Chronicle SecOps MCP Server

Chronicle SecOps MCP Server

An MCP server for interacting with Google's Chronicle Security Operations suite, enabling users to search security events, get alerts, look up entities, list security rules, and retrieve IoC matches.

emeryray2002

Research & Data
Visit Server

README

This is a personal project.

Chronicle SecOps MCP Server

smithery badge

This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations suite. MCP Info

Installing in Claude Desktop

To use this MCP server with Claude Desktop:

  1. Install Claude Desktop

  2. Open Claude Desktop and select "Settings" from the Claude menu

  3. Click on "Developer" in the lefthand bar, then click "Edit Config"

  4. Update your claude_desktop_config.json with the following configuration (replace paths with your actual paths):

{
  "mcpServers": {
    "secops-mcp": {
      "command": "/path/to/your/uv",
      "args": [
        "--directory",
        "/path/to/your/mcp-secops-v3",
        "run",
        "secops_mcp.py"
      ],
      "env": {
        "CHRONICLE_PROJECT_ID": "your-google-cloud-project-id",
        "CHRONICLE_CUSTOMER_ID": "your-chronicle-customer-id",
        "CHRONICLE_REGION": "us"
      }
    }
  }
}

  1. Make sure to update:

    • The path to uv (use which uv to find it)
    • The directory path to where this repository is cloned
    • Your Chronicle credentials (project ID, customer ID, and region)

  2. Save the file and restart Claude Desktop

  3. You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active

Features

Security Tools

  • search_security_events: Search for security events in Chronicle with customizable queries
  • get_security_alerts: Get security alerts from Chronicle
  • lookup_entity: Look up information about an entity (IP, domain, hash)
  • list_security_rules: List security detection rules from Chronicle
  • get_ioc_matches: Get Indicators of Compromise (IoCs) matches from Chronicle

Installation

Installing via Smithery

To install mcp-secops-v3 for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @emeryray2002/mcp-secops-v3 --client claude

Manual Installation

  1. Install the package:
pip install -e .
  1. Set up your environment variables:
export CHRONICLE_PROJECT_ID="your-google-cloud-project-id"
export CHRONICLE_CUSTOMER_ID="your-chronicle-customer-id"
export CHRONICLE_REGION="us"  # or your region

Requirements

  • Python 3.11+
  • A Google Cloud account with Chronicle Security Operations enabled
  • Proper authentication configured

Usage

Running the MCP Server

python main.py

API Capabilities

The MCP server provides the following capabilities:

  1. Search Security Events: Search for security events in Chronicle
  2. Get Security Alerts: Retrieve security alerts
  3. Lookup Entity: Look up entity information (IP, domain, hash, etc.)
  4. List Security Rules: List detection rules
  5. Get IoC Matches: Get Indicators of Compromise matches

Example

See example.py for a complete example of using the MCP server.

Authentication

The server uses Google's authentication. Make sure you have either:

  1. Set up Application Default Credentials (ADC)
  2. Set a GOOGLE_APPLICATION_CREDENTIALS environment variable
  3. Used gcloud auth application-default login

License

Apache 2.0

Development

The project is structured as follows:

  • secops_mcp.py: Main MCP server implementation
  • example.py: Example usage of the MCP server

Recommended Servers

Crypto Price & Market Analysis MCP Server

Crypto Price & Market Analysis MCP Server

A Model Context Protocol (MCP) server that provides comprehensive cryptocurrency analysis using the CoinCap API. This server offers real-time price data, market analysis, and historical trends through an easy-to-use interface.

Featured
TypeScript
MCP PubMed Search

MCP PubMed Search

Server to search PubMed (PubMed is a free, online database that allows users to search for biomedical and life sciences literature). I have created on a day MCP came out but was on vacation, I saw someone post similar server in your DB, but figured to post mine.

Featured
Python
dbt Semantic Layer MCP Server

dbt Semantic Layer MCP Server

A server that enables querying the dbt Semantic Layer through natural language conversations with Claude Desktop and other AI assistants, allowing users to discover metrics, create queries, analyze data, and visualize results.

Featured
TypeScript
mixpanel

mixpanel

Connect to your Mixpanel data. Query events, retention, and funnel data from Mixpanel analytics.

Featured
TypeScript
Sequential Thinking MCP Server

Sequential Thinking MCP Server

This server facilitates structured problem-solving by breaking down complex issues into sequential steps, supporting revisions, and enabling multiple solution paths through full MCP integration.

Featured
Python
Nefino MCP Server

Nefino MCP Server

Provides large language models with access to news and information about renewable energy projects in Germany, allowing filtering by location, topic (solar, wind, hydrogen), and date range.

Official
Python
Vectorize

Vectorize

Vectorize MCP server for advanced retrieval, Private Deep Research, Anything-to-Markdown file extraction and text chunking.

Official
JavaScript
Mathematica Documentation MCP server

Mathematica Documentation MCP server

A server that provides access to Mathematica documentation through FastMCP, enabling users to retrieve function documentation and list package symbols from Wolfram Mathematica.

Local
Python
kb-mcp-server

kb-mcp-server

An MCP server aimed to be portable, local, easy and convenient to support semantic/graph based retrieval of txtai "all in one" embeddings database. Any txtai embeddings db in tar.gz form can be loaded

Local
Python
Research MCP Server

Research MCP Server

The server functions as an MCP server to interact with Notion for retrieving and creating survey data, integrating with the Claude Desktop Client for conducting and reviewing surveys.

Local
Python