Chronicle Security Operations
Summary
This MCP server provides a bridge to Google's Chronicle Security Operations suite, enabling AI assistants to perform security analysis tasks through a standardized interface. Built with Python using the FastMCP framework, it offers tools for searching security events, retrieving alerts, looking up entities (IPs, domains, hashes), listing detection rules, and getting IoC matches. The implementation handles authentication through Google Cloud credentials and supports configurable parameters like time ranges and result limits. It's particularly valuable for security analysts who want to leverage AI assistants for threat hunting, incident investigation, and security monitoring without leaving their conversation interface.
Available Actions(5)
search_security_events
Search for security events in Chronicle with customizable queries.
get_security_alerts
Get security alerts from Chronicle.
lookup_entity
Look up information about an entity (IP, domain, hash).
list_security_rules
List security detection rules from Chronicle.
get_ioc_matches
Get Indicators of Compromise (IoCs) matches from Chronicle.
Community Reviews
No reviews yet. Be the first to review!
Sign in to join the conversation
