fyankov96/agentic-soc-analyst — reverse-engineered prompt

Build me a Python tool that acts like an AI SOC analyst for Azure Sentinel. I want to run it from the terminal, connect it to my Azure Log Analytics Workspace, and ask normal questions like “what is happening with incident 10860” or “is this user compromised”.

It should use my OpenAI key for the analysis, my VirusTotal key to check suspicious IPs, domains, hashes, and URLs, and Azure CLI login for access. It should be able to query common Microsoft Defender, Entra ID, Azure Activity, network, and Sentinel incident logs, then explain what it found in plain English.

Please include a simple way to configure my workspace ID and keys, choose between a cheaper and stronger AI model, and save or show useful investigation notes. The answers should include likely threat meaning, relevant MITRE ATT&CK context, and suggested next steps for a SOC analyst. Look up current Azure and OpenAI docs online if you need to.