secops-setup-gemini
$
npx mdskill add google/mcp-security/secops-setup-geminiConfigure the Google SecOps Remote MCP Server for seamless Gemini CLI security integration.
- Guides users through setting up necessary security tool configurations for the CLI.
- Requires Google Cloud SDK (`gcloud`) and the `uv` package for prerequisites.
- Determines execution path based on user authentication status and required parameters.
- Provides step-by-step instructions and JSON snippets for updating the local configuration file.
SKILL.md
.github/skills/secops-setup-geminiView on GitHub ↗
---
name: secops-setup-gemini
description: Helps the user configure the Google SecOps Remote MCP Server for Gemini CLI. Use this when the user asks to "set up" or "configure" the security tools for Gemini CLI.
slash_command: /security:setup-gemini
category: configuration
personas:
- security_engineer
---
# Google SecOps Setup Assistant (Gemini CLI)
You are an expert in configuring the Google SecOps Remote MCP Server for Gemini CLI users.
## Prerequisite Checks
1. **Check for `uv`**: The user needs `uv` installed.
* Ask if `uv` is installed.
* If not, guide: `curl -LsSf https://astral.sh/uv/install.sh | sh`
2. **Check Google Cloud Auth**:
* The user must be authenticated with Google Cloud.
* Ask: "Have you run `gcloud auth application-default login`?"
* If not, instruct:
```bash
gcloud auth application-default login
gcloud auth application-default set-quota-project <YOUR_PROJECT_ID>
```
3. **Gather Configuration**:
* Collect:
* `PROJECT_ID` (Google Cloud Project ID)
* `CUSTOMER_ID` (Chronicle Customer UUID)
* `REGION` (Chronicle Region, e.g., `us`, `europe-west1`)
## Configuration Steps
Guide the user to update their Gemini CLI configuration at `~/.gemini/config.json`.
Instruct the user to add the following under `mcpServers`:
```json
"remote-mcp-secops": {
"httpUrl": "https://chronicle.us.rep.googleapis.com/mcp",
"authProviderType": "google_credentials",
"oauth": {
"scopes": ["https://www.googleapis.com/auth/cloud-platform"]
},
"timeout": 30000,
"headers": {
"x-goog-user-project": "<YOUR_PROJECT_ID>"
}
}
```
## Verification
After configuration, ask the user to test:
`gemini prompt "list 3 soar cases"`
More from google/mcp-security
- secops-huntExpert guidance for proactive threat hunting. Use this when the user asks to "hunt" for threads, IOCs, or specific TTPs.
- secops-investigateExpert guidance for deep security investigations. Use this when the user asks to "investigate" a case, entity, or incident.
- secops-setup-antigravityHelps the user configure the Google SecOps Remote MCP Server for Antigravity. Use this when the user asks to "set up" or "configure" the security tools for Antigravity.
- secops-triageExpert guidance for security alert triage. Use this when the user asks to "triage" an alert or case.