LogoSTMCP
Download
falcon-mcp

falcon-mcp

falcon-mcp is a Model Context Protocol server that connects AI agents with the CrowdStrike Falcon platform, enabling intelligent security analysis and automation through programmatic access to detections, incidents, and behaviors.

Tools

1. falcon_search_kubernetes_containers

Search for containers from CrowdStrike Kubernetes & Containers inventory.

2. falcon_count_kubernetes_containers

Count for containers by filter criteria from CrowdStrike Kubernetes & Containers inventory.

3. falcon_search_images_vulnerabilities

Search for images vulnerabilities from CrowdStrike Image Assessments.

4. falcon_check_connectivity

Check connectivity to the Falcon API.

5. falcon_list_enabled_modules

Lists enabled modules in the falcon-mcp server.

6. falcon_list_modules

Lists all available modules in the falcon-mcp server.

7. falcon_search_detections

Find and analyze detections to understand malicious activity in your environment.

8. falcon_get_detection_details

Get comprehensive detection details for specific detection IDs to understand security threats.

9. falcon_search_applications

Search for applications in your CrowdStrike environment.

10. falcon_search_unmanaged_assets

Search for unmanaged assets (systems without Falcon sensor installed) that have been discovered by managed systems.

11. falcon_search_hosts

Search for hosts in your CrowdStrike environment.

12. falcon_get_host_details

Retrieve detailed information for specified host device IDs.

13. idp_investigate_entity

Entity investigation tool for analyzing users, endpoints, and other entities with support for timeline analysis, relationship mapping, and risk assessment.

14. falcon_show_crowd_score

View calculated CrowdScores and security posture metrics for your environment.

15. falcon_search_incidents

Find and analyze security incidents to understand coordinated activity in your environment.

16. falcon_get_incident_details

Get comprehensive incident details to understand attack patterns and coordinated activities.

17. falcon_search_behaviors

Find and analyze behaviors to understand suspicious activity in your environment.

18. falcon_get_behavior_details

Get detailed behavior information to understand attack techniques and tactics.

19. falcon_search_actors

Research threat actors and adversary groups tracked by CrowdStrike intelligence.

20. falcon_search_indicators

Search for threat indicators and indicators of compromise (IOCs) from CrowdStrike intelligence.

21. falcon_search_reports

Access CrowdStrike intelligence publications and threat reports.

22. falcon_search_sensor_usage

Search for weekly sensor usage data in your CrowdStrike environment.

23. falcon_search_serverless_vulnerabilities

Search for vulnerabilities in your serverless functions across all cloud service providers.

24. falcon_search_vulnerabilities

Search for vulnerabilities in your CrowdStrike environment.

Open Graph image for falcon-mcp

JSON Config

{
  "mcpServers": {
    "falcon-mcp": {
      "command": "uvx",
      "args": [
        "--env-file",
        "/path/to/.env",
        "falcon-mcp"
      ]
    }
  }
}

Useful Links

GitHubDeepWiki

Information

Categories

Tags

Back

More MCP Server