get_security_alerts

Retrieve active security alerts from Google's Chronicle SecOps MCP Server by specifying project, customer ID, time range, and alert status filters for streamlined threat monitoring.

Instructions

Get security alerts from Chronicle.

Args:
    project_id: Google Cloud project ID (defaults to config)
    customer_id: Chronicle customer ID (defaults to config)
    hours_back: How many hours to look back (default: 24)
    max_alerts: Maximum number of alerts to return (default: 10)
    status_filter: Query string to filter alerts by status (default: exclude closed)
    region: Chronicle region (defaults to config)

Returns:
    Formatted string with security alerts

Input Schema

Name	Required	Default
`customer_id`	No
`hours_back`	No
`max_alerts`	No
`project_id`	No
`region`	No
`status_filter`	No	feedback_summary.status != "CLOSED"

Input Schema (JSON Schema)

{
  "properties": {
    "customer_id": {
      "default": null,
      "title": "Customer Id",
      "type": "string"
    },
    "hours_back": {
      "default": 24,
      "title": "Hours Back",
      "type": "integer"
    },
    "max_alerts": {
      "default": 10,
      "title": "Max Alerts",
      "type": "integer"
    },
    "project_id": {
      "default": null,
      "title": "Project Id",
      "type": "string"
    },
    "region": {
      "default": null,
      "title": "Region",
      "type": "string"
    },
    "status_filter": {
      "default": "feedback_summary.status != \"CLOSED\"",
      "title": "Status Filter",
      "type": "string"
    }
  },
  "title": "get_security_alertsArguments",
  "type": "object"
}

Chronicle SecOps MCP Server

get_security_alerts

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Chronicle SecOps MCP Server

Related Tools

MCP directory API