Skip to content

Add comprehensive documentation for new SecOps MCP tools #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add comprehensive documentation for new SecOps MCP tools #105

wants to merge 1 commit into from

Conversation

dandye
Copy link
Collaborator

@dandye dandye commented Jun 26, 2025

Summary

Added complete documentation for the 15 new SecOps MCP tools that were recently added but not documented in the main docs.

Changes

  • Log Ingestion Tools: Added documentation for ingest_raw_log, ingest_udm_events, and get_available_log_types
  • Parser Management Tools: Documented create_parser, get_parser, activate_parser, deactivate_parser, and run_parser_against_sample_logs
  • Data Table Management Tools: Added docs for create_data_table, add_rows_to_data_table, list_data_table_rows, and delete_data_table_rows
  • Reference List Management Tools: Documented create_reference_list, get_reference_list, and update_reference_list
  • Enhanced Examples: Added practical workflow examples demonstrating tool combinations and real-world use cases
  • Complete Parameter Documentation: Each tool includes detailed parameter descriptions, return values, and use cases

Impact

  • Resolves documentation gap for 15 powerful new tools added in recent commits
  • Provides clear guidance for log ingestion, parser management, and data management workflows
  • Includes practical examples that show how to combine tools for complex security operations
  • Enables users to fully leverage Chronicle's expanded capabilities through the MCP interface

Test Plan

  • Review documentation for accuracy and completeness
  • Verify all parameter descriptions match implementation
  • Check that examples are realistic and helpful
  • Ensure formatting and structure is consistent

@dandye
Add comprehensive documentation for new SecOps MCP tools
1321ac2 
- Add complete documentation for log ingestion tools (ingest_raw_log, ingest_udm_events, get_available_log_types)
- Add parser management tools documentation (create_parser, activate_parser, etc.)
- Add data table management tools (create_data_table, add_rows_to_data_table, etc.)
- Add reference list management tools (create_reference_list, update_reference_list, etc.)
- Include detailed parameter descriptions, return values, and use cases for all new tools
- Add practical workflow examples demonstrating tool combinations
- Total of 15 new tools documented with comprehensive examples
@dandye dandye requested a review from Blevene June 26, 2025 01:04
@dandye dandye added the documentation Improvements or additions to documentation label Jun 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Blevene Blevene Awaiting requested review from Blevene

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dandye