MCP server bridging AI assistants with CrowdStrike Falcon for SOC operations, enabling natural-language triage, investigation, and response across detections, endpoints, threat intelligence, and more.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
process.env. You'll be asked to provide them before it can run.FALCON_CLIENT_ID— Required CrowdStrike API Client ID abc123def456FALCON_CLIENT_SECRET— Required CrowdStrike API Client Secret your-client-secretFALCON_MEMBER_CID— Optional Default child CID for MSSP Flight Control; targets all queries at that tenant ABC123DEF456GHI789FALCON_MCP_AUDIT_LOGFALCON_MCP_READONLY— Optional Set to true to suppress all mutating tools at startup trueFALCON_MCP_ALLOW_DESTRUCTIVE— Optional Set to true to enable all destructive tools, or a comma-separated list of specific tool names to allow selectively falcon_perform_host_action,falcon_execute_rtr_active_responder_commandFALCON_MCP_NGSIEM_POLL_INTERVALFALCON_MCP_NGSIEM_TIMEOUT[](https://m8ven.ai/mcp/rijul170-falcon-mcp-1i4b82)