# Chronicle SecOps MCP Server
This is an MCP (Model Context Protocol) server for interacting with Google's
Chronicle Security Operations suite.
[MCP Info](https://modelcontextprotocol.io/introduction)
## Features
### Security Tools
- **`search_security_events(text, project_id=None, customer_id=None, hours_back=24, max_events=100, region=None)`**
- Searches for security events in Chronicle using natural language. Translates the natural language query (`text`) into a UDM query and executes it.
- **`get_security_alerts(project_id=None, customer_id=None, hours_back=24, max_alerts=10, status_filter='feedback_summary.status != "CLOSED"', region=None)`**
- Retrieves security alerts from Chronicle, filtered by time range and status.
- **`lookup_entity(entity_value, project_id=None, customer_id=None, hours_back=24, region=None)`**
- Looks up an entity (IP, domain, hash, etc.) in Chronicle.
- **`list_security_rules(project_id=None, customer_id=None, region=None)`**
- Lists security detection rules from Chronicle.
- **`search_security_rules(query, project_id=None, customer_id=None, region=None)`**
- Searches security detection rules from Chronicle using regex.
- **`get_detection_rule(rule_id, project_id=None, customer_id=None, region=None)`**
- Retrieves complete YARA-L detection rule code and metadata from Chronicle by Rule Id.
- **`get_ioc_matches(project_id=None, customer_id=None, hours_back=24, max_matches=20, region=None)`**
- Retrieves Indicators of Compromise (IoCs) matches from Chronicle within a specified time range.
- **`get_threat_intel(query, project_id=None, customer_id=None, region=None)`**
- Get answers to general security domain questions and specific threat intelligence information using Chronicle's AI capabilities.
- **`search_udm(query, hours_back=24, max_events=100, project_id=None, customer_id=None, region=None)`**
- Searches UDM events directly in Chronicle using raw UDM query syntax. Useful for precise, technical searches when you know the exact UDM field paths.
- **`export_udm_search_csv(query, fields, hours_back=24, case_insensitive=True, project_id=None, customer_id=None, region=None)`**
- Exports UDM search results to CSV format with specified fields for analysis and reporting. Great for exporting security event data for offline analysis.
- **`find_udm_field_values(query, page_size=None, project_id=None, customer_id=None, region=None)`**
- Finds and autocompletes UDM field values in Chronicle SIEM. Helps discover valid field values when building queries without needing to know exact matches.
### Log Ingestion Tools
- **`ingest_raw_log(log_type, log_message, project_id=None, customer_id=None, region=None, forwarder_id=None, labels=None, log_entry_time=None, collection_time=None)`**
- Ingest raw logs directly into Chronicle SIEM. Supports various formats (JSON, XML, CEF, etc.) and batch ingestion.
- **`ingest_udm_events(udm_events, project_id=None, customer_id=None, region=None)`**
- Ingest events already formatted in Chronicle's Unified Data Model (UDM) format, bypassing the parsing stage.
- **`get_available_log_types(project_id=None, customer_id=None, region=None, search_term=None)`**
- Get available log types supported by Chronicle for ingestion, optionally filtered by search term.
### Parser Management Tools
- **`create_parser(log_type, parser_code, project_id=None, customer_id=None, region=None, validated_on_empty_logs=True)`**
- Create a custom parser for a specific log type to transform raw logs into Chronicle's UDM format.
- **`get_parser(log_type, parser_id, project_id=None, customer_id=None, region=None)`**
- Get details of a specific parser including its configuration and metadata.
- **`activate_parser(log_type, parser_id, project_id=None, customer_id=None, region=None)`**
- Activate a parser, making it the active parser for the specified log type.
- **`deactivate_parser(log_type, parser_id, project_id=None, customer_id=None, region=None)`**
- Deactivate a parser, stopping it from processing incoming logs of the specified type.
- **`run_parser_against_sample_logs(log_type, parser_code, sample_logs, project_id=None, customer_id=None, region=None, parser_extension_code=None, statedump_allowed=False)`**
- Test parser configuration against sample log entries to validate parsing logic before deployment.
