Skip to main content
Glama

Chronicle SecOps MCP Server

by emeryray2002

search_security_events

Search security events in Chronicle using natural language queries. Translate everyday language into UDM queries to retrieve relevant event data, simplifying threat investigation and analysis.

Instructions

Search for security events in Chronicle using natural language.

This function allows you to search for events using everyday language instead of requiring UDM query syntax. The natural language query will be automatically translated into a Chronicle UDM query for execution. Examples of natural language queries: - "Show me network connections from yesterday for the domain google.com" - "Display connections to IP address 192.168.1.100" Args: text: Natural language description of the events you want to find project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) max_events: Maximum number of events to return (default: 100) region: Chronicle region (defaults to config) Returns: Dictionary containing the UDM query and search results, including events and metadata.

Input Schema

NameRequiredDescriptionDefault
customer_idNo
hours_backNo
max_eventsNo
project_idNo
regionNo
textYes

Input Schema (JSON Schema)

{ "properties": { "customer_id": { "default": null, "title": "Customer Id", "type": "string" }, "hours_back": { "default": 24, "title": "Hours Back", "type": "integer" }, "max_events": { "default": 100, "title": "Max Events", "type": "integer" }, "project_id": { "default": null, "title": "Project Id", "type": "string" }, "region": { "default": null, "title": "Region", "type": "string" }, "text": { "title": "Text", "type": "string" } }, "required": [ "text" ], "title": "search_security_eventsArguments", "type": "object" }
Install Server

Other Tools from Chronicle SecOps MCP Server

Related Tools

    MCP directory API

    We provide all the information about MCP servers via our MCP API.

    curl -X GET 'https://glama.ai/api/mcp/v1/servers/emeryray2002/mcp-secops-v3'

    If you have feedback or need assistance with the MCP directory API, please join our Discord server