Falcon FAQs

Name: Falcon
Author: CrowdStrike

Question 1

What is Falcon (falcon-mcp)?

Accepted Answer

Falcon (falcon-mcp) is a Model Context Protocol (MCP) server designed to connect AI agents with the CrowdStrike Falcon platform. It enables intelligent security analysis and automation by providing programmatic access to essential security capabilities within agentic workflows.

Question 2

Is Falcon ready for production environments?

Accepted Answer

As of now, Falcon is in public preview and under active development. While exploration and testing are encouraged, it is not yet recommended for production deployments. Feedback is welcomed to help shape its stable 1.0 release.

Question 3

What security capabilities does Falcon provide access to?

Accepted Answer

Falcon offers programmatic access to a wide range of CrowdStrike Falcon capabilities, including detections, incidents, hosts, threat intelligence, vulnerabilities, cloud security, and identity protection.

Question 4

How does Falcon enhance security analysis and operations?

Accepted Answer

Falcon empowers AI agents to perform advanced security analysis, automate threat hunting, manage incidents, and conduct vulnerability assessments. It provides comprehensive tools and FQL (Falcon Query Language) query guides for detailed security insights.

Question 5

What are the deployment options for Falcon?

Accepted Answer

Falcon offers flexible deployment options, including installation via PyPI, direct source installation, and Docker containerization. It is configurable with CrowdStrike API credentials and specific API scopes per module.

Falcon

About

Key Features

Use Cases