Skip to main content
Glama
Sign In
enesjakozh

Chronicle SecOps MCP Server

by emeryray2002
GitHub
Python
Apache 2.0
5
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Integrations

  • Provides tools for interacting with Google's Chronicle Security Operations suite, including searching security events, retrieving security alerts, looking up entity information, listing detection rules, and getting Indicators of Compromise matches.

This project is deprecated in favor of: https://github.com/google/mcp-security

Chronicle SecOps MCP Server

This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations suite. MCP Info

Installing in Claude Desktop

To use this MCP server with Claude Desktop:

  1. Install Claude Desktop
  2. Open Claude Desktop and select "Settings" from the Claude menu
  3. Click on "Developer" in the lefthand bar, then click "Edit Config"
  4. Update your claude_desktop_config.json with the following configuration (replace paths with your actual paths):
{ "mcpServers": { "secops-mcp": { "command": "/path/to/your/uv", "args": [ "--directory", "/path/to/your/mcp-secops-v3", "run", "secops_mcp.py" ], "env": { "CHRONICLE_PROJECT_ID": "your-google-cloud-project-id", "CHRONICLE_CUSTOMER_ID": "your-chronicle-customer-id", "CHRONICLE_REGION": "us" } } } }
  1. Make sure to update:
    • The path to uv (use which uv to find it)
    • The directory path to where this repository is cloned
    • Your Chronicle credentials (project ID, customer ID, and region)
  2. Save the file and restart Claude Desktop
  3. You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active

Features

Security Tools

  • search_security_events: Search for security events in Chronicle with customizable queries
  • get_security_alerts: Get security alerts from Chronicle
  • lookup_entity: Look up information about an entity (IP, domain, hash)
  • list_security_rules: List security detection rules from Chronicle
  • get_ioc_matches: Get Indicators of Compromise (IoCs) matches from Chronicle

Installation

Installing via Smithery

To install mcp-secops-v3 for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @emeryray2002/mcp-secops-v3 --client claude

Manual Installation

  1. Install the package:
pip install -e .
  1. Set up your environment variables:
export CHRONICLE_PROJECT_ID="your-google-cloud-project-id" export CHRONICLE_CUSTOMER_ID="your-chronicle-customer-id" export CHRONICLE_REGION="us" # or your region

Requirements

  • Python 3.11+
  • A Google Cloud account with Chronicle Security Operations enabled
  • Proper authentication configured

Usage

Running the MCP Server

python main.py

API Capabilities

The MCP server provides the following capabilities:

  1. Search Security Events: Search for security events in Chronicle
  2. Get Security Alerts: Retrieve security alerts
  3. Lookup Entity: Look up entity information (IP, domain, hash, etc.)
  4. List Security Rules: List detection rules
  5. Get IoC Matches: Get Indicators of Compromise matches

Example

See example.py for a complete example of using the MCP server.

Authentication

The server uses Google's authentication. Make sure you have either:

  1. Set up Application Default Credentials (ADC)
  2. Set a GOOGLE_APPLICATION_CREDENTIALS environment variable
  3. Used gcloud auth application-default login

License

Apache 2.0

Development

The project is structured as follows:

  • secops_mcp.py: Main MCP server implementation
  • example.py: Example usage of the MCP server

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

An MCP server for interacting with Google's Chronicle Security Operations suite, enabling users to search security events, get alerts, look up entities, list security rules, and retrieve IoC matches.

  1. Installing in Claude Desktop
    1. Features
      1. Security Tools
    2. Installation
      1. Installing via Smithery
      2. Manual Installation
    3. Requirements
      1. Usage
        1. Running the MCP Server
        2. API Capabilities
        3. Example
      2. Authentication
        1. License
          1. Development

            Related Resources

            Related MCP Servers

            • Google Search MCP Server

              mixelpixx
              A
              security
              F
              license
              A
              quality
              An MCP (Model Context Protocol) server that provides Google search capabilities and webpage content analysis tools. This server enables AI models to perform Google searches and analyze webpage content programmatically.
              Last updated -
              3
              46
              41
              TypeScript

            • Safe MCP Server

              5ajaki
              A
              security
              A
              license
              A
              quality
              An MCP server that enables interaction with Safe (formerly Gnosis Safe) smart contract wallets, allowing users to query transactions, get multisig details, and decode transaction data through natural language.
              Last updated -
              3
              JavaScript
              MIT License

            • Semgrep MCP Serverofficial

              semgrep
              A
              security
              A
              license
              A
              quality
              An MCP server that provides a comprehensive interface to Semgrep, enabling users to scan code for security vulnerabilities, create custom rules, and analyze scan results through the Model Context Protocol.
              Last updated -
              6
              140
              Python
              MIT License
              • Linux
              • Apple

            • Weekly Report Checker

              kaneyxx
              -
              security
              F
              license
              -
              quality
              An MCP server that monitors and provides analytics on weekly report submissions in a Google Sheet, allowing users to check missing submissions, view statistics, and track individual reporting status.
              Last updated -
              Python

            View all related MCP servers

            Appeared in Searches

            New MCP Servers

            ID: lm1ba3zga0