### Data Table Management Tools
- **`create_data_table(name, description, header, project_id=None, customer_id=None, region=None, rows=None)`**
- Create a structured data table that can be referenced in detection rules. Supports multiple column types (STRING, CIDR, INT64, BOOL).
- **`add_rows_to_data_table(table_name, rows, project_id=None, customer_id=None, region=None)`**
- Add new rows to an existing data table, expanding the dataset available for detection rules.
- **`list_data_table_rows(table_name, project_id=None, customer_id=None, region=None, max_rows=50)`**
- List rows in a data table to review contents and verify data integrity.
- **`delete_data_table_rows(table_name, row_ids, project_id=None, customer_id=None, region=None)`**
- Delete specific rows from a data table based on their row IDs.
### Reference List Management Tools
- **`create_reference_list(name, description, entries, project_id=None, customer_id=None, region=None, syntax_type="STRING")`**
- Create a reference list containing values that can be referenced in detection rules. Supports STRING, CIDR, and REGEX syntax types.
- **`get_reference_list(name, project_id=None, customer_id=None, region=None, include_entries=True)`**
- Get details and contents of a reference list including metadata and entries.
- **`update_reference_list(name, project_id=None, customer_id=None, region=None, entries=None, description=None)`**
- Update the contents or description of an existing reference list.
### Feed Management Tools
- **`list_feeds(project_id=None, customer_id=None, region=None)`**
- Lists all configured feeds in Chronicle, providing details such as feed name, status, log type, and source type.
- **`get_feed(feed_id, project_id=None, customer_id=None, region=None)`**
- Get detailed information about a specific feed by ID, including connection settings, log type, state, and metadata.
- **`create_feed(display_name, feed_details, project_id=None, customer_id=None, region=None)`**
- Creates a new feed configuration for ingesting data into Chronicle. Supports various feed types including HTTP, S3, GCS, and GCP SCC.
- **`update_feed(feed_id, display_name=None, feed_details=None, project_id=None, customer_id=None, region=None)`**
- Modifies the configuration of an existing feed. Can update the display name, connection settings, or other properties.
- **`enable_feed(feed_id, project_id=None, customer_id=None, region=None)`**
- Activates a feed that is currently in the INACTIVE state, allowing it to resume data ingestion.
- **`disable_feed(feed_id, project_id=None, customer_id=None, region=None)`**
- Stops data ingestion for a feed by setting its state to INACTIVE. The feed configuration remains but no new data will be processed.
- **`delete_feed(feed_id, project_id=None, customer_id=None, region=None)`**
- Permanently removes a feed configuration from Chronicle. This action cannot be undone.
- **`generate_feed_secret(feed_id, project_id=None, customer_id=None, region=None)`**
- Creates a new authentication secret for feeds that support authentication (e.g., HTTP feeds with basic auth). This replaces any existing secret.
### API Capabilities
The MCP server provides the following capabilities:
1. **Search Security Events**: Search for security events in Chronicle
2. **Get Security Alerts**: Retrieve security alerts
3. **Lookup Entity**: Look up entity information (IP, domain, hash, etc.)
4. **List Security Rules**: List detection rules
5. **Search Security Rules**: Searches detection rules using regex
6. **Get IoC Matches**: Get Indicators of Compromise matches
7. **Get Threat Intel**: Get AI-powered threat intelligence answers
8. **Log Ingestion**: Ingest raw logs and UDM events
9. **Parser Management**: Create, manage, and test log parsers
10. **Data Table Management**: Create and manage structured data tables for detection rules
11. **Reference List Management**: Create and manage reference lists for detection rules
12. **Feed Management**: Create, update, enable, disable, and delete data feeds
13. **UDM Search & Export**: Direct UDM querying, field value autocomplete, and CSV export
### Example
See `example.py` for a complete example of using the MCP server.
