Google Cloud Chronicle · Capability

Google Cloud Chronicle API

The Chronicle API provides programmatic access to Google Cloud's security analytics platform. It supports ingesting security telemetry, searching security data using UDM, managing detection rules, investigating alerts, and accessing threat intelligence.

Run with Naftiko GoogleCloudChronicleAPI

What You Can Do

GET
Listrules — Google Cloud Chronicle List detection rules
/projects/{projectId}/locations/{location}/instances/{instanceId}/rules
POST
Createrule — Google Cloud Chronicle Create a detection rule
/projects/{projectId}/locations/{location}/instances/{instanceId}/rules
GET
Getrule — Google Cloud Chronicle Get a detection rule
/projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
PATCH
Updaterule — Google Cloud Chronicle Update a detection rule
/projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
DELETE
Deleterule — Google Cloud Chronicle Delete a detection rule
/projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
GET
Listalerts — Google Cloud Chronicle List alerts
/projects/{projectId}/locations/{location}/instances/{instanceId}/alerts
GET
Listfeeds — Google Cloud Chronicle List feeds
/projects/{projectId}/locations/{location}/instances/{instanceId}/feeds
POST
Createfeed — Google Cloud Chronicle Create a feed
/projects/{projectId}/locations/{location}/instances/{instanceId}/feeds
GET
Listreferencelists — Google Cloud Chronicle List reference lists
/projects/{projectId}/locations/{location}/instances/{instanceId}/referenceLists

