Collected sources and patterns will appear here. Add from search, explore, or the patterns library.
PluginConfiguration<YAML> -> ExecutableTool<KQL>
Parse a declarative YAML configuration defining Kusto Query Language (KQL) parameters and queries to construct an LLM-executable security tool.
Problem it solves
Defenders need a low-code way to expose complex SIEM (Sentinel) data queries as dynamic tools that an LLM can invoke during threat hunting.
Consumes
Emits
The real projects this mechanism was found in. Attribution is the point — this is how the best teams actually do it.