Integration

Maester tests, rendered in Siemserva

Run Invoke-Maester against your Microsoft 365 and Entra ID tenant, pipe the JSON to Siemserva, and get the same live dashboard, Senserva Trustworthy AI-enhanced HTML reports, and MCP tools you use for native scans. No second tool to learn.

Senserva Trustworthy AI

Maester results, ready for your Senserva Trustworthy AI

Pester output is a wall of pass/fail lines. Once Maester lands in Siemserva, the Anthropic API and our MCP server turn those tests into answers: which workloads regressed, which SCuBA controls slipped, what to fix first. No manual triage of JSON.

Senserva Trustworthy AI-enhanced HTML reports

Siemserva sends your Maester results to the Anthropic API and writes a plain-English executive summary into the HTML report: which workloads regressed, top Severity risks, and concrete fix-it steps. Bring your own ANTHROPIC_API_KEY, pick a model, ship a report your CISO can read.

siemserva-win-x64.exe --reporter --ai --model claude-sonnet-4-6

MCP server, live Pester Q&A

Point Claude Desktop, Claude Code, or any MCP client at Siemserva's stdio MCP server and ask: "Which MS.EXO tests failed this week? Show me every MS.AAD finding tagged Critical. What did we regress since last scan?" Claude calls the tools and returns grounded, source-of-truth answers.

siemserva-win-x64.exe mcp. 20+ tools. stdio transport

Agent mode, end-to-end

Run siemserva-win-x64.exe agent and Claude drives an agentic loop over your Maester + native findings. It investigates failed tests, correlates workload regressions, drafts remediation plans, and writes them back as action items, all from one prompt.

siemserva-win-x64.exe agent --ask "triage Maester MS.EXO failures"

Workload coverage

Maester test tags map directly to Siemserva audit groups. Every workload a Maester test covers lands in the right slice of the dashboard and the right section of the HTML report.

MS.AAD

Entra ID

Conditional Access, MFA, identity governance, app registrations.

Audit group 36 (Identity)
MS.EXO

Exchange Online

Mail flow, anti-phish, DKIM, DMARC, external sender rules.

Audit group 54 (Exchange)
MS.TEAMS

Teams

External access, meeting policy, federation, chat retention.

Audit group 55 (Teams)
MS.SHAREPOINT

SharePoint & OneDrive

External sharing, anonymous links, tenant restriction policies.

Audit group 49 (SharePoint)
MS.INTUNE

Intune

Device compliance, enrollment restrictions, configuration profiles.

Audit group 40 (Devices)

Run Maester, render in Siemserva

Three steps. Install Maester, run the tests, hand the JSON to Siemserva for dashboard or HTML report.

STEP 1

Install Maester

Install Maester from the PowerShell Gallery, connect to your tenant, and run Invoke-Maester to produce a test results JSON file.

STEP 2

Convert to Siemserva

Pipe the Maester JSON through ConvertFrom-Maester.ps1 to emit the shared wire format used by every Siemserva source.

STEP 3

Render anywhere

Pipe to siemserva-win-x64.exe --reporter for an HTML report, add --dashboard for the live TUI, add --ai for Senserva Trustworthy AI summaries.

powershell. maester-import.ps1
# Option 1. Full HTML report
PS> .\ConvertFrom-Maester.ps1 -Path TestResults.json -Stdout `
| siemserva-win-x64.exe --reporter --out maester-report.html
# Option 2. Live dashboard
PS> .\ConvertFrom-Maester.ps1 -Path TestResults.json -Stdout `
| siemserva-win-x64.exe --reporter --dashboard

Sample report excerpt

A single Maester test after Siemserva renders it. Same shape as native findings, same Senserva Trustworthy AI treatment, same compliance mapping. Drop into the HTML report, the dashboard, or the MCP response: identical.

maester-report.html . Finding 47 of 312
CRITICAL . Severity 1875 MS.EXO MAESTER

MS.EXO.2.2v2. DKIM signing is not enabled on all sending domains

Source: TestResults.json . auditGroup=54 (Exchange) . status=Failed . Pester test
Senserva Trustworthy AI · Summary

Two of your four sending domains lack DKIM signing. Without DKIM, spoofed mail from these domains bypasses downstream DMARC enforcement. Siemserva's native scan confirms DMARC is set to quarantine on both, so this gap is the weakest link. Fix by enabling DKIM in Defender for Office 365, rotating keys quarterly. Matches CISA SCuBA MS.EXO.2.2v2 and satisfies NIST 800-177.

Test block
MS.EXO.2 DKIM
Pester tags
MS.EXO, Mail, Authentication
Evidence
Get-DkimSigningConfig returned Enabled=false for 2 domains
Compliance map
CISA SCuBA MS.EXO.2.2v2, NIST 800-177

Run Maester, get a Siemserva-grade report

Keep your Pester tests. Swap the bare JSON for a live dashboard, Senserva Trustworthy AI executive summary, and MCP-driven Q&A across every Microsoft 365 workload.

From the blog

Reading from the Senserva team.

Latest post

Read the Senserva blog

Microsoft 365 and Entra ID security commentary, research notes, and behind-the-scenes posts from the Senserva team.
Recent

Architecture and check deep-dives

How Siemserva is built, how the graph is modeled, and how Senserva Trustworthy AI turns raw findings into validated answers.
From the team

Research, releases, and customer stories

New posts from the Senserva team. Subscribe on blog.senserva.com or follow along for the latest.
See all posts