This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Tuning Rules in Google Security Operations Using Gemini and MCP Servers

Posted 2 weeks ago
David-French
Staff
Reply posted on --/--/---- --:-- AM

We recently launched Model Context Protocol (MCP) servers for Google Security Operations (SecOps), Google Threat Intelligence, and Google Cloud Security Command Center. These MCP servers can be used with LLMs such as Gemini to execute actions autonomously via API calls. Think of these MCP servers as building blocks that enable you to create custom AI-powered workflows.

During the last couple of weeks, Iโ€™ve been experimenting with using MCP servers to automate specific security operations workflows. The video below demonstrates how to tune detection rules in Google SecOps with the help of Gemini, Google SecOps and GitHubโ€™s MCP servers, and Cline. My rules in Google SecOps are being managed via a Detection-as-Code pipeline implemented in GitHub.

I hope that this proof of concept fuels your imagination and inspires you to explore the possibilities for automating your own security operations workflows.

Resources

1 0 217
Topic Labels
0 REPLIES 0
Top Solution Authors
View all