get_security_alerts

Retrieve and monitor security alerts from Google's Chronicle SecOps platform. Configure parameters like time range, alert count, and status filters to streamline threat detection and response.

Instructions

Get security alerts from Chronicle.

Args:
    project_id: Google Cloud project ID (defaults to config)
    customer_id: Chronicle customer ID (defaults to config)
    hours_back: How many hours to look back (default: 24)
    max_alerts: Maximum number of alerts to return (default: 10)
    status_filter: Query string to filter alerts by status (default: exclude closed)
    region: Chronicle region (defaults to config)
    
Returns:
    Formatted string with security alerts

Input Schema

Name	Required	Default
`customer_id`	No
`hours_back`	No
`max_alerts`	No
`project_id`	No
`region`	No
`status_filter`	No	feedback_summary.status != "CLOSED"

Input Schema (JSON Schema)

{
  "properties": {
    "customer_id": {
      "default": null,
      "title": "Customer Id",
      "type": "string"
    },
    "hours_back": {
      "default": 24,
      "title": "Hours Back",
      "type": "integer"
    },
    "max_alerts": {
      "default": 10,
      "title": "Max Alerts",
      "type": "integer"
    },
    "project_id": {
      "default": null,
      "title": "Project Id",
      "type": "string"
    },
    "region": {
      "default": null,
      "title": "Region",
      "type": "string"
    },
    "status_filter": {
      "default": "feedback_summary.status != \"CLOSED\"",
      "title": "Status Filter",
      "type": "string"
    }
  },
  "title": "get_security_alertsArguments",
  "type": "object"
}

Chronicle SecOps MCP Server

get_security_alerts

Instructions

Input Schema

Input Schema (JSON Schema)

Other Tools from Chronicle SecOps MCP Server

Related Tools

MCP directory API