## Tool Categories and Use Cases
### Security Operations Tools
These tools focus on core security operations tasks:
- **Event Search & Investigation**: Use `search_security_events` to find security events using natural language queries
- **Alert Management**: Use `get_security_alerts` to retrieve and monitor security alerts
- **Entity Analysis**: Use `lookup_entity` to investigate IPs, domains, hashes, and other indicators
- **Rule Management**: Use `list_security_rules` and `search_security_rules` to manage detection rules
- **Threat Intelligence**: Use `get_ioc_matches` and `get_threat_intel` for IOC analysis and AI-powered insights
- **UDM Analysis & Export**: Use `search_udm`, `export_udm_search_csv`, and `find_udm_field_values` for direct UDM querying, data export, and field discovery
### Data Ingestion & Parsing Tools
These tools help you get data into Chronicle:
- **Raw Log Ingestion**: Use `ingest_raw_log` for logs in their original format (JSON, XML, CEF, etc.)
- **UDM Event Ingestion**: Use `ingest_udm_events` for pre-formatted security events
- **Parser Development**: Use the parser management tools to create custom parsers for unique log formats
- **Testing**: Use `run_parser_against_sample_logs` to validate parser logic before deployment
- **Feed Management**: Use feed management tools (`list_feeds`, `create_feed`, etc.) to configure and manage data collection sources
### Context Data Management Tools
These tools help you maintain reference data for enhanced detections:
- **Data Tables**: Use for structured data with multiple columns (e.g., asset inventories with criticality ratings)
- **Reference Lists**: Use for simple lists of values (e.g., IP addresses, domains, usernames)
- **Detection Enhancement**: Both data tables and reference lists can be referenced in detection rules to make them more dynamic and maintainable
## Configuration
### MCP Server Configuration
Add the following configuration to your MCP client's settings file:
**NOTE:** For OSX users, if you used [this one-liner](https://docs.astral.sh/uv/getting-started/installation/#standalone-installer) to install uv, use the full path to the uv binary for the "command" value below, as uv will not be placed in the system path for Claude to use! For example: `/Users/yourusername/.local/bin/uv` instead of just `uv`.
#### Using uv (Recommended)
```json
{
"mcpServers": {
"secops": {
"command": "uv",
"args": [
"--env-file=/path/to/your/env",
"--directory",
"/path/to/the/repo/server/secops/secops_mcp",
"run",
"server.py"
],
"env": {
"CHRONICLE_PROJECT_ID": "${CHRONICLE_PROJECT_ID}",
"CHRONICLE_CUSTOMER_ID": "${CHRONICLE_CUSTOMER_ID}",
"CHRONICLE_REGION": "${CHRONICLE_REGION}"
},
"disabled": false,
"autoApprove": []
}
}
}
```
#### Using pip
You can also use pip instead of uv to install and run the MCP server:
```json
{
"mcpServers": {
"secops": {
"command": "/bin/bash",
"args": [
"-c",
"cd /path/to/the/repo/server/secops && pip install -e . && secops_mcp"
],
"env": {
"CHRONICLE_PROJECT_ID": "${CHRONICLE_PROJECT_ID}",
"CHRONICLE_CUSTOMER_ID": "${CHRONICLE_CUSTOMER_ID}",
"CHRONICLE_REGION": "${CHRONICLE_REGION}"
},
"disabled": false,
"autoApprove": [
"get_ioc_matches",
"search_security_events",
"get_security_alerts"
],
"alwaysAllow": [
"get_ioc_matches"
]
}
}
}
```
#### When to use uv vs pip
- **uv**: Recommended for most users as it provides faster package installation, better dependency resolution, and supports loading environment variables from a file with the `--env-file` option.
- **pip**: Use when you prefer the standard Python package manager or when you need specific environment setup requirements.
