Chronicle SecOps MCP ServerServer

emeryray2002
GitHub
securitymonitoringMCP

Loading subscription status...

💡 Description

An MCP (Model Context Protocol) server to interact with Google's Chronicle Security Operations suite, allowing users to search for security events, receive alerts, lookup entity information, list detection rules, and get Indicators of Compromise matches.

📝 JSON Entries

{
  "mcpServers": [
    {
      "secops-mcp": {
        "env": {
          "CHRONICLE_REGION": "us",
          "CHRONICLE_PROJECT_ID": "your-google-cloud-project-id",
          "CHRONICLE_CUSTOMER_ID": "your-chronicle-customer-id"
        },
        "args": [
          "--directory",
          "/path/to/your/mcp-secops-v3",
          "run",
          "secops_mcp.py"
        ],
        "command": "/path/to/your/uv"
      }
    }
  ]
}

🛠️ Tools

Claude DesktopSmithery

Features

  • Interact with Google Chronicle Security Operations
  • Search and retrieve security alerts
  • Lookup entity information
  • List security detection rules
  • Get IoC matches

💬 Example Queries

  • Search for security events in Chronicle with customizable queries
  • Retrieve security alerts from Chronicle
  • Lookup information about an entity (IP, domain, hash)
  • List detection rules in Chronicle
  • Get IoC matches from Chronicle