-driven investigations in Sentinel Graph. See how to convert KQL into reusable MCP tools, integrate with Copilot/GitHub Copilot Chat or custom agents, and use entity mapping + UEBA to highlight relationships across identities, hosts, IPs, and apps. We'll demo a realistic incident (e.g., password spray → lateral movement), covering ingestion (AMA, connectors, custom logs), ASIM normalization, watchlists, and notebooks for pivots.

You will learn:

• How to build End-to-End Threat-Hunting Flows
• How to convert and Integrate Security Queries
• How to analyze Realistic Incidents with Advanced Techniques