mcp-secops-v3

mcp-secops-v3

5
security

Chronicle SecOps MCP Server is designed to integrate with Google's Chronicle Security Operations suite, providing tools to search for security events, get security alerts, and manage detection rules. Essential features include searching for Indicators of Compromise and looking up entity information, supporting security operations.

Chronicle SecOps MCP Server

This project is an MCP server for interacting with Google's Chronicle Security Operations suite.

Features

  • Search security events in Chronicle with customizable queries
  • Get security alerts from Chronicle
  • Look up information about an entity (IP, domain, hash)
  • List security detection rules from Chronicle
  • Get Indicators of Compromise (IoCs) matches

Installation

  • Install via Smithery for Claude Desktop automatically or manually using pip.

Usage

  • The server provides capabilities like searching for security events, retrieving alerts, looking up entity information, listing security rules, and getting IoC matches.

Requirements

  • Python 3.11+
  • Google Cloud account with Chronicle Security Operations enabled
  • Proper authentication configured.