### Environment Variable Setup
Set up these environment variables in your system:
**For macOS/Linux:**
```bash
export CHRONICLE_PROJECT_ID="your-google-cloud-project-id"
export CHRONICLE_CUSTOMER_ID="your-chronicle-customer-id"
export CHRONICLE_REGION="us"
```
**For Windows PowerShell:**
```powershell
$Env:CHRONICLE_PROJECT_ID = "your-google-cloud-project-id"
$Env:CHRONICLE_CUSTOMER_ID = "your-chronicle-customer-id"
$Env:CHRONICLE_REGION = "us"
```
The `CHRONICLE_REGION` can be one of:
- `us` - United States (default)
- `eu` - Europe
- `asia` - Asia-Pacific
## License
Apache 2.0
## Development
The project is structured as follows:
- `server.py`: Main MCP server implementation
- `example.py`: Example usage of the MCP server
Raw data
{
"_id": null,
"home_page": null,
"name": "google-secops-mcp",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.11",
"maintainer_email": null,
"keywords": "google, security, chronicle, secops, mcp",
"author": null,
"author_email": "Google SecOps Team <chronicle@google.com>",
"download_url": "https://files.pythonhosted.org/packages/91/39/cea963ea32e44802914dad761a72fe0de177f41abd566b2458bf9fe54e83/google_secops_mcp-0.5.0.tar.gz",
"platform": null,
"description": "# Chronicle SecOps MCP Server\n\nThis is an MCP (Model Context Protocol) server for interacting with Google's\nChronicle Security Operations suite.\n[MCP Info](https://modelcontextprotocol.io/introduction)\n\n## Features\n\n### Security Tools\n\n- **`search_security_events(text, project_id=None, customer_id=None, hours_back=24, max_events=100, region=None)`**\n - Searches for security events in Chronicle using natural language. Translates the natural language query (`text`) into a UDM query and executes it.\n\n- **`get_security_alerts(project_id=None, customer_id=None, hours_back=24, max_alerts=10, status_filter='feedback_summary.status != \"CLOSED\"', region=None)`**\n - Retrieves security alerts from Chronicle, filtered by time range and status.\n\n- **`lookup_entity(entity_value, project_id=None, customer_id=None, hours_back=24, region=None)`**\n - Looks up an entity (IP, domain, hash, etc.) in Chronicle.\n\n- **`list_security_rules(project_id=None, customer_id=None, region=None)`**\n - Lists security detection rules from Chronicle.\n\n- **`search_security_rules(query, project_id=None, customer_id=None, region=None)`**\n - Searches security detection rules from Chronicle using regex.\n\n- **`get_detection_rule(rule_id, project_id=None, customer_id=None, region=None)`**\n - Retrieves complete YARA-L detection rule code and metadata from Chronicle by Rule Id.\n\n- **`get_ioc_matches(project_id=None, customer_id=None, hours_back=24, max_matches=20, region=None)`**\n - Retrieves Indicators of Compromise (IoCs) matches from Chronicle within a specified time range.\n\n- **`get_threat_intel(query, project_id=None, customer_id=None, region=None)`**\n - Get answers to general security domain questions and specific threat intelligence information using Chronicle's AI capabilities.\n\n- **`search_udm(query, hours_back=24, max_events=100, project_id=None, customer_id=None, region=None)`**\n - Searches UDM events directly in Chronicle using raw UDM query syntax. Useful for precise, technical searches when you know the exact UDM field paths.\n\n- **`export_udm_search_csv(query, fields, hours_back=24, case_insensitive=True, project_id=None, customer_id=None, region=None)`**\n - Exports UDM search results to CSV format with specified fields for analysis and reporting. Great for exporting security event data for offline analysis.\n\n- **`find_udm_field_values(query, page_size=None, project_id=None, customer_id=None, region=None)`**\n - Finds and autocompletes UDM field values in Chronicle SIEM. Helps discover valid field values when building queries without needing to know exact matches.\n\n### Log Ingestion Tools\n\n- **`ingest_raw_log(log_type, log_message, project_id=None, customer_id=None, region=None, forwarder_id=None, labels=None, log_entry_time=None, collection_time=None)`**\n - Ingest raw logs directly into Chronicle SIEM. Supports various formats (JSON, XML, CEF, etc.) and batch ingestion.