Your data, your reports, your workflow. Pipe findings from any source into Siemserva's Senserva Trustworthy AI reporting engine, create custom report templates with validation rules, query the SQLite graph database from C#, Python, or PowerShell, and integrate with your SIEM, SOAR, or CI/CD pipeline.
$ siemserva-win-x64.exe --sdk
Drops the full SDK: API reference, C# / Python / PowerShell samples, and the Senserva JSON wire format.
Query the security graph database, pipe findings to your SIEM, write connectors for third-party tools, and automate Senserva Trustworthy AI-enhanced reporting, all from C#, Python, or PowerShell.
Every scan builds a comprehensive security database of your Microsoft 365, Intune, and Entra ID environment. Query findings, entities, relationships, and compliance status from C#, Python, or PowerShell to build custom dashboards, CI/CD quality gates, blast radius analysis, and executive reports.
Split scanning from reporting with --scan and --reporter. Pipe findings to your SIEM, filter with jq, merge multiple tenants, or feed any Senserva JSON source into the full Senserva Trustworthy AI-enhanced dashboard and report engine.
Already using Maester, Nessus, custom scripts, or other scanners? Write a connector that outputs Senserva JSON or writes directly through the SDK, and get all 6 Senserva Trustworthy AI-enhanced reports, compliance mapping, and the interactive dashboard, without writing any report code.
The end of Click-Ops security.
Stop clicking through dashboards. Start having conversations.
Connect Siemserva to Claude and query your Microsoft 365 and Entra ID security posture in plain English. One command wires Siemserva into Claude as an MCP server, auto-discovers your scan databases, and writes a ready-to-use config.
Terminal-based Claude for developers. Works on Windows, macOS, and Linux.
# Writes .mcp.json + .claude/CLAUDE.md in the current folder siemserva-win-x64.exe --accept-eula --claude cli-install
# Launch Claude Code in the same folder claude # Then just ask, in plain English > what are the critical findings? > show me users with privileged roles and no MFA > generate a remediation script for finding #12
.mcp.json in the current directory.claude/CLAUDE.md so Claude knows how to use Siemserva--reporter-db argsGUI Claude for security managers and analysts. Supported on Windows and macOS.
# Writes claude_desktop_config.json in the right place siemserva-win-x64.exe --accept-eula --claude mcp-install
# Restart Claude Desktop, then ask > give me a board-ready summary of the latest scan > which findings block SCuBA compliance? > draft a remediation plan for our top 5 risks
%APPDATA%\Claude\claude_desktop_config.json~/Library/Application Support/Claude/--reporter-db argsRe-run the installer from the folder that holds the scan you want Claude to focus on. Siemserva picks up every .sqlite in that folder automatically. To pin exactly one, pass it as a flag:
# Wire a specific database into the generated config siemserva-win-x64.exe --accept-eula --claude cli-install --reporter-db .\scans\zava.sqlite
Siemserva splits into two composable halves. Scan in one terminal, report in another. Filter, transform, and merge in between.
siemserva-win-x64.exe --scan produces Senserva JSON | your filter / transform / merge | siemserva-win-x64.exe --reader --pipe forwards to reporter | siemserva-win-x64.exe --reporter --pipe consumes Senserva JSON | 6 Senserva Trustworthy AI-enhanced HTML reports Interactive TUI dashboard PowerShell remediation scripts
Any tool that outputs Senserva JSON can feed the reporter. Your custom scripts, Maester, Nessus, or any scanner, all get the same Senserva Trustworthy AI-enhanced analysis and compliance mapping.
One JSON format connects everything. Any tool that outputs Senserva JSON gets full access to Siemserva's Senserva Trustworthy AI, reports, compliance mapping, and remediation.
{
"type": "finding",
"data": {
"tenantId": "zava.com",
"tenantName": "Zava",
"severity": 100,
"description": "MFA not enforced",
"systemName": "admin@zava.com"
}
}
One JSON object per line. Each line is a security finding with severity, description, and the affected entity.
{
"type": "complete",
"scanId": "a1b2c3d4...",
"findingCount": 73,
"errorCount": 0,
"tenantIds": [
"zava.com"
]
}
One completion marker at the end of each stream. Tells the reporter that all findings have been sent.
siemserva-win-x64.exe --reporter for HTML reports, or --reporter --dashboard for the live TUISeverity levels: 100 Critical, 75 High, 50 Medium, 25 Low, 10 Info. Additional fields for entity IDs, audit grouping, timestamps, and custom data are documented in the full SDK. Install Siemserva and run siemserva-win-x64.exe --sdk to get the complete field reference, data types, and working sample scripts.
Three working connectors ship with Siemserva as samples. Use them as-is, adapt them for other tools, or write your own from scratch. Each connector shows a different ingestion pattern: Senserva JSON (Maester, Zero Trust Assessment) for findings that belong in the unified dashboard with Senserva Trustworthy AI analysis and compliance mapping, or direct SDK writes (Nessus) to populate patch and CVE graph data for MCP tool queries.
Converts Maester M365 security test results to Senserva JSON. Every failed Maester test appears in the Siemserva dashboard with Senserva Trustworthy AI analysis, remediation guidance, and compliance mapping. Use as a working sample for building your own connectors.
Converts Microsoft Zero Trust Assessment results to Senserva JSON. View Zero Trust maturity findings alongside your Siemserva scan in one unified dashboard with Senserva Trustworthy AI-enhanced reporting and remediation. Another working sample for building custom connectors.
