{"id":"83f5453f-b71e-499c-8718-d6a441ef6d73","shortId":"JBLnPf","kind":"skill","title":"Investigate CrowdStrike Falcon alerts and telemetry through falcon-mcp","tagline":"Use falcon-mcp when an agent needs CrowdStrike Falcon detections, incidents, behaviors, threat intel, or read-only response context to triage a security event without leaving an MCP workflow.","description":"# Investigate CrowdStrike Falcon alerts and telemetry through falcon-mcp\n\nUse falcon-mcp when an agent needs CrowdStrike Falcon detections, incidents, behaviors, threat intel, or read-only response context to triage a security event without leaving an MCP workflow.\n\n## Prerequisites\n\nPython 3.10+ with uv or pip; CrowdStrike Falcon API credentials with the scopes required for the enabled modules; an MCP-compatible client such as Claude Code, Claude Desktop, Cursor, or OpenClaw.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- uv tool install falcon-mcp\n- pip install falcon-mcp\n- docker pull quay.io/crowdstrike/falcon-mcp:latest\n- docker run -i --rm --env-file /path/to/.env quay.io/crowdstrike/falcon-mcp:latest\n\nRequirements and caveats from upstream:\n- [![PyPI - Python Version](https://img.shields.io/pypi/pyversions/falcon-mcp)](https://pypi.org/project/falcon-mcp/)\n- ### Docker\n- \"falcon-mcp-docker\": {\n\nBasic usage or getting-started notes:\n- | [Sensor Usage](https://crowdstrike.github.io/falcon-mcp/modules/sensor-usage/) | Access and analyze sensor usage data |\n- #### Using uv (recommended)\n- bash\n\n- Source: https://github.com/CrowdStrike/falcon-mcp\n- Extracted from upstream docs: https://raw.githubusercontent.com/CrowdStrike/falcon-mcp/HEAD/README.md\n\n## Documentation\n\n- https://github.com/CrowdStrike/falcon-mcp/tree/main/docs\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp/)","tags":["investigate","crowdstrike","falcon","alerts","and","telemetry","through","mcp","skills","agentskillexchange","agent-skills","ai-agents"],"capabilities":["skill","source-agentskillexchange","skill-investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,539 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:10:57.812Z","embedding":null,"createdAt":"2026-05-18T13:17:14.111Z","updatedAt":"2026-05-18T19:10:57.812Z","lastSeenAt":"2026-05-18T19:10:57.812Z","tsv":"'/crowdstrike/falcon-mcp':196 '/crowdstrike/falcon-mcp/head/readme.md':203 '/crowdstrike/falcon-mcp/tree/main/docs':207 '/crowdstrike/falcon-mcp:latest':143,154 '/falcon-mcp/modules/sensor-usage/)':182 '/path/to/.env':151 '/pypi/pyversions/falcon-mcp)](https://pypi.org/project/falcon-mcp/)':165 '/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp/)':214 '3.10':85 'access':183 'agent':17,58,209 'agentskillexchange.com':213 'agentskillexchange.com/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp/)':212 'alert':4,45 'analyz':185 'api':92 'bash':192 'basic':171 'behavior':23,64 'caveat':157 'claud':109,111 'client':106 'code':110 'compat':105 'context':31,72 'credenti':93 'crowdstrik':2,19,43,60,90 'crowdstrike.github.io':181 'crowdstrike.github.io/falcon-mcp/modules/sensor-usage/)':180 'cursor':113 'data':188 'desktop':112 'detect':21,62 'doc':200 'docker':139,144,166,170 'document':204 'enabl':100 'env':149 'env-fil':148 'environ':127 'event':36,77 'exchang':211 'extract':197 'falcon':3,9,13,20,44,50,54,61,91,132,137,168 'falcon-mcp':8,12,49,53,131,136 'falcon-mcp-dock':167 'file':150 'get':175 'getting-start':174 'github.com':195,206 'github.com/crowdstrike/falcon-mcp':194 'github.com/crowdstrike/falcon-mcp/tree/main/docs':205 'img.shields.io':164 'img.shields.io/pypi/pyversions/falcon-mcp)](https://pypi.org/project/falcon-mcp/)':163 'incid':22,63 'instal':116,120,130,135 'intel':25,66 'investig':1,42 'leav':38,79 'match':125 'mcp':10,14,40,51,55,81,104,133,138,169 'mcp-compat':103 'modul':101 'need':18,59 'note':177 'openclaw':115 'path':123 'pip':89,134 'prerequisit':83 'pull':140 'pypi':160 'python':84,161 'quay.io':142,153 'quay.io/crowdstrike/falcon-mcp:latest':141,152 'raw.githubusercontent.com':202 'raw.githubusercontent.com/crowdstrike/falcon-mcp/head/readme.md':201 'read':28,69 'read-on':27,68 'recommend':191 'requir':97,155 'respons':30,71 'rm':147 'run':145 'scope':96 'secur':35,76 'sensor':178,186 'setup':122 'skill':210 'skill-investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp' 'sourc':193,208 'source-agentskillexchange' 'start':176 'telemetri':6,47 'threat':24,65 'tool':129 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'triag':33,74 'upstream':119,159,199 'usag':172,179,187 'use':11,52,117,189 'uv':87,128,190 'version':162 'without':37,78 'workflow':41,82","prices":[{"id":"24ff5d5a-a539-43da-b207-b5a4bb237d77","listingId":"83f5453f-b71e-499c-8718-d6a441ef6d73","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:17:14.111Z"}],"sources":[{"listingId":"83f5453f-b71e-499c-8718-d6a441ef6d73","source":"github","sourceId":"agentskillexchange/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp","isPrimary":false,"firstSeenAt":"2026-05-18T13:17:14.111Z","lastSeenAt":"2026-05-18T19:10:57.812Z"}],"details":{"listingId":"83f5453f-b71e-499c-8718-d6a441ef6d73","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"407fe63183a731049e447e2b2e1112bbfd89a602","skill_md_path":"skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Investigate CrowdStrike Falcon alerts and telemetry through falcon-mcp","description":"Use falcon-mcp when an agent needs CrowdStrike Falcon detections, incidents, behaviors, threat intel, or read-only response context to triage a security event without leaving an MCP workflow."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/investigate-crowdstrike-falcon-alerts-and-telemetry-through-falcon-mcp"},"updatedAt":"2026-05-18T19:10:57.812Z"}}