How to stream Claude Code audit logs into Microsoft Sentinel (with Chron)

If your team uses Claude Code (or any MCP-based AI tool), those sessions are currently invisible to your security stack. No SIEM events. No audit trail. Nothing. Chron fixes that. It's an MCP server that logs every AI session to a local SQLite database and can relay structured metadata events to your SIEM. This post walks through the Azure Sentinel integration end to end.