\n\n- **`ingest_udm_events(udm_events, project_id=None, customer_id=None, region=None)`**\n - Ingest events already formatted in Chronicle's Unified Data Model (UDM) format, bypassing the parsing stage.\n\n- **`get_available_log_types(project_id=None, customer_id=None, region=None, search_term=None)`**\n - Get available log types supported by Chronicle for ingestion, optionally filtered by search term.\n\n### Parser Management Tools\n\n- **`create_parser(log_type, parser_code, project_id=None, customer_id=None, region=None, validated_on_empty_logs=True)`**\n - Create a custom parser for a specific log type to transform raw logs into Chronicle's UDM format.\n\n- **`get_parser(log_type, parser_id, project_id=None, customer_id=None, region=None)`**\n - Get details of a specific parser including its configuration and metadata.\n\n- **`activate_parser(log_type, parser_id, project_id=None, customer_id=None, region=None)`**\n - Activate a parser, making it the active parser for the specified log type.\n\n- **`deactivate_parser(log_type, parser_id, project_id=None, customer_id=None, region=None)`**\n - Deactivate a parser, stopping it from processing incoming logs of the specified type.\n\n- **`run_parser_against_sample_logs(log_type, parser_code, sample_logs, project_id=None, customer_id=None, region=None, parser_extension_code=None, statedump_allowed=False)`**\n - Test parser configuration against sample log entries to validate parsing logic before deployment.\n\n### Data Table Management Tools\n\n- **`create_data_table(name, description, header, project_id=None, customer_id=None, region=None, rows=None)`**\n - Create a structured data table that can be referenced in detection rules. Supports multiple column types (STRING, CIDR, INT64, BOOL).\n\n- **`add_rows_to_data_table(table_name, rows, project_id=None, customer_id=None, region=None)`**\n - Add new rows to an existing data table, expanding the dataset available for detection rules.\n\n- **`list_data_table_rows(table_name, project_id=None, customer_id=None, region=None, max_rows=50)`**\n - List rows in a data table to review contents and verify data integrity.\n\n- **`delete_data_table_rows(table_name, row_ids, project_id=None, customer_id=None, region=None)`**\n - Delete specific rows from a data table based on their row IDs.\n\n### Reference List Management Tools\n\n- **`create_reference_list(name, description, entries, project_id=None, customer_id=None, region=None, syntax_type=\"STRING\")`**\n - Create a reference list containing values that can be referenced in detection rules. Supports STRING, CIDR, and REGEX syntax types.\n\n- **`get_reference_list(name, project_id=None, customer_id=None, region=None, include_entries=True)`**\n - Get details and contents of a reference list including metadata and entries.\n\n- **`update_reference_list(name, project_id=None, customer_id=None, region=None, entries=None, description=None)`**\n - Update the contents or description of an existing reference list.\n\n### Feed Management Tools\n\n- **`list_feeds(project_id=None, customer_id=None, region=None)`**\n - Lists all configured feeds in Chronicle, providing details such as feed name, status, log type, and source type.\n\n- **`get_feed(feed_id, project_id=None, customer_id=None, region=None)`**\n - Get detailed information about a specific feed by ID, including connection settings, log type, state, and metadata.\n\n- **`create_feed(display_name, feed_details, project_id=None, customer_id=None, region=None)`**\n - Creates a new feed configuration for ingesting data into Chronicle. Supports various feed types including HTTP, S3, GCS, and GCP SCC.\n\n- **`update_feed(feed_id, display_name=None, feed_details=None, project_id=None, customer_id=None, region=None)`**\n - Modifies the configuration of an existing feed. Can update the display name, connection settings, or other properties.\n\n- **`enable_feed(feed_id, project_id=None, customer_id=None, region=None)`**\n - Activates a feed that is currently in the INACTIVE state, allowing it to resume data ingestion.\n\n- **`disable_feed(feed_id, project_id=None, customer_id=None, region=None)`**\n - Stops data ingestion for a feed by setting its state to INACTIVE. The feed configuration remains but no new data will be processed.