MCP Tools

listrules

Google Cloud Chronicle List detection rules

read-only idempotent
createrule

Google Cloud Chronicle Create a detection rule

getrule

Google Cloud Chronicle Get a detection rule

read-only idempotent
updaterule

Google Cloud Chronicle Update a detection rule

deleterule

Google Cloud Chronicle Delete a detection rule

idempotent
listalerts

Google Cloud Chronicle List alerts

read-only idempotent
listfeeds

Google Cloud Chronicle List feeds

read-only idempotent
createfeed

Google Cloud Chronicle Create a feed

listreferencelists

Google Cloud Chronicle List reference lists

read-only idempotent

Capability Spec

google-cloud-chronicle-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Google Cloud Chronicle API
  description: The Chronicle API provides programmatic access to Google Cloud's security analytics platform. It supports ingesting
    security telemetry, searching security data using UDM, managing detection rules, investigating alerts, and accessing threat
    intelligence.
  tags:
  - Google
  - Cloud
  - Chronicle
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: google-cloud-chronicle
    baseUri: https://chronicle.googleapis.com/v1alpha
    description: Google Cloud Chronicle API HTTP API.
    authentication:
      type: bearer
      token: '{{GOOGLE_CLOUD_CHRONICLE_TOKEN}}'
    resources:
    - name: projects-projectid-locations-location-instances-
      path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules
      operations:
      - name: listrules
        method: GET
        description: Google Cloud Chronicle List detection rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createrule
        method: POST
        description: Google Cloud Chronicle Create a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-locations-location-instances-
      path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
      operations:
      - name: getrule
        method: GET
        description: Google Cloud Chronicle Get a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updaterule
        method: PATCH
        description: Google Cloud Chronicle Update a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleterule
        method: DELETE
        description: Google Cloud Chronicle Delete a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-locations-location-instances-
      path: /projects/{projectId}/locations/{location}/instances/{instanceId}/alerts
      operations:
      - name: listalerts
        method: GET
        description: Google Cloud Chronicle List alerts
        inputParameters:
        - name: filter
          in: query
          type: string
          description: Filter expression for alerts
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-locations-location-instances-
      path: /projects/{projectId}/locations/{location}/instances/{instanceId}/feeds
      operations:
      - name: listfeeds
        method: GET
        description: Google Cloud Chronicle List feeds
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createfeed
        method: POST
        description: Google Cloud Chronicle Create a feed
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-locations-location-instances-
      path: /projects/{projectId}/locations/{location}/instances/{instanceId}/referenceLists
      operations:
      - name: listreferencelists
        method: GET
        description: Google Cloud Chronicle List reference lists
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: google-cloud-chronicle-rest
    description: REST adapter for Google Cloud Chronicle API.
    resources:
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules
      name: listrules
      operations:
      - method: GET
        name: listrules
        description: Google Cloud Chronicle List detection rules
        call: google-cloud-chronicle.listrules
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules
      name: createrule
      operations:
      - method: POST
        name: createrule
        description: Google Cloud Chronicle Create a detection rule
        call: google-cloud-chronicle.createrule
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
      name: getrule
      operations:
      - method: GET
        name: getrule
        description: Google Cloud Chronicle Get a detection rule
        call: google-cloud-chronicle.getrule
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
      name: updaterule
      operations:
      - method: PATCH
        name: updaterule
        description: Google Cloud Chronicle Update a detection rule
        call: google-cloud-chronicle.updaterule
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/rules/{ruleId}
      name: deleterule
      operations:
      - method: DELETE
        name: deleterule
        description: Google Cloud Chronicle Delete a detection rule
        call: google-cloud-chronicle.deleterule
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/alerts
      name: listalerts
      operations:
      - method: GET
        name: listalerts
        description: Google Cloud Chronicle List alerts
        call: google-cloud-chronicle.listalerts
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/feeds
      name: listfeeds
      operations:
      - method: GET
        name: listfeeds
        description: Google Cloud Chronicle List feeds
        call: google-cloud-chronicle.listfeeds
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/feeds
      name: createfeed
      operations:
      - method: POST
        name: createfeed
        description: Google Cloud Chronicle Create a feed
        call: google-cloud-chronicle.createfeed
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/locations/{location}/instances/{instanceId}/referenceLists
      name: listreferencelists
      operations:
      - method: GET
        name: listreferencelists
        description: Google Cloud Chronicle List reference lists
        call: google-cloud-chronicle.listreferencelists
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    port: 9090
    namespace: google-cloud-chronicle-mcp
    transport: http
    description: MCP adapter for Google Cloud Chronicle API for AI agent use.
    tools:
    - name: listrules
      description: Google Cloud Chronicle List detection rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-chronicle.listrules
      outputParameters:
      - type: object
        mapping: $.
    - name: createrule
      description: Google Cloud Chronicle Create a detection rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-chronicle.createrule
      outputParameters:
      - type: object
        mapping: $.
    - name: getrule
      description: Google Cloud Chronicle Get a detection rule
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-chronicle.getrule
      outputParameters:
      - type: object
        mapping: $.
    - name: updaterule
      description: Google Cloud Chronicle Update a detection rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-chronicle.updaterule
      outputParameters:
      - type: object
        mapping: $.
    - name: deleterule
      description: Google Cloud Chronicle Delete a detection rule
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: google-cloud-chronicle.deleterule
      outputParameters:
      - type: object
        mapping: $.
    - name: listalerts
      description: Google Cloud Chronicle List alerts
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-chronicle.listalerts
      with:
        filter: tools.filter
      inputParameters:
      - name: filter
        type: string
        description: Filter expression for alerts
      outputParameters:
      - type: object
        mapping: $.
    - name: listfeeds
      description: Google Cloud Chronicle List feeds
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-chronicle.listfeeds
      outputParameters:
      - type: object
        mapping: $.
    - name: createfeed
      description: Google Cloud Chronicle Create a feed
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-chronicle.createfeed
      outputParameters:
      - type: object
        mapping: $.
    - name: listreferencelists
      description: Google Cloud Chronicle List reference lists
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-chronicle.listreferencelists
      outputParameters:
      - type: object
        mapping: $.
binds:
- namespace: env
  keys:
    GOOGLE_CLOUD_CHRONICLE_TOKEN: GOOGLE_CLOUD_CHRONICLE_TOKEN