# Chronicle Client

The Chronicle client is the core component of the Google SecOps SDK for Python that allows you to interact with Google Chronicle/SecOps SIEM.

## Initializing the Chronicle Client

After creating a SecOpsClient, you need to initialize the Chronicle-specific client:

```python
from secops import SecOpsClient

# Initialize with default credentials
client = SecOpsClient()

# Initialize Chronicle client
chronicle = client.chronicle(
    customer_id="your-chronicle-instance-id",  # Your Chronicle instance ID
    project_id="your-project-id",             # Your GCP project ID
    region="us"                               # Chronicle API region
)
```

For available regions, see the [Regions documentation](../advanced/regions.md).

## Features

The Chronicle client provides access to the following features:

### Data Ingestion and Search

- [Log Ingestion](ingestion.md) - Ingest raw logs directly into Chronicle
- [UDM Search](search.md) - Search for events in the Universal Data Model (UDM)
- [Natural Language Search](nl-search.md) - Search using natural language queries

### Security Intelligence

- [IoCs Management](iocs.md) - Manage Indicators of Compromise
- [Entity Graph](entity.md) - Get detailed information about specific entities

### Alert and Case Management

- [Alert Management](alerts.md) - Retrieve and manage alerts
- [Case Management](cases.md) - Create and manage cases

### Detection Rules

- [Detection Rules](rules.md) - Manage detection rules
- [Retrohunts](retrohunts.md) - Run retroactive hunts against historical data

## Examples

Here's a simple example of using the Chronicle client to search for events:

```python
# Search for events in the last 24 hours
results = chronicle.search(
    query="metadata.product_name = \"Okta\"",
    start_time="1d"
)

# Process the results
for event in results:
    print(f"Event time: {event.get('metadata', {}).get('event_timestamp')}")
    print(f"Product: {event.get('metadata', {}).get('product_name')}")
    print("---")
```

## Next Steps

Explore the specific features of the Chronicle client in the following pages:

```{toctree}
:maxdepth: 1

ingestion
search
nl-search
iocs
entity
alerts
cases
rules
retrohunts
```