CrowdStrike Falcon MCP Server

Official

Overview Schema Related Servers Score Discussions

api_scopes.py•2.87 KiB

""" API scope definitions and utilities for Falcon MCP Server This module provides API scope definitions and related utilities for the Falcon MCP server. """ from .logging import get_logger logger = get_logger(__name__) # Map of API operations to required scopes # This can be expanded as more modules and operations are added API_SCOPE_REQUIREMENTS = { # Alerts operations (migrated from detections) "GetQueriesAlertsV2": ["Alerts:read"], "PostEntitiesAlertsV2": ["Alerts:read"], # Hosts operations "QueryDevicesByFilter": ["Hosts:read"], "PostDeviceDetailsV2": ["Hosts:read"], # Incidents operations "QueryIncidents": ["Incidents:read"], "GetIncidentDetails": ["Incidents:read"], "CrowdScore": ["Incidents:read"], "GetIncidents": ["Incidents:read"], "GetBehaviors": ["Incidents:read"], "QueryBehaviors": ["Incidents:read"], # Intel operations "QueryIntelActorEntities": ["Actors (Falcon Intelligence):read"], "QueryIntelIndicatorEntities": ["Indicators (Falcon Intelligence):read"], "QueryIntelReportEntities": ["Reports (Falcon Intelligence):read"], "GetMitreReport": ["Actors (Falcon Intelligence):read"], # Spotlight operations "combinedQueryVulnerabilities": ["Vulnerabilities:read"], # Discover operations "combined_applications": ["Assets:read"], "combined_hosts": ["Assets:read"], # Cloud operations "ReadContainerCombined": ["Falcon Container Image:read"], "ReadContainerCount": ["Falcon Container Image:read"], "ReadCombinedVulnerabilities": ["Falcon Container Image:read"], # Identity Protection operations "api_preempt_proxy_post_graphql": [ "Identity Protection Entities:read", "Identity Protection Timeline:read", "Identity Protection Detections:read", "Identity Protection Assessment:read", "Identity Protection GraphQL:write", ], # Sensor Usage operations "GetSensorUsageWeekly": ["Sensor Usage:read"], # Serverless operations "GetCombinedVulnerabilitiesSARIF": ["Falcon Container Image:read"], # Scheduled Reports operations "scheduled_reports_query": ["Scheduled Reports:read"], "scheduled_reports_get": ["Scheduled Reports:read"], "scheduled_reports_launch": ["Scheduled Reports:read"], # Report Executions operations (same scope as Scheduled Reports) "reports_executions_query": ["Scheduled Reports:read"], "report_executions_get": ["Scheduled Reports:read"], "report_executions_download_get": ["Scheduled Reports:read"], # Add more mappings as needed } def get_required_scopes(operation: str | None) -> list[str]: """Get the required API scopes for a specific operation. Args: operation: The API operation name Returns: List[str]: List of required API scopes """ if operation is None: return [] return API_SCOPE_REQUIREMENTS.get(operation, [])

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CrowdStrike/falcon-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

api_scopes.py•2.87 KiB