Daniel Ravelo
Cloud Security Analyst
Rooms to Go — Cloud Security Analyst
Dec 2024 – Present- Investigate and respond to security incidents by performing alert triage, containment, and remediation to minimize business impact.
- Perform proactive threat hunting to identify vulnerabilities actively exploited in the wild, evaluate potential exposure, and collaborate with engineering teams to drive remediation.
- Configure and maintain Conditional Access policies, MFA enforcement, and identity controls aligned with Zero Trust principles.
- Engineer and continuously improve custom detection rules and analytics rules to strengthen threat detection coverage, reduce noise, and enhance signal fidelity.
- Build and optimize Microsoft Sentinel incident response playbooks using Azure Logic Apps to automate alert enrichment, response actions, and containment workflows.
H.U.G — Cybersecurity Analyst Intern
Aug 2024 – Dec 2024- Implemented and maintained endpoint security posture using Intune, including compliance policies, application protection controls, and hardened configuration baselines.
- Configured and tuned IDS/IPS solutions to detect, analyze, and respond to malicious network activity.
- Executed vulnerability assessments and collaborated on remediation efforts to reduce exposure across internal systems.
Overview
This project implements an autonomous Security Investigation Agent built on Claude Code (Anthropic Sonnet 4.6) and integrated with Microsoft Sentinel through the Sentinel MCP framework. The agent operates as a context-aware security analyst. It knows the environment it is deployed in, understands the organizational security architecture, and can conduct full investigations autonomously from a single natural language prompt.
Rather than acting as a query assistant, the agent reasons independently about what data to pull, which tools to invoke, and how to interpret findings in context. Investigations conclude with a structured report covering Attack Summary, Findings, Immediate Actions Required, and Security Gaps, giving analysts consistent, actionable output without requiring manual query authoring or result interpretation.
Agent Architecture
Provides access to the full Sentinel investigative surface: KQL query execution against the Data Lake, entity analysis, workspace discovery, and exposure graph functions including blast radius assessment, connected node enumeration, and walkable path analysis. This is the agent's primary data source and is queried first on every investigation.
A secondary capability invoked only when the investigation requires it. Standard investigations are handled with predefined query patterns embedded directly in the agent configuration. The KQL skill activates only for complex scenarios requiring multi-table correlations, custom aggregations, or advanced query logic that falls outside the standard query set, preventing unnecessary token consumption and latency on routine tasks.
Handles external threat intelligence enrichment. Any file, IP, or URL the agent identifies as suspicious or malicious is automatically submitted for enrichment, extracting reputation scores, malicious verdicts, and VPN/proxy/Tor classification. Private addresses are excluded. Enrichment runs in parallel for multiple indicators and is incorporated directly into the investigation report.
Investigative Capabilities
The agent supports two modes of investigation that directly affect scope, depth, and token consumption. A broad, open-ended investigation, prompted with something like "investigate this user", instructs the agent to determine on its own which tables to query, correlate data across available sources, and identify anomalies in behavior including sign-in patterns, authentication failures, privilege changes, and anything that deviates from the expected baseline, giving the agent full autonomy at the cost of higher token consumption. A targeted investigation, such as "investigate sign-ins for this user from yesterday", scopes the agent to a specific table and time window, producing a faster, more cost-efficient result; the agent follows the given scope and will not expand beyond it unless anomalies warrant escalation.
In both modes, the agent identifies behavioral anomalies, correlates findings across available data sources, enriches any suspicious indicators through VirusTotal, and surfaces security gaps along the way, including coverage blind spots, missing controls, or policy weaknesses tied to the specific threat vector observed. For Malicious verdicts, the agent escalates to graph-based analysis using Sentinel's exposure graph, assessing blast radius and mapping lateral movement paths to determine how far a threat could propagate beyond the initially identified entity.
Guardrails & Operational Controls
The agent operates under a strict table-scoping ruleset. Each investigation type maps to a defined set of tables and the agent does not query beyond what the task requires. Secondary tables are only queried if initial findings warrant it.
Each of the three integrated tools has explicit invocation conditions. Sentinel MCP tools follow a defined startup sequence on every invocation. VirusTotal enrichment is gated on verdict and indicator classification. Graph analysis tools are reserved for Malicious verdicts only. No tool is called speculatively.
Organizational context, data source inventories, and investigation standards are embedded directly in the agent configuration. The agent is explicitly prohibited from producing raw query output rows, speculative findings, padding, or hallucinated results. The structured output format is enforced at the configuration level across all verdict types.
The agent maintains persistent memory of investigation outcomes across sessions, recording malicious indicators with their VirusTotal verdicts, tenant-specific threat actor tactics, custom table names, and account baselines including expected country, application, and access patterns.
Authentication & Access Control
Authentication is handled through a dedicated Microsoft Entra ID Service Principal provisioned specifically for this agent. The principal holds SentinelPlatform.DelegatedAccess permission with administrative consent and is scoped via Azure RBAC to the minimum set of investigative functions required: read-only access to Sentinel Data Lake resources, entity analysis, exposure graph, workspace discovery, and KQL execution. No write permissions are granted and no lateral permission expansion is possible within the defined role scope.
Technical Stack
| Agent Runtime | Claude Code (Anthropic Sonnet 4.6) |
| Sentinel Integration | Microsoft Sentinel MCP |
| Threat Intelligence | VirusTotal MCP |
| Query Language | Kusto Query Language (KQL) |
| Authentication | Microsoft Entra ID Service Principal |
| Access Control | Azure RBAC · Least-Privilege · Delegated Permissions |
| Query Generation | KQL Skill Framework (advanced queries only) |
| Memory | Claude Code persistent user memory |
Screenshots
