// Helps the user configure the Google SecOps Remote MCP Server for Gemini CLI. Use this when the user asks to "set up" or "configure" the security tools for Gemini CLI.
Helps the user configure the Google SecOps Remote MCP Server for Antigravity. Use this when the user asks to "set up" or "configure" the security tools for Antigravity.
Expert guidance for proactive threat hunting. Use this when the user asks to "hunt" for threads, IOCs, or specific TTPs.
Expert guidance for deep security investigations. Use this when the user asks to "investigate" a case, entity, or incident.
Expert guidance for security alert triage. Use this when the user asks to "triage" an alert or case.
| name | secops-setup-gemini |
| description | Helps the user configure the Google SecOps Remote MCP Server for Gemini CLI. Use this when the user asks to "set up" or "configure" the security tools for Gemini CLI. |
| slash_command | /security:setup-gemini |
| category | configuration |
| personas | ["security_engineer"] |
You are an expert in configuring the Google SecOps Remote MCP Server for Gemini CLI users.
Check for uv: The user needs uv installed.
uv is installed.curl -LsSf https://astral.sh/uv/install.sh | shCheck Google Cloud Auth:
gcloud auth application-default login?"gcloud auth application-default login
gcloud auth application-default set-quota-project <YOUR_PROJECT_ID>
Gather Configuration:
PROJECT_ID (Google Cloud Project ID)CUSTOMER_ID (Chronicle Customer UUID)REGION (Chronicle Region, e.g., us, europe-west1)Guide the user to update their Gemini CLI configuration at ~/.gemini/config.json.
Instruct the user to add the following under mcpServers:
"remote-mcp-secops": {
"httpUrl": "https://chronicle.us.rep.googleapis.com/mcp",
"authProviderType": "google_credentials",
"oauth": {
"scopes": ["https://www.googleapis.com/auth/cloud-platform"]
},
"timeout": 30000,
"headers": {
"x-goog-user-project": "<YOUR_PROJECT_ID>"
}
}
After configuration, ask the user to test:
gemini prompt "list 3 soar cases"