Labsco
google logo

Google Security

โœ“ Officialโ˜… 505

from google

Access Google's security products and services, including Chronicle, SOAR, Threat Intelligence (GTI), and Security Command Center (SCC).

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeNeeds API keys

Google Security Operations and Threat Intelligence MCP Server

This repository contains Model Context Protocol (MCP) servers that enable MCP clients (like Claude Desktop or the cline.bot VS Code extension) to access Google's security products and services:

  • Remote MCP Server for Google SecOps - Fully managed, enterprise-ready MCP server (Recommended)

  • Google Security Operations (Chronicle) - For threat detection, investigation, and hunting

  • Google Security Operations SOAR - For security orchestration, automation, and response

  • Google Threat Intelligence (GTI) - For access to Google's threat intelligence data

  • Security Command Center (SCC) - For cloud security and risk management

For the new Remote MCP Server, please see the launch announcement and the setup guide.

Each server can be enabled and run separately, allowing flexibility for environments that don't require all capabilities.

Documentation

Comprehensive documentation is available in the docs folder. You can:

  • Read the markdown files directly in the repository

  • View the documentation website at https://google.github.io/mcp-security/

  • Generate HTML documentation locally using Sphinx (see instructions in the docs folder)

The documentation covers:

  • Detailed information about each MCP server

  • Configuration options and requirements

  • Usage examples and best practices

To get started with the documentation, see docs/index.md.

Authentication

The server uses Google's authentication. Make sure you have either:

  • Set up Application Default Credentials (ADC)

  • Set a GOOGLE_APPLICATION_CREDENTIALS environment variable

  • Used gcloud auth application-default login

MCP Client Config Locations

MCP clients all use the same JSON configuration format (see the MCP Server Configuration Reference), but they expect the file in different locations.

Client Application Scope macOS / Linux Location Windows Location Notes Gemini CLI Global ~/.gemini/settings.json %USERPROFILE%\.gemini\settings.json File must include mcpServers. Confirmed in Google Security Ops post. Claude Desktop Global ~/Claude/claude_desktop_config.json %USERPROFILE%\Claude\claude_desktop_config.json Config accessible via Claude > Settings > Developer > Edit Config . Claude Code Global ~/.claude.json %USERPROFILE%\.claude.json Primary config file for Claude Code CLI and extensions. Cursor IDE (Global) Global ~/.cursor/mcp.json %USERPROFILE%\.cursor\mcp.json Enables MCP servers globally across all projects. Cursor IDE (Project) Project <project-root>/.cursor/mcp.json <project-root>/.cursor/mcp.json Workspace/project-specific config file. VS Code (Workspace) Workspace <project-root>/.vscode/mcp.json <project-root>/.vscode/mcp.json Workspace-level config used when an MCP extension (like Cline) is installed. Overrides global config if present. Cline (VS Code Ext.) Global Inside VS Code extension data %APPDATA%\Code\User\globalStorage\<extension-id>\settings\cline_mcp_settings.json Exact path varies by VS Code variant and platform. <extension-id> corresponds to the installed extension folder (e.g., saoudrizwan.claude-dev).

Additional Notes for Windows

  • %USERPROFILE% โ†’ C:\Users\<username>

  • %APPDATA% โ†’ C:\Users\<username>\AppData\Roaming

  • <project-root> โ†’ folder opened in VS Code or IDE for the project

  • <extension-id> โ†’ name of the installed extension folder (e.g., saoudrizwan.claude-dev for Claude/Cline)

Tip: Single Config with Symlinks

If you use multiple MCP clients, you can maintain a single config file and symlink it into each expected location. This avoids drift and keeps your server definitions consistent.

Using uv (Recommended)

Copy & paste โ€” that's it
{
 "mcpServers": {
 "secops": {
 "command": "uv",
 "args": [
 "--directory",
 "/path/to/the/repo/server/secops/secops_mcp",
 "run",
 "server.py"
 ],
 "env": {
 "CHRONICLE_PROJECT_ID": "your-project-id",
 "CHRONICLE_CUSTOMER_ID": "01234567-abcd-4321-1234-0123456789ab",
 "CHRONICLE_REGION": "us"
 }
 },
 "secops-soar": {
 "command": "uv",
 "args": [
 "--directory",
 "/path/to/the/repo/server/secops-soar/secops_soar_mcp",
 "run",
 "server.py",
 "--integrations",
 "CSV,OKTA"
 ],
 "env": {
 "SOAR_URL": "https://yours-here.siemplify-soar.com:443",
 "SOAR_APP_KEY": "01234567-abcd-4321-1234-0123456789ab"
 }
 },
 "gti": {
 "command": "uv",
 "args": [
 "--directory",
 "/path/to/the/repo/server/gti/gti_mcp",
 "run",
 "server.py"
 ],
 "env": {
 "VT_APIKEY": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 }
 },
 "scc-mcp": {
 "command": "uv",
 "args": [
 "--directory",
 "/path/to/the/repo/server/scc",
 "run",
 "scc_mcp.py"
 ],
 "env": {
 }
 }
 }
}

