Crowdstrike Falcon
@CrowdStrike
About Crowdstrike Falcon
Connects AI agents with the CrowdStrike Falcon platform for intelligent security analysis, providing programmatic access to detections, incidents, behaviors, threat intelligence, hosts, vulnerabilities, and identity protection capabilities.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"falcon-mcp": {
"command": "uvx",
"args": [
"falcon-mcp"
],
"env": {
"FALCON_CLIENT_ID": "your-client-id",
"FALCON_CLIENT_SECRET": "your-client-secret",
"FALCON_BASE_URL": "https://api.crowdstrike.com"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Crowdstrike Falcon?
Crowdstrike Falcon is a Model Context Protocol (MCP) server that connects AI agents with the CrowdStrike Falcon platform for security analysis. It provides programmatic access to detections, incidents, behaviors, threat intelligence, and other security capabilities.
How to use Crowdstrike Falcon?
Install the server with pip install falcon-mcp (requires Python 3.11+). Configure CrowdStrike API credentials via environment variables (FALCON_CLIENT_ID, FALCON_CLIENT_SECRET), then run falcon-mcp on the command line or integrate with an MCP client like Claude Desktop. Modules can be enabled or disabled using command-line flags.
Key features of Crowdstrike Falcon
- Detection search and analysis
- Incident investigation and CrowdScore monitoring
- Threat actor and IOC intelligence research
- Host/device inventory and management
- Vulnerability search and management
- Identity protection entity investigation
Use cases of Crowdstrike Falcon
- Threat hunting: Search detections to uncover malicious activity.
- Incident response: Analyze incidents, behaviors, and CrowdScore.
- Threat intelligence: Research adversaries, indicators, and reports.
- Asset management: Query host inventory and device details.
- Vulnerability management: Search and assess vulnerabilities.
FAQ from Crowdstrike Falcon
What is the current status of falcon-mcp?
It is in public preview under active development. Features may change before the stable 1.0 release, so production deployments are not recommended.
What API scopes are required?
Scopes depend on the modules you enable. For example, Detections needs Alerts:read, Incidents needs Incidents:read, and Intel needs multiple Falcon Intelligence scopes. See the README for the full list.
Can I trust AI-generated FQL queries?
FQL has nuanced syntax. AI-generated filters should be tested and validated before production use. Start with simple queries and gradually build complexity.
How do I install and configure falcon-mcp?
Install via pip install falcon-mcp with Python 3.11+. Copy .env.example to .env and set FALCON_CLIENT_ID and FALCON_CLIENT_SECRET from your CrowdStrike API credentials.
More Other MCP servers
Servers
modelcontextprotocolModel Context Protocol Servers
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
Nginx UI
0xJackyYet another WebUI for Nginx
Comments