drio
Open app

Chronicle SecOps MCP Server

Source

This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations API.

Catalog onlyCatalog onlySTDIO

Overview

Chronicle SecOps MCP Server is an MCP (Model Context Protocol) server designed for interacting with Google's Chronicle Security Operations API, enabling users to manage and analyze security events effectively.

To use the MCP server, install Claude Desktop, configure the claude_desktop_config.json file with your specific paths and Google Chronicle credentials, and run the server using Python.

  • Search for security events with customizable queries. - Retrieve security alerts from Chronicle. - Lookup information about entities (IP, domain, hash). - List security detection rules from Chronicle. - Get Indicators of Compromise (IoCs) matches.
  1. Monitoring and analyzing security events in real-time.
  2. Automating security alert retrieval for incident response.
  3. Conducting entity lookups for threat intelligence.
  4. Managing security detection rules for proactive defense.

Add to your AI client

Use these steps to connect Chronicle SecOps MCP Server in Cursor, Claude, VS Code, and other MCP-compatible apps. The same JSON appears in the Use with menu above for one-click copy.

Cursor

Add this to your .cursor/mcp.json file in your project root, then restart Cursor.

.cursor/mcp.json

{
  "mcpServers": {
    "mcp-secops-v3-emeryray2002": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-mcp-secops-v3-emeryray2002"
      ]
    }
  }
}

Claude Desktop

Add this server entry to the mcpServers object in your Claude Desktop config, then restart the app.

~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows)

{
  "mcpServers": {
    "mcp-secops-v3-emeryray2002": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-mcp-secops-v3-emeryray2002"
      ]
    }
  }
}

Claude Code

Add this to your project's .mcp.json file. Claude Code will detect it automatically.

.mcp.json (project root)

{
  "mcpServers": {
    "mcp-secops-v3-emeryray2002": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-mcp-secops-v3-emeryray2002"
      ]
    }
  }
}

VS Code (Copilot)

Add this to your .vscode/mcp.json file. Requires the GitHub Copilot extension with MCP support enabled.

.vscode/mcp.json

{
  "servers": {
    "mcp-secops-v3-emeryray2002": {
      "type": "stdio",
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-mcp-secops-v3-emeryray2002"
      ]
    }
  }
}

Windsurf

Add this to your Windsurf MCP config file, then restart Windsurf.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "mcp-secops-v3-emeryray2002": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-mcp-secops-v3-emeryray2002"
      ]
    }
  }
}

Cline

Open Cline settings, navigate to MCP Servers, and add this server configuration.

Cline MCP Settings (via UI)

{
  "mcpServers": {
    "mcp-secops-v3-emeryray2002": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-mcp-secops-v3-emeryray2002"
      ]
    }
  }
}

FAQ

What are the requirements to run the MCP server?

You need Python 3.11+, a Google Cloud account with Chronicle Security Operations enabled, and proper authentication configured.

How do I authenticate with Google Chronicle?

You can set up Application Default Credentials (ADC) or use the `gcloud auth application-default login` command to authenticate.

Is there an example of using the MCP server?

Yes, you can refer to `example.py` for a complete example of using the MCP server.7:["$","div",null,{"className":"container mx-auto flex flex-col gap-4","children":["$L26","$L27",["$","$L28",null,{"currentProject":{"id":3328,"uuid":"860caac4-8f41-46a6-8e4a-5ed7e9749ae8","name":"mcp-secops-v3","title":"Chronicle SecOps MCP Server","description":"This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations API.","avatar_url":"https://avatars.githubusercontent.com/u/62354532?v=4","created_at":"2025-03-18T20:37:06.786Z","updated_at":"2025-03-18T20:39:49.488Z","status":"created","author_name":"emeryray2002","author_avatar_url":"https://avatars.githubusercontent.com/u/62354532?v=4","tags":"[]","category":"research-and-data","is_featured":false,"sort":1,"url":"https://github.com/emeryray2002/mcp-secops-v3","target":"_self","content":"$29","summary":"$2a","img_url":"https://camo.githubusercontent.com/d6bc1f1fee11cfd9b1932ae93342a29ad9bb6d2dbc47ac303934627b1f5ec6d7/68747470733a2f2f736d6974686572792e61692f62616467652f40656d657279726179323030322f6d63702d7365636f70732d7633","type":null,"metadata":"{\"star\":\"5\",\"license\":\"Apache-2.0 license\",\"language\":\"Python\",\"is_official\":false,\"latest_commit_time\":\"2025-04-26 13:40:17\"}","user_uuid":null,"tools":null,"sse_url":null,"sse_provider":null,"sse_params":null,"is_official":false,"server_command":null,"server_params":null,"server_config":null,"allow_call":false,"is_innovation":false,"is_dxt":false,"dxt_manifest":null,"dxt_file_url":null,"is_audit":false},"randomProjects":[],"currentServerKey":"$undefined"}]]}]

Research and data