Host Groups
Searching, creating, updating, and deleting CrowdStrike Falcon host groups, as well as managing group membership
API Scopes
Section titled “API Scopes”- Host Groups: READ
- Host Groups: WRITE
falcon_create_host_group
Section titled “falcon_create_host_group”Required scopes: Host Groups: WRITE
Create a host group.
Provide a name and group_type. ‘dynamic’ groups take an assignment_rule (host FQL) that automatically includes matching hosts. ‘static’ and ‘staticByID’ groups are created empty (no assignment_rule) and populated afterwards via falcon_perform_host_group_action. Returns the created host group record on success.
Example prompts:
- “Create a static host group called ‘Critical Servers’”
- “Create a dynamic host group for all Windows hosts”
falcon_delete_host_groups
Section titled “falcon_delete_host_groups”Required scopes: Host Groups: WRITE
Delete one or more host groups.
Provide the host group ids to delete. This permanently removes the groups.
Returns an empty list on success.
Example prompts:
- “Delete host group abc123”
falcon_perform_host_group_action
Section titled “falcon_perform_host_group_action”Required scopes: Host Groups: WRITE
Add or remove hosts from one or more host groups.
Set action_name to ‘add-hosts’ or ‘remove-hosts’, provide the target group
ids, and a host FQL filter selecting which hosts to act on. Applies only to
static groups. Returns the updated host group records on success.
Example prompts:
- “Add the hosts matching platform_name Windows to group abc123”
- “Remove host device xyz from host group abc123”
falcon_search_host_group_members
Section titled “falcon_search_host_group_members”Required scopes: Host Groups: READ
Search for the host members of a specific host group.
Use this to list the devices that belong to a host group. Requires the group
id and filters on HOST attributes (platform, hostname, etc.) — consult
falcon://hosts/search/fql-guide for the filter syntax. Returns full host device
entities including device_id, hostname, platform, and network context.
Example prompts:
- “List the Windows hosts in host group abc123”
- “Show me the members of the Production Servers group”
falcon_search_host_groups
Section titled “falcon_search_host_groups”Required scopes: Host Groups: READ
Search for host groups in your CrowdStrike environment.
Use this to find host groups by name, type, creator, or timestamps. Consult falcon://host-groups/search/fql-guide before constructing filter expressions. Returns full host group details including id, name, group_type, description, and audit metadata in a single call.
Example prompts:
- “Show me all static host groups”
- “Find host groups created in the last 30 days”
falcon_update_host_group
Section titled “falcon_update_host_group”Required scopes: Host Groups: WRITE
Update an existing host group.
Provide the group id and any fields to change. name and description are safe
for any group type; only set assignment_rule on ‘dynamic’ groups. Unspecified
fields are left unchanged. Returns the updated host group record on success.
Example prompts:
- “Rename host group abc123 to ‘Decommissioned’”
- “Update the assignment rule for the dynamic Windows group”
Resources
Section titled “Resources”falcon://host-groups/search/fql-guide: Contains the guide for thefilterparam of thefalcon_search_host_groupstool.