falco-mcp
by maratsal
Overview
Exposes the Falcosidekick UI's event search API as a lightweight Model Context Protocol (MCP) server, enabling MCP clients to query Falco security events programmatically.
Installation
docker run -p 8080:8080 -e FALCO_BASE_URL=http://falcosidekick-ui.default.svc.cluster.local:2802 -e FALCO_USERNAME=admin -e FALCO_PASSWORD=admin falco-mcpEnvironment Variables
- FALCO_BASE_URL
- FALCO_USERNAME
- FALCO_PASSWORD
- PORT
- MCP_HTTP_PATH
Security Notes
The server uses HTTP Basic Auth with default 'admin:admin' credentials, which should be changed immediately in any production environment. Critically, the `verify_tls` setting for upstream Falcosidekick UI connections defaults to `False`, disabling TLS certificate verification. This makes the connection vulnerable to Man-in-the-Middle attacks and should be explicitly set to `True` for secure deployments.
Similar Servers
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
mcp-marketplace
A comprehensive AI agent framework that facilitates tool orchestration and access to a marketplace of MCP (Model Context Protocol) servers, offering a web-based client for chat, administration, and benchmarking.
inspector-assessment
Provides a comprehensive automated assessment platform for Model Context Protocol (MCP) servers, analyzing their security, functionality, protocol compliance, documentation, and various extended metrics. It acts as an inspector and auditing tool for MCP server developers and maintainers.