Skip to content

Add ADK-based SOC Agent #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dandye wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add ADK-based SOC Agent #216

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1c0c29d
Add ADK-based SOC Agent with Remote MCP support
dandye Jan 13, 2026
5510828
switch to MREP server url
dandye Jan 15, 2026
c2e7269
flash model and pin reqs
dandye Jan 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file added soc_agent/__init__.py
View file
Open in desktop
Empty file.
49 changes: 49 additions & 0 deletions soc_agent/agent.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
import logging
import google.auth
import os
from google.auth.transport.requests import Request
from google.adk.agents import Agent
from google.adk.tools.mcp_tool import McpToolset, StreamableHTTPConnectionParams
from dotenv import load_dotenv

# Configure logging
logging.basicConfig(level=logging.INFO)

# Load environment variables
load_dotenv(os.path.join(os.path.dirname(__file__), '.env'))

# 1. Setup scopes
SCOPES = ["https://www.googleapis.com/auth/chronicle"]

def get_access_token():
creds, _ = google.auth.default(scopes=SCOPES)
auth_req = Request()
creds.refresh(auth_req)
return creds.token

# 2. Configure Toolset
toolset = McpToolset(
connection_params=StreamableHTTPConnectionParams(
url=os.getenv("REMOTE_MCP_URL", "https://chronicle.us.rep.googleapis.com/mcp"),
headers={
"Authorization": f"Bearer {get_access_token()}",
"Accept": "application/json",
"x-goog-user-project": os.getenv("PROJECT_ID")
}
)
)

# 3. Create Agent
root_agent = Agent(
name="oc_agent",
model=os.getenv("GOOGLE_MODEL", "gemini-2.5-flash"),
description="ADK Agent to test the Remote SecOps MCP Server",
instruction=f"""You are an Agent that tests the remote MCP server's tools.

When using the SecOps MCP, use these parameters for EVERY request:
Customer ID: {os.getenv("CUSTOMER_ID")}
Region: {os.getenv("REGION", "us")}
Project ID: {os.getenv("PROJECT_ID")}
""",
tools=[toolset],
)
5 changes: 5 additions & 0 deletions soc_agent/requirements.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
google-adk[eval]~=1.22.1
google-auth
requests
python-dotenv
google-genai
17 changes: 17 additions & 0 deletions soc_agent/sample.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Google Cloud Project Config
PROJECT_ID=YOUR_PROJECT_ID
# For SecOps/Chronicle, this is usually a UUID
CUSTOMER_ID=YOUR_CUSTOMER_ID
REGION=us

# Configuration for ADK/Gemini
GOOGLE_GENAI_USE_VERTEXAI=True
GOOGLE_CLOUD_PROJECT=YOUR_PROJECT_ID
GOOGLE_CLOUD_LOCATION=us-central1

# Model Config
GOOGLE_MODEL=gemini-2.5-flash
DEFAULT_PROMPT='You are a helpful security assistant. You can use the available tools to investigate security incidents.'

# Remote MCP Server URL (Defaults to production if not set)
# REMOTE_MCP_URL="https://chronicle.us.rep.googleapis.com/mcp"