\n\n- **`delete_feed(feed_id, project_id=None, customer_id=None, region=None)`**\n - Permanently removes a feed configuration from Chronicle. This action cannot be undone.\n\n- **`generate_feed_secret(feed_id, project_id=None, customer_id=None, region=None)`**\n - Creates a new authentication secret for feeds that support authentication (e.g., HTTP feeds with basic auth). This replaces any existing secret.\n\n### API Capabilities\n\nThe MCP server provides the following capabilities:\n\n1. **Search Security Events**: Search for security events in Chronicle\n2. **Get Security Alerts**: Retrieve security alerts\n3. **Lookup Entity**: Look up entity information (IP, domain, hash, etc.)\n4. **List Security Rules**: List detection rules\n5. **Search Security Rules**: Searches detection rules using regex\n6. **Get IoC Matches**: Get Indicators of Compromise matches\n7. **Get Threat Intel**: Get AI-powered threat intelligence answers\n8. **Log Ingestion**: Ingest raw logs and UDM events\n9. **Parser Management**: Create, manage, and test log parsers\n10. **Data Table Management**: Create and manage structured data tables for detection rules\n11. **Reference List Management**: Create and manage reference lists for detection rules\n12. **Feed Management**: Create, update, enable, disable, and delete data feeds\n13. **UDM Search & Export**: Direct UDM querying, field value autocomplete, and CSV export\n\n### Example\n\nSee `example.py` for a complete example of using the MCP server.\n\n## Tool Categories and Use Cases\n\n### Security Operations Tools\nThese tools focus on core security operations tasks:\n- **Event Search & Investigation**: Use `search_security_events` to find security events using natural language queries\n- **Alert Management**: Use `get_security_alerts` to retrieve and monitor security alerts\n- **Entity Analysis**: Use `lookup_entity` to investigate IPs, domains, hashes, and other indicators\n- **Rule Management**: Use `list_security_rules` and `search_security_rules` to manage detection rules\n- **Threat Intelligence**: Use `get_ioc_matches` and `get_threat_intel` for IOC analysis and AI-powered insights\n- **UDM Analysis & Export**: Use `search_udm`, `export_udm_search_csv`, and `find_udm_field_values` for direct UDM querying, data export, and field discovery\n\n### Data Ingestion & Parsing Tools\nThese tools help you get data into Chronicle:\n- **Raw Log Ingestion**: Use `ingest_raw_log` for logs in their original format (JSON, XML, CEF, etc.)\n- **UDM Event Ingestion**: Use `ingest_udm_events` for pre-formatted security events\n- **Parser Development**: Use the parser management tools to create custom parsers for unique log formats\n- **Testing**: Use `run_parser_against_sample_logs` to validate parser logic before deployment\n- **Feed Management**: Use feed management tools (`list_feeds`, `create_feed`, etc.) to configure and manage data collection sources\n\n### Context Data Management Tools\nThese tools help you maintain reference data for enhanced detections:\n- **Data Tables**: Use for structured data with multiple columns (e.g., asset inventories with criticality ratings)\n- **Reference Lists**: Use for simple lists of values (e.g., IP addresses, domains, usernames)\n- **Detection Enhancement**: Both data tables and reference lists can be referenced in detection rules to make them more dynamic and maintainable\n\n## Configuration\n\n### MCP Server Configuration\n\nAdd the following configuration to your MCP client's settings file:\n\n**NOTE:** For OSX users, if you used [this one-liner](https://docs.astral.sh/uv/getting-started/installation/#standalone-installer) to install uv, use the full path to the uv binary for the \"command\" value below, as uv will not be placed in the system path for Claude to use! For example: `/Users/yourusername/.local/bin/uv` instead of just `uv`.