Skip to content

feat(secops): add investigation management tools#220

Merged
dandye merged 8 commits intomainfrom
feature/secops-investigations-tools
Feb 26, 2026
Merged

feat(secops): add investigation management tools#220
dandye merged 8 commits intomainfrom
feature/secops-investigations-tools

Conversation

@mihirvala08
Copy link
Copy Markdown
Collaborator

@mihirvala08 mihirvala08 commented Jan 15, 2026
edited
Loading

Summary

Added Investigation Management tools in SecOps MCP for Chronicle SIEM.

What

Added following Chronicle SIEM Investigation Management tools:

  • List investigations
  • Get specific investigation details
  • Trigger investigation for alerts
  • Fetch associated investigations for alerts/cases

Changelog

  • server/secops/secops_mcp/tools/investigation_management.py: Added investigation management tools for case retrieval, investigation listing, investigation details, triggering investigations, and fetching associated investigations
  • server/secops/secops_mcp/tools/__init__.py: Added import for investigation management tools
  • server/secops/tests/test_secops_investigations_mcp.py: Integration tests for investigation management tools covering all 5 tools with real data

@mihirvala08 mihirvala08 changed the title feat: add investigation management tools feat(secops): add investigation management tools Jan 15, 2026
@mihirvala08 mihirvala08 marked this pull request as ready for review January 16, 2026 12:35
@mihirvala08 mihirvala08 requested a review from a team January 16, 2026 12:35
@mihirvala08 mihirvala08 requested review from ankitgoyal0301, goog-cmmartin and prachib29 and removed request for goog-cmmartin February 4, 2026 07:05
@dandye dandye self-assigned this Feb 26, 2026
@dandye
Copy link
Copy Markdown
Collaborator

dandye commented Feb 26, 2026

Integration Test Evidence

Trigger Investigation

Screenshot 2026-02-26 at 3 54 24 PM

Get Investigation

Screenshot 2026-02-26 at 3 29 15 PM

List Investigations

Screenshot 2026-02-26 at 3 27 18 PM

Fetch associated investigations for alerts/cases

Screenshot 2026-02-26 at 4 03 00 PM

dandye
dandye approved these changes Feb 26, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@dandye dandye left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay in reviewing this, @mihirvala08.

I'm really pleased to see this functionality in MCP. Thank you!

Signed-off-by: @dandye

@dandye dandye merged commit d419b2a into main Feb 26, 2026
1 check passed
@dandye dandye deleted the feature/secops-investigations-tools branch February 26, 2026 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dandye dandye dandye approved these changes

@panoskoug panoskoug Awaiting requested review from panoskoug

@ankitgoyal0301 ankitgoyal0301 Awaiting requested review from ankitgoyal0301

@goog-cmmartin goog-cmmartin Awaiting requested review from goog-cmmartin

@prachib29 prachib29 Awaiting requested review from prachib29

Assignees

@dandye dandye

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mihirvala08 @dandye