Search for security events in Chronicle using natural language. This function allows you to search for events using everyday language instead of requiring UDM query syntax. The natural language query will be automatically translated into a Chronicle UDM query for execution....
Get security alerts from Chronicle. Args: project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) max_alerts: Maximum number of alerts to return (default: 10) status_filter: Query string to filter alerts by status (default: exclude closed) region: Chronicle region (defaults to config) Returns: Formatted string with security alerts
Look up an entity (IP, domain, hash, etc.) in Chronicle. Args: entity_value: Value to look up (IP, domain, hash, etc.) project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) region: Chronicle region (defaults to config) Returns: Entity summary information
List security detection rules from Chronicle. Args: project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) region: Chronicle region (defaults to config) Returns: Raw response from the Chronicle API containing security detection rules
Get Indicators of Compromise (IoCs) matches from Chronicle. Args: project_id: Google Cloud project ID (defaults to config) customer_id: Chronicle customer ID (defaults to config) hours_back: How many hours to look back (default: 24) max_matches: Maximum number of matches to return (default: 20) region: Chronicle region (defaults to config) Returns: Formatted string with IoC matches
No configuration needed. Connect to run tools.
