get_security_alerts
Retrieve active security alerts from Google's Chronicle SecOps MCP Server by specifying project, customer ID, time range, and alert status filters for streamlined threat monitoring.
Instructions
Get security alerts from Chronicle.
Args:
project_id: Google Cloud project ID (defaults to config)
customer_id: Chronicle customer ID (defaults to config)
hours_back: How many hours to look back (default: 24)
max_alerts: Maximum number of alerts to return (default: 10)
status_filter: Query string to filter alerts by status (default: exclude closed)
region: Chronicle region (defaults to config)
Returns:
Formatted string with security alerts
Input Schema
Name | Required | Description | Default |
---|---|---|---|
customer_id | No | ||
hours_back | No | ||
max_alerts | No | ||
project_id | No | ||
region | No | ||
status_filter | No | feedback_summary.status != "CLOSED" |
Input Schema (JSON Schema)
{
"properties": {
"customer_id": {
"default": null,
"title": "Customer Id",
"type": "string"
},
"hours_back": {
"default": 24,
"title": "Hours Back",
"type": "integer"
},
"max_alerts": {
"default": 10,
"title": "Max Alerts",
"type": "integer"
},
"project_id": {
"default": null,
"title": "Project Id",
"type": "string"
},
"region": {
"default": null,
"title": "Region",
"type": "string"
},
"status_filter": {
"default": "feedback_summary.status != \"CLOSED\"",
"title": "Status Filter",
"type": "string"
}
},
"title": "get_security_alertsArguments",
"type": "object"
}