Parses a Tenable Nessus .nessus XML export and writes findings into a Siemserva database via the SDK. Creates dashboard-visible audit rows plus graph nodes and edges (Node_Patch, Node_Cve, Edge_DeviceMissingPatch, Edge_CvePatch) tagged Source="Nessus" so they filter separately from native scans. Source: Senserva.Sdk/Samples/CSharp/ImportNessusScan.cs.
One script handles all supported input formats. Auto-detects whether the input is Maester, ScubaGear, Zero Trust Assessment, or generic JSON, converts it to Siemserva NDJSON, and pipes it into the reporting engine. PowerShell 5.1+ compatible (works on Windows, Linux, macOS).
# Get the converter (included with siemserva-win-x64.exe --sdk) siemserva-win-x64.exe --sdk # ── Headless reports (no dashboard, single command) ── # Convert Maester results and generate all reports .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json -Stdout | siemserva-win-x64.exe --reporter # Convert ScubaGear consolidated results .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path ScubaResults.json -Stdout | siemserva-win-x64.exe --reporter # Force a specific format (skip auto-detection) .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path results.json -Format Generic -Stdout | siemserva-win-x64.exe --reporter # ── Interactive dashboard (two terminals, named pipe) ── # The dashboard needs stdin for keyboard input, so data flows # through a named pipe instead of stdin. # Terminal 1: start the dashboard listening on a named pipe siemserva-win-x64.exe --reporter --reporter-dashboard --pipe my-scan # Terminal 2: convert and stream into the pipe .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json -Stdout | siemserva-win-x64.exe --reader --pipe my-scan # Same pattern for Zero Trust Assessment .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path ZeroTrustAssessment.json -Stdout | siemserva-win-x64.exe --reader --pipe my-scan # Pipe Maester output directly (no intermediate file) Invoke-Maester -PassThru | ConvertTo-Json -Depth 10 | .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Stdout | siemserva-win-x64.exe --reader --pipe my-scan # ── Options ── # Override tenant info .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path results.json -TenantId zava.com -TenantName "Zava" -Stdout | siemserva-win-x64.exe --reporter # Include passed tests as Info-severity findings .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json -IncludePassed -Stdout | siemserva-win-x64.exe --reporter # Convert to a file (for later use or sharing) .\Sdk\ConvertTo-SiemservaNdjson.ps1 -Path MaesterResults.json
| -Path | Input JSON file. Omit to read from stdin (pipe). |
| -OutputPath | Output NDJSON file path. Default: auto-generated (e.g., Siemserva_Maester_20260406.json). |
| -Stdout | Write NDJSON to stdout instead of a file. Required when piping to siemserva-win-x64.exe --reporter. |
| -Format | Force input format: Auto (default), Maester, ScubaGear, ZeroTrust, Generic. |
| -IncludePassed | Include passed/compliant tests as Info-severity findings. Off by default. |
| -IncludeSkipped | Include skipped/not-implemented tests as Info-severity findings. Off by default. |
| -TenantId | Override tenant ID on all findings. |
| -TenantName | Override tenant display name on all findings. |
Auto-detection: The converter examines the JSON structure to determine the format. Maester files have MaesterConfig or PesterConfig keys. ScubaGear has MetaData.ProductsAssessed. Zero Trust has TestResultSummary with pillar scores. Everything else falls back to Generic.
After converting: Open the dashboard, press R to generate reports, then A for Senserva Trustworthy AI-enhanced analysis, or press Enter on any finding for remediation details.
Two paths to bring any data source into Siemserva:
Write scripts that output Senserva JSON directly. PowerShell, Python, C#, or any language. Your custom security checks get the same Senserva Trustworthy AI analysis, compliance mapping, and six report types as a native Siemserva scan.
Already have scripts or a scanner that outputs its own format? Write an importer that converts the output to Senserva JSON, or writes directly through the SDK for richer graph data. The Maester, Zero Trust, and Nessus connectors are working examples of these patterns.
Pipe scan output directly to Splunk, Sentinel, Elastic, or any SIEM that ingests JSON. Filter for the severities you care about.
Query the scan database in your pipeline. Fail the build if Critical or High findings exceed your threshold. No dashboard needed, just a script and an exit code.
Use --pipe for real-time streaming to the dashboard. Multiple scanners and connectors can write to the same pipe simultaneously. The --reader command bridges filtered stdin into the pipe.
You already have PowerShell, Graph queries, Intune remediations, scheduled jobs. Keep them. Siemserva becomes the center point that runs them, reasons over them, reports on them, and fixes what they find.
Want your scripts driven by Claude? See how MCP turns them into conversational tools.
SDK users who automate Siemserva from scripts or CI often want the app registration created up front with the read-only Graph scopes Siemserva needs. Run this PowerShell script once to create a multi-tenant "Siemserva Application," add the public-client redirect URIs, and print the launch command to paste.
Register on the Microsoft Marketplace and we will email you a login location for the signed binaries. Then run siemserva-win-x64.exe --sdk to get the complete SDK documentation, API reference, sample scripts in C#, Python, and PowerShell, and the full Senserva JSON wire format specification. Every build is digitally signed: Notarized for macOS, Azure Artifact Signed for Windows.
Free for up to 100 users. Free unlimited for non-profits, MVPs, and MISA members.
Microsoft 365 and Entra ID security commentary, research notes, and behind-the-scenes posts from the Senserva team.
How Siemserva is built, how the graph is modeled, and how Senserva Trustworthy AI turns raw findings into validated answers.
New posts from the Senserva team. Subscribe on blog.senserva.com or follow along for the latest.