MCP Tool Reference

CROWDSTRIKE FALCON TOOLS

33 tools from the CrowdStrike Falcon MCP Server, categorised by risk level.

View the CrowdStrike Falcon policy →

READ TOOLS

29
falcon_check_connectivity Check connectivity to the Falcon API falcon_list_enabled_modules List enabled modules in the falcon-mcp server falcon_list_modules List all available modules in the falcon-mcp server falcon_search_kubernetes_containers Search for containers from Kubernetes inventory falcon_count_kubernetes_containers Count containers by filter criteria falcon_search_images_vulnerabilities Search for container image vulnerabilities falcon_search_detections Find and analyse detections for malicious activity falcon_get_detection_details Get comprehensive detection details by ID falcon_search_applications Search for applications in your environment falcon_search_unmanaged_assets Search for unmanaged assets without Falcon sensor falcon_search_hosts Search for hosts in your CrowdStrike environment falcon_get_host_details Retrieve detailed information for host device IDs falcon_show_crowd_score View CrowdScores and security posture metrics falcon_search_incidents Find and analyse security incidents falcon_get_incident_details Get comprehensive incident details falcon_search_behaviors Find and analyse suspicious behaviours falcon_get_behavior_details Get detailed behaviour information search_ngsiem Execute a CQL query against Next-Gen SIEM falcon_search_actors Research threat actors tracked by CrowdStrike falcon_search_indicators Search for threat indicators and IOCs falcon_search_reports Access intelligence publications and threat reports falcon_get_mitre_report Generate MITRE ATT&CK reports for threat actors falcon_search_iocs Search custom IOCs using FQL falcon_search_sensor_usage Search for weekly sensor usage data falcon_search_scheduled_reports Search for scheduled reports falcon_search_report_executions Search for report executions falcon_download_report_execution Download generated report files falcon_search_serverless_vulnerabilities Search for serverless function vulnerabilities falcon_search_vulnerabilities Search for vulnerabilities in your environment

WRITE TOOLS

1
falcon_add_ioc Create one or multiple IOCs

DESTRUCTIVE TOOLS

1
falcon_remove_iocs Remove IOCs by IDs or FQL filter

EXECUTE TOOLS

1
falcon_launch_scheduled_report Launch a scheduled report on demand

OTHER TOOLS

1
idp_investigate_entity Investigate entities for identity protection analysis

ENFORCE POLICIES ON CROWDSTRIKE FALCON

Open source. One binary. Zero dependencies.

VIEW ON GITHUB View CrowdStrike Falcon policy →