CrowdStrike Falcon

Connect with the CrowdStrike Falcon platform for intelligent security analysis, providing programmatic access to detections, incidents, behaviors, threat intelligence, hosts, vulnerabilities, and identity protection capabilities.

CrowdStrike Falcon MCP server that provides AI assistants with direct access to CrowdStrike's cybersecurity platform through comprehensive modules covering detections, incidents, threat intelligence, host management, vulnerability scanning, cloud security, identity protection, and sensor usage analytics. Built by CrowdStrike's cloud integrations team, the implementation uses the FalconPy SDK with proper API scope management and error handling, supporting multiple transport methods (stdio, SSE, streamable-http) and featuring modular architecture with FQL query guides, retry logic for E2E testing, and Docker deployment options. Designed for security operations teams, threat hunters, and incident responders who need conversational access to their CrowdStrike environment for tasks like investigating security alerts, analyzing threat intelligence, managing endpoints, and generating security reports without switching between multiple interfaces.