Google SecOps MCP server

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for dandye_google from gravatar.com dandye_google Avatar for emeryray02 from gravatar.com emeryray02 Avatar for mihirvala08 from gravatar.com mihirvala08 Avatar for panoskoug from gravatar.com panoskoug

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.11
Report project as malware

Project description

This is a personal project.

Chronicle SecOps MCP Server

smithery badge

This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations suite. MCP Info

Installing in Claude Desktop

To use this MCP server with Claude Desktop:

  1. Install Claude Desktop

  2. Open Claude Desktop and select "Settings" from the Claude menu

  3. Click on "Developer" in the lefthand bar, then click "Edit Config"

  4. Update your claude_desktop_config.json with the following configuration (replace paths with your actual paths):

{
  "mcpServers": {
    "secops-mcp": {
      "command": "/path/to/your/uv",
      "args": [
        "--directory",
        "/path/to/your/mcp-secops-v3",
        "run",
        "secops_mcp.py"
      ],
      "env": {
        "CHRONICLE_PROJECT_ID": "your-google-cloud-project-id",
        "CHRONICLE_CUSTOMER_ID": "your-chronicle-customer-id",
        "CHRONICLE_REGION": "us"
      }
    }
  }
}

  1. Make sure to update:

    • The path to uv (use which uv to find it)
    • The directory path to where this repository is cloned
    • Your Chronicle credentials (project ID, customer ID, and region)

  2. Save the file and restart Claude Desktop

  3. You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active

Features

Security Tools

  • search_security_events: Search for security events in Chronicle with customizable queries
  • get_security_alerts: Get security alerts from Chronicle
  • lookup_entity: Look up information about an entity (IP, domain, hash)
  • list_security_rules: List security detection rules from Chronicle
  • get_ioc_matches: Get Indicators of Compromise (IoCs) matches from Chronicle

Installation

Installing via Smithery

To install mcp-secops-v3 for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @emeryray2002/mcp-secops-v3 --client claude

Manual Installation

  1. Install the package:
pip install -e .
  1. Set up your environment variables:
export CHRONICLE_PROJECT_ID="your-google-cloud-project-id"
export CHRONICLE_CUSTOMER_ID="your-chronicle-customer-id"
export CHRONICLE_REGION="us"  # or your region

Requirements

  • Python 3.11+
  • A Google Cloud account with Chronicle Security Operations enabled
  • Proper authentication configured

Usage

Running the MCP Server

python main.py

API Capabilities

The MCP server provides the following capabilities:

  1. Search Security Events: Search for security events in Chronicle
  2. Get Security Alerts: Retrieve security alerts
  3. Lookup Entity: Look up entity information (IP, domain, hash, etc.)
  4. List Security Rules: List detection rules
  5. Get IoC Matches: Get Indicators of Compromise matches

Example

See example.py for a complete example of using the MCP server.

Authentication

The server uses Google's authentication. Make sure you have either:

  1. Set up Application Default Credentials (ADC)
  2. Set a GOOGLE_APPLICATION_CREDENTIALS environment variable
  3. Used gcloud auth application-default login

License

Apache 2.0

Development

The project is structured as follows:

  • secops_mcp.py: Main MCP server implementation
  • example.py: Example usage of the MCP server

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for dandye_google from gravatar.com dandye_google Avatar for emeryray02 from gravatar.com emeryray02 Avatar for mihirvala08 from gravatar.com mihirvala08 Avatar for panoskoug from gravatar.com panoskoug

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.11

Release history Release notifications | RSS feed

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secops_mcp-0.1.2.tar.gz (10.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secops_mcp-0.1.2-py3-none-any.whl (11.5 kB view details)

Uploaded Python 3

File details

Details for the file secops_mcp-0.1.2.tar.gz.

File metadata

  • Download URL: secops_mcp-0.1.2.tar.gz
  • Upload date:
  • Size: 10.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.6.9

File hashes

Hashes for secops_mcp-0.1.2.tar.gz
Algorithm Hash digest
SHA256 c4c4e00b18fa2d68a02cb448ada06f9db7a484a49fe6f66dff5338a9de014335
MD5 2f41416dc4ee95ff47338d1618328033
BLAKE2b-256 18c6a64e4c457d230372365f2c36eda17add74dd6b0e80899b117a3c30a4a9a6

See more details on using hashes here.

File details

Details for the file secops_mcp-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: secops_mcp-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 11.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.6.9

File hashes

Hashes for secops_mcp-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 6d558d446e51e6de2ad461fb936ed96ef143d65dd641ad232ed9fcafe434d85b
MD5 f2f70ee7fe77b0d17236d2b30f453f96
BLAKE2b-256 e545263249b1564e4a5ab0d66712ed18a76fd8aa2ef32162b33908b027502782

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page