NOTE: uv also supports passing an .env file like so:

Copy & paste โ€” that's it
 "command": "uv",
 "args": [
 "--directory",
 "/path/to/the/repo/server/...",
 "run",
 "--env-file",
 "/path/to/the/repo/server/.env",
 "server.py"
 ]

SOAR_APP_KEY and VT_APIKEY are good candidates for .env

Using pip

You can also use pip instead of uv to install and run the MCP servers. This approach uses a bash command to:

  • Change to the server directory

  • Install the package in development mode

  • Run the server binary

Copy & paste โ€” that's it
{
 "mcpServers": {
 "secops": {
 "command": "/bin/bash",
 "args": [
 "-c",
 "cd /path/to/the/repo/server/secops && pip install -e . && secops_mcp"
 ],
 "env": {
 "CHRONICLE_PROJECT_ID": "your-project-id",
 "CHRONICLE_CUSTOMER_ID": "01234567-abcd-4321-1234-0123456789ab",
 "CHRONICLE_REGION": "us"
 },
 "alwaysAllow": [
 ]
 },
 "gti": {
 "command": "/bin/bash",
 "args": [
 "-c",
 "cd /path/to/the/repo/server/gti && pip install -e . && gti_mcp"
 ],
 "env": {
 "VT_APIKEY": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 },
 "alwaysAllow": [
 ]
 },
 "scc-mcp": {
 "command": "/bin/bash",
 "args": [
 "-c",
 "cd /path/to/the/repo/server/scc && pip install -e . && scc_mcp"
 ],
 "env": {
 },
 "alwaysAllow": []
 },
 "secops-soar": {
 "timeout": 60,
 "command": "/bin/bash",
 "args": [
 "-c",
 "cd /path/to/the/repo/server/secops-soar && pip install -e . && python secops_soar_mcp/server.py"
 ],
 "env": {
 "SOAR_URL": "https://yours-here.siemplify-soar.com:443",
 "SOAR_APP_KEY": "01234567-abcd-4321-1234-0123456789ab"
 },
 "transportType": "stdio"
 }
 }
}

When to use uv vs pip

  • uv: Recommended for most users because it offers faster package installation, better dependency resolution, and isolated environments. It also supports loading environment variables from a file.

  • pip: Use when you prefer the standard Python package manager or when you have specific environment setup requirements.

UV_ENV_FILE

The --env-file option allows uv to use a .env file for environment variables. You can create this file or use system environment variables as described in the usage guide.

Alternatively, you can set UV_ENV_FILE to your .env file and omit the --env-file portion of the configuration.

Refer to the usage guide for detailed instructions on how to set up these environment variables.

Troubleshooting

Running the MCP Server from the CLI (and outside of your MCP client) can reveal issues:

Copy & paste โ€” that's it
uv --verbose \
 --directory "/Users/dandye/Projects/google-mcp-security/server/scc" \
 run \
 --env-file "/Users/dandye/Projects/google-mcp-security/.env" \
 scc_mcp.py

Check your PATH(s):

which uv # you may need to restart MCP Client after installing uv

which python || which python3

python --version || python3 --version

Installing in Claude Desktop

To use the MCP servers with Claude Desktop:

  • Install Claude Desktop

  • Open Claude Desktop and select "Settings" from the Claude menu

  • Click on "Developer" in the lefthand bar, then click "Edit Config"

  • Update your claude_desktop_config.json with the configuration (replace paths with your actual paths)

  • Save the file and restart Claude Desktop

  • You should now see the hammer icon in the Claude Desktop interface, indicating the MCP server is active

Installing in cline (vscode extension)

  • Install cline.bot extension in VSCode

  • Update your cline_mcp_settings.json with the configuration (replace paths with your actual paths)

  • Save the file and restart VS Code

License

Apache 2.0