falcon-mcp

For SOC analysts and security engineers: Stop tab-switching between CrowdStrike, your ticketing system, and your notes. Ask Claude to triage the alert, pull the process tree, check if the hash ran on other hosts, and draft the IR note — all in one conversation.

falcon-mcp is a Model Context Protocol (MCP) server that gives AI agents — including Claude — direct, structured access to the CrowdStrike Falcon platform for intelligent security operations.

What It Does

falcon-mcp bridges AI assistants and the CrowdStrike Falcon platform, enabling SOC analysts to ask natural-language questions and get answers backed by live Falcon data. It exposes Falcon's detection, investigation, response, and intelligence capabilities as MCP tools, so an AI agent can search detections, pivot through behaviors, contain hosts, and query threat intelligence — all from a single conversation. Designed for both interactive SOC workflows and automated security pipelines, it supports MSSP Flight Control so multi-tenant environments can be queried without switching consoles.

Related MCP server: CrowdStrike Falcon MCP Server

Features

• EDR Telemetry — Search detections, behaviors, and incidents; drill into process execution trees and command-line activity

• Real Time Response (RTR) — Initialize RTR sessions, run read-only triage commands (ps, netstat, filehash, reg query), and execute active responder and admin commands with configurable safety gates

• Threat Intelligence — Research threat actors, query CrowdStrike indicators, retrieve MITRE ATT&CK reports, and search intelligence reports

• Custom IOC Management — Search, create, and delete custom indicators of compromise; manage IOC watchlists

• Vulnerability Management (Spotlight) — Query CVE exposure by host, filter by severity or CVE ID, and surface vulnerability assessments

• Cloud Security — Kubernetes container visibility, container image vulnerabilities, CSPM asset inventory, and serverless function vulnerability scanning

• Identity Protection (IDP) — Entity investigation and identity-based threat analysis

• MSSP / Flight Control — List and target child CIDs; pass a per-tool member_cid to scope any query to a specific managed tenant

• Next-Gen SIEM (NGSIEM) — Execute CQL queries against the Falcon NGSIEM for log-based investigation

• Host Management — Query host inventory, login history, network address history, device groups, and online state

• Firewall & Custom IOA — Search and manage firewall rules and behavioral detection rule groups

• Incident Management — Correlate incidents across hosts, update status, and annotate with investigative notes

• Scheduled Reports — List, manage, and download Falcon scheduled report outputs

• Safety Gates — Read-only mode suppresses all mutating tools at registration time; a separate destructive policy controls host containment, RTR execution, and account-level deletes

Architecture

falcon-mcp ships two layers of tools:

The default mode exposes the curated layer (~392 tools), which covers every major SOC workflow with well-described, ergonomic tools. The full generated layer (total ~1,296 tools) can be enabled with FALCON_MCP_ENABLE_GENERATED=1 for complete API surface coverage.

Prerequisites

• Python 3.11 or later

• CrowdStrike Falcon API credentials (Client ID and Client Secret) with appropriate scopes for the modules you intend to use

• uv (recommended) or pip

Installation

Fastest — uvx (no install required)

Run directly without a persistent install:

uvx falcon-mcp

Via uv tool install (persistent)

uv tool install falcon-mcp

Via pip

pip install falcon-mcp

From source

git clone https://github.com/CrowdStrike/falcon-mcp.git
cd falcon-mcp
uv sync

Configuration

All configuration is driven by environment variables (or a .env file in the working directory). CLI flags mirror every env var and take precedence when both are set.

Region base URLs:

Claude Code Integration

HTTP mode (streamable-http) is recommended for Claude Code and other AI development environments that support persistent server connections.

Step 1 — Start the server:

FALCON_CLIENT_ID=your-client-id \
FALCON_CLIENT_SECRET=your-client-secret \
FALCON_BASE_URL=https://api.crowdstrike.com \
FALCON_MCP_TRANSPORT=streamable-http \
falcon-mcp

Step 2 — Add to .claude/settings.json (project) or ~/.claude/settings.json (global):

{
  "mcpServers": {
    "falcon-mcp": {
      "type": "http",
      "url": "http://localhost:8000/mcp"
    }
  }
}

For API key-protected deployments, add the header:

{
  "mcpServers": {
    "falcon-mcp": {
      "type": "http",
      "url": "http://localhost:8000/mcp",
      "headers": {
        "x-api-key": "your-api-key"
      }
    }
  }
}

Claude Desktop Integration

Stdio mode works best for Claude Desktop. Credentials are passed directly in the MCP server configuration.

