falcon-mcp

概述

falcon-mcp是CrowdStrike开发的强大MCP服务器，通过模型上下文协议(MCP)提供对其安全平台的编程访问。它包含16多个模块的广泛功能，包括威胁情报、主机管理、检测等。该项目有最近的提交记录，并包含全面的文档。

试试问 AI

装完之后，这里有 3 个你可以让 AI 做的事：

• list_detections

  Find and analyze detections to understand malicious activity

  试试:Show me recent detections in my environment试试:Find all detections related to a specific threat actor
• get_host_details

  Retrieve detailed information about a specific host

  试试:Get details for host with ID '12345'试试:Show me all information about server 'web-prod-01'
• search_threat_intel

  Research threat actors, IOCs, and intelligence reports

  试试:Search for information on threat actor APT28试试:Find IOCs related to malware family Emotet
• create_ioc

  Create a new indicator of compromise

  试试:Add a malicious IP address to my IOC list试试:Create an IOC for suspicious domain example.com
• query_ngsiem

  Execute CQL queries against Next-Gen SIEM

  试试:Run CQL query to find failed logins试试:Show me all authentication events from last week
• manage_firewall_rules

  Search and manage firewall rules and rule groups

  试试:List all firewall rules blocking traffic试试:Create a new rule to allow SSH access
• investigate_identity

  Perform entity investigation for identity protection

  试试:Investigate user account 'admin@example.com'试试:Check suspicious activity on user ID '789'
• discover_assets

  Search application inventory and discover unmanaged assets

  试试:Find all unmanaged servers in my network试试:List all applications running on Linux hosts
• execute_rtr_command

  Initialize RTR sessions and execute read-only triage commands

  试试:Run 'ls -la' on a specific host试试:Collect system information from endpoint 12345
• create_custom_ioa

  Create and manage Custom IOA behavioral detection rules

  试试:Create a rule to detect suspicious PowerShell execution试试:Define a new IOA for unusual network connections
• get_vulnerability_data

  Access and analyze vulnerability data from security assessments

  试试:Show me critical vulnerabilities on my network试试:List all vulnerabilities in Apache web servers
• get_sensor_usage

  Access and analyze sensor usage data across your environment

  试试:Show me sensor health status for all hosts试试:Find hosts with low sensor coverage

说明：Tool names were inferred from the module descriptions and the README's mention of 'available tools, and FQL resources' in each module. The actual tool names and signatures are documented in the full documentation available at the provided l

可对比工具

安装

# 使用uv
uv tool install falcon-mcp

# 使用pip
pip install falcon-mcp

export FALCON_CLIENT_ID="your-client-id"
export FALCON_CLIENT_SECRET="your-client-secret"
export FALCON_BASE_URL="https://api.crowdstrike.com"

falcon-mcp

{
  "mcpServers": {
    "falcon-mcp": {
      "command": "uvx",
      "args": [
        "--env-file",
        "/path/to/.env",
        "falcon-mcp"
      ]
    }
  }
}

falcon-mcp 对比