Happy slice of mcp pizzaMCP.pizza

mcp-secops-v3

MCP.Pizza Chef: emeryray2002

mcp-secops-v3 is an MCP server designed to interface with Google's Chronicle Security Operations API, enabling real-time security data access and interaction within the Model Context Protocol ecosystem. It facilitates secure, structured communication between LLMs and the Chronicle SecOps suite, streamlining security operations workflows and incident response automation. Note: This project is deprecated in favor of a newer MCP security server by Google.

Use This MCP server To

Query security incident data from Google's Chronicle SecOps API Automate threat detection workflows using real-time security context Integrate security alerts into AI-driven incident response systems Fetch and analyze security telemetry for SOC automation Enable LLMs to access and act on security operations data Correlate security events for faster investigation and remediation

README

This project is deprecated in favor of: https://github.com/google/mcp-security

Chronicle SecOps MCP Server

smithery badge

This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations suite. MCP Info

Installing in Claude Desktop

To use this MCP server with Claude Desktop:

  1. Install Claude Desktop

  2. Open Claude Desktop and select "Settings" from the Claude menu

  3. Click on "Developer" in the lefthand bar, then click "Edit Config"

  4. Update your claude_desktop_config.json with the following configuration (replace paths with your actual paths):

{
  "mcpServers": {
    "secops-mcp": {
      "command": "/path/to/your/uv",
      "args": [
        "--directory",
        "/path/to/your/mcp-secops-v3",
        "run",
        "secops_mcp.py"
      ],
      "env": {
        "CHRONICLE_PROJECT_ID": "your-google-cloud-project-id",
        "CHRONICLE_CUSTOMER_ID": "your-chronicle-customer-id",
        "CHRONICLE_REGION": "us"
      }
    }
  }
}

  1. Make sure to update:

    • The path to uv (use which uv to find it)
    • The directory path to where this repository is cloned
    • Your Chronicle credentials (project ID, customer ID, and region)

  2. Save the file and restart Claude Desktop

  3. You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active

Features

Security Tools

  • search_security_events: Search for security events in Chronicle with customizable queries
  • get_security_alerts: Get security alerts from Chronicle
  • lookup_entity: Look up information about an entity (IP, domain, hash)
  • list_security_rules: List security detection rules from Chronicle
  • get_ioc_matches: Get Indicators of Compromise (IoCs) matches from Chronicle

Installation

Installing via Smithery

To install mcp-secops-v3 for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @emeryray2002/mcp-secops-v3 --client claude

Manual Installation

  1. Install the package:
pip install -e .
  1. Set up your environment variables:
export CHRONICLE_PROJECT_ID="your-google-cloud-project-id"
export CHRONICLE_CUSTOMER_ID="your-chronicle-customer-id"
export CHRONICLE_REGION="us"  # or your region

Requirements

  • Python 3.11+
  • A Google Cloud account with Chronicle Security Operations enabled
  • Proper authentication configured

Usage

Running the MCP Server

python main.py

API Capabilities

The MCP server provides the following capabilities:

  1. Search Security Events: Search for security events in Chronicle
  2. Get Security Alerts: Retrieve security alerts
  3. Lookup Entity: Look up entity information (IP, domain, hash, etc.)
  4. List Security Rules: List detection rules
  5. Get IoC Matches: Get Indicators of Compromise matches

Example

See example.py for a complete example of using the MCP server.

Authentication

The server uses Google's authentication. Make sure you have either:

  1. Set up Application Default Credentials (ADC)
  2. Set a GOOGLE_APPLICATION_CREDENTIALS environment variable
  3. Used gcloud auth application-default login

License

Apache 2.0

Development

The project is structured as follows:

  • secops_mcp.py: Main MCP server implementation
  • example.py: Example usage of the MCP server

mcp-secops-v3 FAQ

How do I install mcp-secops-v3 with Claude Desktop?
Install Claude Desktop, then update the claude_desktop_config.json with the server command and args as specified in the README.
Is mcp-secops-v3 still actively maintained?
No, this project is deprecated in favor of https://github.com/google/mcp-security for improved features and support.
What security data can mcp-secops-v3 access?
It accesses security incidents, alerts, and telemetry data from Google's Chronicle Security Operations API.
Can mcp-secops-v3 be used with other LLM providers?
Yes, it supports integration with various LLMs like OpenAI, Claude, and Gemini through the MCP protocol.
How does mcp-secops-v3 ensure secure communication?
It uses scoped, secure API calls within the MCP framework to protect sensitive security data.
What programming languages or environments does mcp-secops-v3 support?
It runs as a Python-based MCP server and can be integrated into environments supporting MCP clients.
Where can I find the updated version of this MCP server?
The updated MCP security server is available at https://github.com/google/mcp-security.