{
  "mcpServers": {
    "falcon-mcp": {
      "command": "uvx",
      "args": ["falcon-mcp"],
      "env": {
        "FALCON_CLIENT_ID": "your-client-id",
        "FALCON_CLIENT_SECRET": "your-client-secret",
        "FALCON_BASE_URL": "https://api.crowdstrike.com"
      }
    }
  }
}

To load credentials from a .env file instead of embedding them in the config:

{
  "mcpServers": {
    "falcon-mcp": {
      "command": "uvx",
      "args": ["--env-file", "/path/to/.env", "falcon-mcp"]
    }
  }
}

Docker

# Pull the latest image
docker pull quay.io/crowdstrike/falcon-mcp:latest

# Run with a .env file (stdio transport)
docker run -i --rm --env-file /path/to/.env quay.io/crowdstrike/falcon-mcp:latest

# Run with streamable-http transport
docker run --rm -p 8000:8000 --env-file /path/to/.env \
  quay.io/crowdstrike/falcon-mcp:latest --transport streamable-http --host 0.0.0.0

See the Docker Deployment guide for building locally, custom ports, and advanced configurations.

MSSP / Multi-Tenant Usage

falcon-mcp has first-class support for CrowdStrike Flight Control environments.

Default tenant targeting: Set FALCON_MEMBER_CID to route all queries to a specific child CID without changing anything else:

export FALCON_MEMBER_CID="CHILD_CID_HERE"

Per-request tenant targeting: Every tool that accepts a member_cid parameter can override the default at call time. This lets an AI agent query multiple child tenants in a single session without restarting the server:

"Search for critical detections in tenant ABC123 and compare with tenant XYZ789."

Flight Control module: The flight_control module provides tools to enumerate all child accounts, list CID groups and user groups, query MSSP role assignments, and manage group membership.

MSSP API scopes: The parent CID must have Flight Control API scopes enabled. Child CID API keys are not required when querying through the parent.

Available Modules

For required API scopes per module, see the Module Overview.

SOC Quick Start

Once the server is running and connected to Claude, you can start investigating immediately. Example prompts:

Triage new detections:

"Search for new critical and high severity detections from the last 24 hours and summarize the top 5."

Investigate a specific detection:

"Get the full process tree and command-line details for detection ID abc123."

Contain a compromised host:

"Contain host WORKSTATION-42 and add it to the IR-2025-001 tagging group."

Hunt by IOC:

"Which hosts in my environment have executed the hash d41d8cd98f00b204e9800998ecf8427e? Show me the timeline."

MSSP cross-tenant alert summary:

"List all open critical alerts across child tenants ABC123 and XYZ789 and flag any that share the same technique."

Vulnerability prioritization:

"Show me all critical CVEs with a CVSS score above 9.0 affecting internet-facing hosts."

macOS Persistence (launchd)

To run falcon-mcp as a persistent background service on macOS, an example launchd plist is provided in the examples/ directory. Load it with:

launchctl load ~/Library/LaunchAgents/com.crowdstrike.falcon-mcp.plist

See examples/ for the full plist template and configuration notes.

Cloud Deployment

• Amazon Bedrock AgentCore

• Google Cloud Run / Vertex AI

Security Considerations

Read-only mode: For environments where write access is not required, set FALCON_MCP_READONLY=true. This suppresses all mutating tools at registration time — they are never exposed to the AI agent, regardless of what is asked.

Destructive operation gating: Even with writes enabled, tools annotated as destructive (host containment, RTR command execution, account-level deletes) are suppressed by default. Enable them explicitly via FALCON_MCP_ALLOW_DESTRUCTIVE. The recommended approach is to specify a comma-separated list of specific tool names rather than setting true (which arms all ~119 destructive tools):

# Enable only host containment and RTR active responder
FALCON_MCP_ALLOW_DESTRUCTIVE=falcon_perform_host_action,falcon_batch_execute_active_responder_command

API credential scoping: Create a dedicated Falcon API client for falcon-mcp with only the scopes required for your use case. Do not reuse admin-level API keys. Consult the Module Overview for the minimum required scopes per module.

Credential storage: Never embed API credentials in MCP configuration files committed to source control. Use environment variables, a .env file outside the repository root, or a secrets manager. For HTTP transports shared across users, enable FALCON_MCP_API_KEY to require authentication at the MCP layer in addition to Falcon API authentication.

Network exposure: The default HTTP bind address is 127.0.0.1. Do not bind to 0.0.0.0 in untrusted network environments without enabling API key authentication.

Contributing

# Clone and install with dev dependencies
git clone https://github.com/CrowdStrike/falcon-mcp.git
cd falcon-mcp
uv sync --all-extras

# Run tests
uv run pytest

This project uses Conventional Commits for automated releases. Please follow the commit message format outlined in our Contributing Guide.

Additional developer documentation:

• Module Development Guide — how to implement new curated modules

• Resource Development Guide — how to implement MCP resources

• Integration Testing Guide — running tests against a live Falcon API

• End-to-End Testing Guide — full E2E test setup and execution

Support

This is a community-driven, open source project. While it is not an official CrowdStrike product, it is actively maintained by CrowdStrike and supported in collaboration with the open source developer community.

For questions, bug reports, and feature requests, please open a GitHub Issue. CrowdStrike customers may also contact Technical Support through established support channels.

See SUPPORT.md for more information.

Related MCP Servers

These three servers cover complementary layers of a security stack — network/log (AlertLogic), endpoint protection (Sophos), and EDR/threat intel (CrowdStrike). Use them together for full-stack AI-powered SOC operations.

License

This project is licensed under the MIT License. See the LICENSE file for details.