This repository provides Model Context Protocol (MCP) servers that bridge Google's security products and services with MCP-compatible clients like Claude Desktop and VS Code extensions. It enables threat detection, investigation, orchestration, and intelligence gathering by integrating with Google Security Operations (Chronicle), SOAR, Threat Intelligence (GTI), and Security Command Center (SCC).

How It Works

The project offers modular MCP servers, each dedicated to a specific Google security product. These servers are designed to be run independently, providing flexibility. They utilize standard Python packaging and can be executed via uv (recommended for its speed and isolation) or pip install -e . followed by the server's entry point. Communication with clients typically uses the stdio transport.

Quick Start & Requirements

• Installation/Execution: Use uv or pip install -e . within each server's directory. Configuration is managed via claude_desktop_config.json or cline_mcp_settings.json.
• Prerequisites: Google Cloud authentication (ADC or GOOGLE_APPLICATION_CREDENTIALS), Python, uv (optional but recommended), and potentially API keys for services like VirusTotal (GTI) or Siemplify (SOAR).
• Documentation: Comprehensive guides are available in the docs folder and at https://google.github.io/mcp-security/.

Highlighted Details

• Supports integration with Google Security Operations (Chronicle), SOAR, Threat Intelligence (GTI), and Security Command Center (SCC).
• Offers two execution methods: uv for enhanced performance and isolation, or standard pip installation.
• Configuration is managed through client-specific JSON files (claude_desktop_config.json, cline_mcp_settings.json).
• Includes specific configurations for integrating with Google ADK agents.

Maintenance & Community

This is a Google-maintained project. Further community or roadmap details are not explicitly provided in the README.

Licensing & Compatibility

Licensed under Apache 2.0, permitting commercial use and integration with closed-source applications.

Limitations & Caveats

Requires Google Cloud authentication and specific API keys for certain services. The setup involves configuring client-side JSON files and ensuring correct environment variables or .env files are used for authentication and service access.