Falcon MCP
The Falcon MCP connects AI assistants to the CrowdStrike Falcon platform through the Model Context Protocol.
This gives tools like Claude Desktop, VS Code, Gemini CLI, and custom agents direct access to your Falcon environment — enabling AI-powered threat investigation, detection triage, and security operations.
What can your AI do with Falcon?
Section titled “What can your AI do with Falcon?” Investigate Threats Search detections by severity, time range, hostname, or MITRE ATT&CK technique.
Query Your Fleet Find hosts by platform, sensor version, network segment, or containment status.
Hunt Vulnerabilities Pull Spotlight CVE data with ExPRT ratings and remediation priorities.
Research Adversaries Look up threat actors, indicators, and intelligence reports.
Monitor Cloud Posture Search CSPM assets, container images, and Kubernetes workloads.
Assess Identity Risk Investigate entities, analyze timelines, and map relationships.
Execute CQL Queries Run searches against CrowdStrike Next-Gen SIEM.
Manage IOCs Search, create, and remove custom indicators of compromise.
Audit Firewall Rules Search and manage Falcon firewall rule groups.
Plus Real Time Response, Scheduled Reports, Shield, and more — see all modules.
Ready to get started? Follow the quickstart guide to connect your first AI assistant in under 5 minutes.