Browse
→ Infrastructure
→ CrowdStrike Falcon MCP Server
CrowdStrike Falcon MCP Server
Official MCP server from CrowdStrike that connects AI agents to the Falcon cybersecurity platform for intelligent security analysis. Provides tools for querying detections, investigating hosts, searching indicators of compromise, and analyzing threat intelligence through the CrowdStrike Falcon API. Supports host containment actions, RTR session management, and vulnerability assessment. Open source on GitHub under the CrowdStrike organization. Currently at v0.12.0 with active development. Works with Claude, Cursor, and any MCP-compatible client.
MCP unverified
Integration
| Transport | stdio |
| Auth | api-key |
| Endpoint | crowdstrike-falcon-mcp |
Use Cases
| 01 | Query CrowdStrike Falcon detections and investigate compromised hosts through AI agents in Claude or Cursor during incident response workflows |
| 02 | Search indicators of compromise and analyze threat intelligence data through natural language without switching to the Falcon console |
| 03 | Assess host vulnerabilities and manage real-time response sessions through MCP-connected AI agents for automated security operations |
Tags
security cybersecurity crowdstrike threat-intelligence endpoint-detection incident-response open-source
Machine-readable: /api/servers.json
· JSON-LD schema embedded in <head>