Google MCP Security Documentation

Welcome to the documentation for the Google MCP Security project. This project provides Model Context Protocol (MCP) servers that enable MCP-compatible AI assistants like Claude to access Google’s security products and services.

Project Overview

This repository contains four MCP servers that provide access to different Google security products:

  1. Google Security Operations (Chronicle) - For threat detection, investigation, and hunting

  2. Google Security Operations SOAR - For security orchestration, automation, and response

  3. Google Threat Intelligence (GTI) - For access to Google’s threat intelligence data

  4. Security Command Center (SCC) - For cloud security and risk management

These servers allow security professionals to leverage AI assistants for security tasks, enhancing productivity and enabling natural language interactions with security tools.

MCP Servers

Each server provides different capabilities:

Example Use Cases

  • Investigate suspicious IPs, files, or domains using Google Threat Intelligence

  • Identify and remediate critical vulnerabilities in your Google Cloud environment

  • Search for security events across your enterprise using natural language

  • Automate security response workflows and case management

Contributing

We welcome contributions to improve these MCP servers and their documentation. Please review our CONTRIBUTING file for guidelines on how to contribute to this project. For technical details on extending or modifying the servers, see the Development Guide.