-
securityF
license-
qualityAn MCP server that enables interaction with Google Cloud Logging API, allowing users to write, read, and manage log entries and configurations through natural language.
Last updated -
Python
Provides tools for interacting with Google's Chronicle Security Operations suite, including searching security events, retrieving security alerts, looking up entity information, listing detection rules, and getting Indicators of Compromise matches.
This project is deprecated in favor of: https://github.com/google/mcp-security
Chronicle SecOps MCP Server
This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations suite. MCP Info
Installing in Claude Desktop
To use this MCP server with Claude Desktop:
- Install Claude Desktop
- Open Claude Desktop and select "Settings" from the Claude menu
- Click on "Developer" in the lefthand bar, then click "Edit Config"
- Update your
claude_desktop_config.jsonwith the following configuration (replace paths with your actual paths):
- Make sure to update:
- The path to
uv(usewhich uvto find it) - The directory path to where this repository is cloned
- Your Chronicle credentials (project ID, customer ID, and region)
- The path to
- Save the file and restart Claude Desktop
- You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active
Features
Security Tools
search_security_events: Search for security events in Chronicle with customizable queriesget_security_alerts: Get security alerts from Chroniclelookup_entity: Look up information about an entity (IP, domain, hash)list_security_rules: List security detection rules from Chronicleget_ioc_matches: Get Indicators of Compromise (IoCs) matches from Chronicle
Installation
Installing via Smithery
To install mcp-secops-v3 for Claude Desktop automatically via Smithery:
Manual Installation
- Install the package:
- Set up your environment variables:
Requirements
- Python 3.11+
- A Google Cloud account with Chronicle Security Operations enabled
- Proper authentication configured
Usage
Running the MCP Server
API Capabilities
The MCP server provides the following capabilities:
- Search Security Events: Search for security events in Chronicle
- Get Security Alerts: Retrieve security alerts
- Lookup Entity: Look up entity information (IP, domain, hash, etc.)
- List Security Rules: List detection rules
- Get IoC Matches: Get Indicators of Compromise matches
Example
See example.py for a complete example of using the MCP server.
Authentication
The server uses Google's authentication. Make sure you have either:
- Set up Application Default Credentials (ADC)
- Set a GOOGLE_APPLICATION_CREDENTIALS environment variable
- Used
gcloud auth application-default login
License
Apache 2.0
Development
The project is structured as follows:
secops_mcp.py: Main MCP server implementationexample.py: Example usage of the MCP server
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
An MCP server for interacting with Google's Chronicle Security Operations suite, enabling users to search security events, get alerts, look up entities, list security rules, and retrieve IoC matches.
Related Resources
Related MCP Servers
- -securityFlicense-qualityAn MCP server that provides access to Google Cloud Monitoring API, enabling interaction with cloud resources monitoring data through natural language commands.Last updated -Python
- -securityFlicense-qualityAn MCP Server that enables interaction with Google Cloud's Data Loss Prevention (DLP) API, allowing users to discover, classify, and protect sensitive data through natural language commands.Last updated -Python
- AsecurityFlicenseAqualityAn MCP server that enables querying and interacting with Google Cloud services including Logging, Spanner, Monitoring, and Cloud Trace through natural language.Last updated -176971TypeScript