MCP.so
Sign In
Servers

Crowdstrike Falcon

@CrowdStrike

Connects AI agents with the CrowdStrike Falcon platform for intelligent security analysis, providing programmatic access to detections, incidents, behaviors, threat intelligence, hosts, vulnerabilities, and identity protection capabilities.

Overview

What is Crowdstrike Falcon?

Crowdstrike Falcon is a Model Context Protocol (MCP) server that connects AI agents with the CrowdStrike Falcon platform for security analysis. It provides programmatic access to detections, incidents, behaviors, threat intelligence, and other security capabilities.

How to use Crowdstrike Falcon?

Install the server with pip install falcon-mcp (requires Python 3.11+). Configure CrowdStrike API credentials via environment variables (FALCON_CLIENT_ID, FALCON_CLIENT_SECRET), then run falcon-mcp on the command line or integrate with an MCP client like Claude Desktop. Modules can be enabled or disabled using command-line flags.

Key features of Crowdstrike Falcon

  • Detection search and analysis
  • Incident investigation and CrowdScore monitoring
  • Threat actor and IOC intelligence research
  • Host/device inventory and management
  • Vulnerability search and management
  • Identity protection entity investigation

Use cases of Crowdstrike Falcon

  • Threat hunting: Search detections to uncover malicious activity.
  • Incident response: Analyze incidents, behaviors, and CrowdScore.
  • Threat intelligence: Research adversaries, indicators, and reports.
  • Asset management: Query host inventory and device details.
  • Vulnerability management: Search and assess vulnerabilities.

FAQ from Crowdstrike Falcon

What is the current status of falcon-mcp?

It is in public preview under active development. Features may change before the stable 1.0 release, so production deployments are not recommended.

What API scopes are required?

Scopes depend on the modules you enable. For example, Detections needs Alerts:read, Incidents needs Incidents:read, and Intel needs multiple Falcon Intelligence scopes. See the README for the full list.

Can I trust AI-generated FQL queries?

FQL has nuanced syntax. AI-generated filters should be tested and validated before production use. Start with simple queries and gradually build complexity.

How do I install and configure falcon-mcp?

Install via pip install falcon-mcp with Python 3.11+. Copy .env.example to .env and set FALCON_CLIENT_ID and FALCON_CLIENT_SECRET from your CrowdStrike API credentials.

Tags

More from Other