Chronicle SecOps Server
FreeNot checkedInteracts with Google's Chronicle Security Operations suite for searching security events, getting alerts, looking up entities, listing rules, and retrieving Io
About
Interacts with Google's Chronicle Security Operations suite for searching security events, getting alerts, looking up entities, listing rules, and retrieving IoC matches.
README
This is a personal project.
Chronicle SecOps MCP Server
This is an MCP (Model Context Protocol) server for interacting with Google's Chronicle Security Operations suite. MCP Info
Installing in Claude Desktop
To use this MCP server with Claude Desktop:
Install Claude Desktop
Open Claude Desktop and select "Settings" from the Claude menu
Click on "Developer" in the lefthand bar, then click "Edit Config"
Update your
claude_desktop_config.jsonwith the following configuration (replace paths with your actual paths):
{
"mcpServers": {
"secops-mcp": {
"command": "/path/to/your/uv",
"args": [
"--directory",
"/path/to/your/mcp-secops-v3",
"run",
"secops_mcp.py"
],
"env": {
"CHRONICLE_PROJECT_ID": "your-google-cloud-project-id",
"CHRONICLE_CUSTOMER_ID": "your-chronicle-customer-id",
"CHRONICLE_REGION": "us"
}
}
}
}
Make sure to update:
- The path to
uv(usewhich uvto find it) - The directory path to where this repository is cloned
- Your Chronicle credentials (project ID, customer ID, and region)
- The path to
Save the file and restart Claude Desktop
You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active
Features
Security Tools
search_security_events: Search for security events in Chronicle with customizable queriesget_security_alerts: Get security alerts from Chroniclelookup_entity: Look up information about an entity (IP, domain, hash)list_security_rules: List security detection rules from Chronicleget_ioc_matches: Get Indicators of Compromise (IoCs) matches from Chronicle
Installation
Installing via Smithery
To install mcp-secops-v3 for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @emeryray2002/mcp-secops-v3 --client claude
Manual Installation
- Install the package:
pip install -e .
- Set up your environment variables:
export CHRONICLE_PROJECT_ID="your-google-cloud-project-id"
export CHRONICLE_CUSTOMER_ID="your-chronicle-customer-id"
export CHRONICLE_REGION="us" # or your region
Requirements
- Python 3.11+
- A Google Cloud account with Chronicle Security Operations enabled
- Proper authentication configured
Usage
Running the MCP Server
python main.py
API Capabilities
The MCP server provides the following capabilities:
- Search Security Events: Search for security events in Chronicle
- Get Security Alerts: Retrieve security alerts
- Lookup Entity: Look up entity information (IP, domain, hash, etc.)
- List Security Rules: List detection rules
- Get IoC Matches: Get Indicators of Compromise matches
Example
See example.py for a complete example of using the MCP server.
Authentication
The server uses Google's authentication. Make sure you have either:
- Set up Application Default Credentials (ADC)
- Set a GOOGLE_APPLICATION_CREDENTIALS environment variable
- Used
gcloud auth application-default login
License
Apache 2.0
Development
The project is structured as follows:
secops_mcp.py: Main MCP server implementationexample.py: Example usage of the MCP server
Install Chronicle SecOps Server in Claude Desktop, Claude Code & Cursor
unyly install chronicle-secops-mcp-serverInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add chronicle-secops-mcp-server -- uvx secops-mcpFAQ
Is Chronicle SecOps Server MCP free?
Yes, Chronicle SecOps Server MCP is free — one-click install via Unyly at no cost.
Does Chronicle SecOps Server need an API key?
No, Chronicle SecOps Server runs without API keys or environment variables.
Is Chronicle SecOps Server hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Chronicle SecOps Server in Claude Desktop, Claude Code or Cursor?
Open Chronicle SecOps Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Chronicle SecOps Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
