security-investigator-automation

Skill by ara.so — Security Skills collection.

Automated security investigation framework combining GitHub Copilot Agent Skills, VS Code, and Model Context Protocol (MCP) servers to enable natural language security investigations across Microsoft Sentinel, Defender XDR, Graph API, and threat intelligence platforms. Includes 25 specialized investigation workflows with KQL queries, threat intelligence enrichment, and automated HTML report generation.

Installation

# Clone repository
git clone https://github.com/SCStelz/security-investigator.git
cd security-investigator
code .

# Set up Python virtual environment
python -m venv .venv

# Windows
.venv\Scripts\Activate.ps1