MCP-CrowdStrikeFalcon
Verified Safeby josh-thurston
Overview
Provides a Model Context Protocol (MCP) and HTTP/REST interface to interact with the CrowdStrike Falcon API for security operations and threat management.
Installation
docker run -d --name crowdstrike-falcon-mcp --publish 8080:8080 --publish 80:80 -e TRANSPORT_MODE=dual -e FALCON_API_KEY=your_api_key_here <your-registry>/crowdstrike-falcon-mcp:latestEnvironment Variables
- FALCON_API_KEY
- CROWDSTRIKE_API_KEY
- FALCON_TENANT_ID
- CROWDSTRIKE_TENANT_ID
- FALCON_API_BASE_URL
- TRANSPORT_MODE
- HTTP_PORT
- STDIO_PORT
- FALCON_CLIENT_SECRET
Security Notes
The server follows good security practices for an API wrapper. No sensitive API keys or credentials are hardcoded; they are expected via environment variables or function parameters. The APIClient correctly handles OAuth2 token acquisition using `httpx` and applies `Bearer` tokens. It provides recommendations for secure HTTPS deployment via reverse proxies. Basic input validation is present for API keys, and further validation relies on the downstream CrowdStrike API or FastAPI's internal mechanisms. No 'eval' or other dynamic code execution vulnerabilities were found.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
falcon-mcp
An MCP server providing AI agents programmatic access to CrowdStrike Falcon platform capabilities for intelligent security analysis and automation, integrating threat detection, incident response, and vulnerability management into agentic workflows.
mitre-mcp
A production-ready Model Context Protocol (MCP) server that exposes the MITRE ATT&CK® framework to LLMs, AI assistants, and automation workflows.