CrowdStrike Falcon MCP Server

Name: CrowdStrike Falcon MCP Server
Author: CrowdStrike

CrowdStrike/falcon-mcp

Let your coding agent query CrowdStrike Falcon detections and automate security workflows without leaving the terminal.

Overview

CrowdStrike Falcon MCP Server is a Ship-phase MCP server that links AI agents to CrowdStrike Falcon APIs for security analysis and automation.

What is this MCP server?

stdio MCP server (falcon-mcp) via uvx/PyPI with CrowdStrike API auth
Required secrets: FALCON_CLIENT_ID and FALCON_CLIENT_SECRET plus regional FALCON_BASE_URL
Optional FALCON_MCP_MODULES comma list to load only the Falcon API surfaces you need
MSSP support via FALCON_MEMBER_CID for Flight Control child CID scoping
Version 0.11.0 aligned with Model Context Protocol server schema 2025-12-11
Server version 0.11.0 (PyPI package falcon-mcp)
Transport: stdio; runtime hint uvx
Required env: FALCON_CLIENT_ID, FALCON_CLIENT_SECRET

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 176 GitHub stars.

What problem does it solve?

Security context lives in Falcon while your agent works in the repo, so triage and response stay manual and context-switch heavy.

Who is it for?

Indie teams or solo builders who already use CrowdStrike Falcon and want agent-assisted detection review during release prep.

Skip if: Builders without a Falcon subscription, greenfield projects with no EDR footprint, or anyone expecting a turnkey pentest skill without API governance.

What do I get? / Deliverables

After registration, your agent can call scoped Falcon modules through MCP so ship-phase security checks and investigations stay in one workflow.

Registered Falcon MCP stdio endpoint in your agent
Scoped Falcon API tool surface via FALCON_MCP_MODULES
Agent-callable security queries against your Falcon region

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security hardening and incident context belong on the Ship shelf where solo builders review exposure before and after release. Falcon API access maps directly to security review: hunting, alerting context, and response automation tied to production endpoints.

How it compares

CrowdStrike API MCP integration, not a generic code-review or SAST agent skill.

Common Questions / FAQ

Who is CrowdStrike Falcon MCP Server for?

It is for developers and operators who run Falcon in production and want MCP-connected agents to help with security queries and automation using official API credentials.

When should I use CrowdStrike Falcon MCP Server?

Use it during Ship security reviews, incident triage, or when automating repeatable Falcon lookups while building or maintaining agent tooling.

How do I add CrowdStrike Falcon MCP Server to my agent?

Install the falcon-mcp package with uvx, set FALCON_CLIENT_ID and FALCON_CLIENT_SECRET (and optional FALCON_BASE_URL or modules), then register the stdio server in your MCP client config.

CrowdStrike Falcon MCP Server

CrowdStrike/falcon-mcp

Let your coding agent query CrowdStrike Falcon detections and automate security workflows without leaving the terminal.

Overview

CrowdStrike Falcon MCP Server is a Ship-phase MCP server that links AI agents to CrowdStrike Falcon APIs for security analysis and automation.

What is this MCP server?

stdio MCP server (falcon-mcp) via uvx/PyPI with CrowdStrike API auth
Required secrets: FALCON_CLIENT_ID and FALCON_CLIENT_SECRET plus regional FALCON_BASE_URL
Optional FALCON_MCP_MODULES comma list to load only the Falcon API surfaces you need
MSSP support via FALCON_MEMBER_CID for Flight Control child CID scoping
Version 0.11.0 aligned with Model Context Protocol server schema 2025-12-11
Server version 0.11.0 (PyPI package falcon-mcp)
Transport: stdio; runtime hint uvx
Required env: FALCON_CLIENT_ID, FALCON_CLIENT_SECRET

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Community signal: 176 GitHub stars.

What problem does it solve?

Security context lives in Falcon while your agent works in the repo, so triage and response stay manual and context-switch heavy.

Who is it for?

Indie teams or solo builders who already use CrowdStrike Falcon and want agent-assisted detection review during release prep.

Skip if: Builders without a Falcon subscription, greenfield projects with no EDR footprint, or anyone expecting a turnkey pentest skill without API governance.

What do I get? / Deliverables

After registration, your agent can call scoped Falcon modules through MCP so ship-phase security checks and investigations stay in one workflow.

Registered Falcon MCP stdio endpoint in your agent
Scoped Falcon API tool surface via FALCON_MCP_MODULES
Agent-callable security queries against your Falcon region

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

CrowdStrike API MCP integration, not a generic code-review or SAST agent skill.

Common Questions / FAQ

Who is CrowdStrike Falcon MCP Server for?

It is for developers and operators who run Falcon in production and want MCP-connected agents to help with security queries and automation using official API credentials.

When should I use CrowdStrike Falcon MCP Server?

Use it during Ship security reviews, incident triage, or when automating repeatable Falcon lookups while building or maintaining agent tooling.

How do I add CrowdStrike Falcon MCP Server to my agent?

Install the falcon-mcp package with uvx, set FALCON_CLIENT_ID and FALCON_CLIENT_SECRET (and optional FALCON_BASE_URL or modules), then register the stdio server in your MCP client config.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is CrowdStrike Falcon MCP Server for?

When should I use CrowdStrike Falcon MCP Server?

How do I add CrowdStrike Falcon MCP Server to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is CrowdStrike Falcon MCP Server for?

When should I use CrowdStrike Falcon MCP Server?

How do I add CrowdStrike Falcon MCP Server to my agent?