Skip to main content
Glama
enesjakozh

Chronicle SecOps MCP Server

by emeryray2002
GitHub
Python
Apache 2.0
6
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault
CHRONICLE_REGIONNoYour Chronicle regionus
CHRONICLE_PROJECT_IDYesYour Google Cloud project ID
CHRONICLE_CUSTOMER_IDYesYour Chronicle customer ID

Schema

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Tools

Functions exposed to the LLM to take actions

NameDescription
search_security_events

Search for security events in Chronicle using natural language.

This function allows you to search for events using everyday language instead of requiring UDM query syntax. The natural language query will be automatically translated into a Chronicle UDM query for execution. Examples of natural language queries: - "Show me network connections from yesterday for the domain google.com" - "Display connections to IP address 192.168.1.100" Args: text: Natural language description of the events you want to find project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) max_events: Maximum number of events to return (default: 100) region: Chronicle region (defaults to config) Returns: Dictionary containing the UDM query and search results, including events and metadata.
get_security_alerts

Get security alerts from Chronicle.

Args: project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) max_alerts: Maximum number of alerts to return (default: 10) status_filter: Query string to filter alerts by status (default: exclude closed) region: Chronicle region (defaults to config) Returns: Formatted string with security alerts
lookup_entity

Look up an entity (IP, domain, hash, etc.) in Chronicle.

Args: entity_value: Value to look up (IP, domain, hash, etc.) project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) region: Chronicle region (defaults to config) Returns: Entity summary information
list_security_rules

List security detection rules from Chronicle.

Args: project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) region: Chronicle region (defaults to config) Returns: Raw response from the Chronicle API containing security detection rules
get_ioc_matches

Get Indicators of Compromise (IoCs) matches from Chronicle.

Args: project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) max_matches: Maximum number of matches to return (default: 20) region: Chronicle region (defaults to config) Returns: Formatted string with IoC matches

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/emeryray2002/mcp-secops-v3'

If you have feedback or need assistance with the MCP directory API, please join our Discord server