Tuning Rules in Google Security Operations Using Gemini and MCP
We recently launched Model Context Protocol (MCP) servers for Google Security Operations (SecOps), Google Threat Intelligence, and Google Cloud Security Command Center. These MCP servers can be used with LLMs such as Gemini to execute actions autonomously via API calls. Think of these MCP servers as building blocks that enable you to create custom AI-powered workflows.
During the last couple of weeks, I’ve been experimenting with using MCP servers to automate specific security operations workflows. The video below demonstrates how to tune detection rules in Google SecOps with the help of Gemini, Google SecOps and GitHub’s MCP servers, and Cline. My rules in Google SecOps are being managed via a Detection-as-Code pipeline implemented in GitHub.
I hope that this proof of concept fuels your imagination and inspires you to explore the possibilities for automating your own security operations workflows.