\n\n#### Using uv (Recommended)\n\n```json\n{\n \"mcpServers\": {\n \"secops\": {\n \"command\": \"uv\",\n \"args\": [\n \"--env-file=/path/to/your/env\",\n \"--directory\",\n \"/path/to/the/repo/server/secops/secops_mcp\",\n \"run\",\n \"server.py\"\n ],\n \"env\": {\n \"CHRONICLE_PROJECT_ID\": \"${CHRONICLE_PROJECT_ID}\",\n \"CHRONICLE_CUSTOMER_ID\": \"${CHRONICLE_CUSTOMER_ID}\",\n \"CHRONICLE_REGION\": \"${CHRONICLE_REGION}\"\n },\n \"disabled\": false,\n \"autoApprove\": []\n }\n }\n}\n```\n\n#### Using pip\n\nYou can also use pip instead of uv to install and run the MCP server:\n\n```json\n{\n \"mcpServers\": {\n \"secops\": {\n \"command\": \"/bin/bash\",\n \"args\": [\n \"-c\",\n \"cd /path/to/the/repo/server/secops && pip install -e . && secops_mcp\"\n ],\n \"env\": {\n \"CHRONICLE_PROJECT_ID\": \"${CHRONICLE_PROJECT_ID}\",\n \"CHRONICLE_CUSTOMER_ID\": \"${CHRONICLE_CUSTOMER_ID}\",\n \"CHRONICLE_REGION\": \"${CHRONICLE_REGION}\"\n },\n \"disabled\": false,\n \"autoApprove\": [\n \"get_ioc_matches\",\n \"search_security_events\",\n \"get_security_alerts\"\n ],\n \"alwaysAllow\": [\n \"get_ioc_matches\"\n ]\n }\n }\n}\n```\n\n#### When to use uv vs pip\n\n- **uv**: Recommended for most users as it provides faster package installation, better dependency resolution, and supports loading environment variables from a file with the `--env-file` option.\n- **pip**: Use when you prefer the standard Python package manager or when you need specific environment setup requirements.\n\n### Environment Variable Setup\n\nSet up these environment variables in your system:\n\n**For macOS/Linux:**\n```bash\nexport CHRONICLE_PROJECT_ID=\"your-google-cloud-project-id\"\nexport CHRONICLE_CUSTOMER_ID=\"your-chronicle-customer-id\"\nexport CHRONICLE_REGION=\"us\"\n```\n\n**For Windows PowerShell:**\n```powershell\n$Env:CHRONICLE_PROJECT_ID = \"your-google-cloud-project-id\"\n$Env:CHRONICLE_CUSTOMER_ID = \"your-chronicle-customer-id\"\n$Env:CHRONICLE_REGION = \"us\"\n```\n\nThe `CHRONICLE_REGION` can be one of:\n- `us` - United States (default)\n- `eu` - Europe\n- `asia` - Asia-Pacific\n\n## License\n\nApache 2.0\n\n## Development\n\nThe project is structured as follows:\n\n- `server.py`: Main MCP server implementation\n- `example.py`: Example usage of the MCP server \n",
"bugtrack_url": null,
"license": null,
"summary": "Google SecOps MCP server",
"version": "0.5.0",
"project_urls": {
"Documentation": "https://github.com/google/mcp-security/tree/main/server/secops#readme",
"Homepage": "https://github.com/google/mcp-security",
"Issues": "https://github.com/google/mcp-security/issues",
"Repository": "https://github.com/google/mcp-security/tree/main/server/secops"
},
"split_keywords": [
"google",
" security",
" chronicle",
" secops",
" mcp"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "a85dfa20bd372c5a7628b5a060dc76c518923f9bd5449f9a37f18c26aa546159",
"md5": "89190a1af2e4388a14484de4ab19569a",
"sha256": "9451a0f375ddcae5723fb30e4302c645daeb8d64036b8938a4f12e8dbbd230f3"
},
"downloads": -1,
"filename": "google_secops_mcp-0.5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "89190a1af2e4388a14484de4ab19569a",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.11",
"size": 64393,
"upload_time": "2025-10-28T12:27:42",
"upload_time_iso_8601": "2025-10-28T12:27:42.258078Z",
"url": "https://files.pythonhosted.org/packages/a8/5d/fa20bd372c5a7628b5a060dc76c518923f9bd5449f9a37f18c26aa546159/google_secops_mcp-0.5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "9139cea963ea32e44802914dad761a72fe0de177f41abd566b2458bf9fe54e83",
"md5": "92a420cb9f3952cc92d5cccbcf3be371",
"sha256": "29806541fff9256274ce6f9490ad49ba0a355c0e6cf5bc1968e364dd721df913"
},
"downloads": -1,
"filename": "google_secops_mcp-0.5.0.tar.gz",
"has_sig": false,
"md5_digest": "92a420cb9f3952cc92d5cccbcf3be371",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.11",
"size": 53570,
"upload_time": "2025-10-28T12:27:43",
"upload_time_iso_8601": "2025-10-28T12:27:43.171753Z",
"url": "https://files.pythonhosted.org/packages/91/39/cea963ea32e44802914dad761a72fe0de177f41abd566b2458bf9fe54e83/google_secops_mcp-0.5.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-28 12:27:43",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "google",
"github_project": "mcp-security",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "google-secops-mcp"
}
JSON
