Listing Thumbnail

    MCP Server for CrowdStrike Falcon

     Info
    Sold by: CrowdStrike 
    Deployed on AWS
    falcon-mcp enables seamless communication between AI agents and the CrowdStrike Falcon platform. Deployable directly onto Amazon Bedrock AgentCore, it provides programmatic access to Falcon data for agentic workflows and accelerating AI-native security automation.
    4.6

    Overview

    This server provides a secure, scalable bridge between AI agents and the CrowdStrike Falcon platform, bringing security telemetry and threat intelligence directly into your AWS environment. Purpose-built for deployment on Amazon Bedrock AgentCore, the falcon-mcp server enables agentic applications to programmatically access detections, incidents, behaviors, and threat intelligence from the Falcon platform. This empowers AI agents to reason over rich security context, automate response workflows, and drive proactive defense across your cloud and enterprise environments. By exposing modular Falcon capabilities through a standardized interface, the falcon-mcp server supports a wide range of use cases, from autonomous incident triage and threat enrichment to building fully agentic, context-aware security operations workflows. The falcon-mcp server gives you the data access layer to build the foundation for an AI-native SOC, backed by the power of the CrowdStrike Falcon platform. To learn more about this resource and explore its capabilities, visit the official project page at: https://github.com/crowdstrike/falcon-mcp 

    Highlights

    • The falcon-mcp server establishes a consistent and secure protocol for agents to communicate with the CrowdStrike Falcon platform, enabling - standardized integration across agentic systems.
    • It includes native support for deployment onto Amazon Bedrock AgentCore, making it easy to integrate into your AWS environment and power agentic workflows.
    • It is designed to support current and future Falcon platform capabilities, ensuring agentic workflows remain adaptive and comprehensive.

    Details

    Delivery method

    Type

    Supported services

    Delivery option
    Amazon Bedrock AgentCore

    Latest version

    Operating system
    Linux

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Trust Center

    Trust Center
    Access real-time vendor security and compliance information through their Trust Center powered by Drata or Vanta. Review certifications and security standards before purchase.

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    MCP Server for CrowdStrike Falcon

     Info
    This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Vendor refund policy

    All orders are non-cancellable and all fees and other amounts you pay under this Agreement are non-refundable.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Amazon Bedrock AgentCore

    Supported services: Learn more 
    • Amazon Bedrock AgentCore
    Container image

    Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.

    Version release notes

    0.13.0  (2026-06-25)

    Features

    • dynamic: add dynamic mode to reduce context window usage (#441 ) (807d3db )
    • modules/recon: add Falcon Intelligence Recon module (#446 ) (f8d4839 )

    Bug Fixes

    • deps: add version floor constraints for pyjwt, idna, requests (#455 ) (a9536ea )
    • modules/detections: replace verdict param with tags to be inline with ui experience (#450 ) (c1aee37 )
    • modules/ioc: return delete summary (#444 ) (df2995a )
    • tests/integration: correct platform field assertion in firewall tests (#449 ) (3d5a2bb ), closes #448 

    Additional details

    Usage instructions

    Prerequisites

    CrowdStrike API Credentials

    Create API credentials in your CrowdStrike console:

    1. Log into your CrowdStrike console
    2. Navigate to Support > API Clients and Keys
    3. Click Add new API client
    4. Configure your API client:
      • Client Name: Choose a descriptive name (e.g., "Falcon MCP Server")
      • Description: Optional description for your records
      • API Scopes: Select scopes based on which modules you plan to use (see scope requirements )
    5. Note down these values (you cannot retrieve them later):
      • FALCON_CLIENT_ID - Your API client ID
      • FALCON_CLIENT_SECRET - Your API client secret
      • FALCON_BASE_URL - Your API base URL (region-specific)

    AWS VPC Requirements

    The MCP Server requires internet connectivity to communicate with CrowdStrike's APIs.

    • Internet Gateway or NAT Gateway - Enables outbound internet connectivity
    • Outbound HTTPS Access - Allow communication to api.crowdstrike.com on port 443
    • Security Groups - Configure appropriate rules for your network requirements

    Getting Started

    To deploy the Falcon MCP Server to Amazon Bedrock AgentCore:

    1. Visit the Falcon MCP Server on AWS Marketplace 
    2. Follow the subscription and deployment instructions
    3. Configure your CrowdStrike API credentials and environment variables as described below

    Usage Instructions

    Environment Variables

    Set the environment variables in the deployment form below; recommended AgentCore values are pre-filled. FALCON_CLIENT_ID, FALCON_CLIENT_SECRET, and FALCON_BASE_URL are required, and FALCON_MCP_STATELESS_HTTP must remain true for AgentCore.

    Key Capabilities

    • Threat Investigation - Search detections by severity, time range, hostname, or MITRE ATT&CK technique.
    • Fleet Management - Find hosts by platform, sensor version, network segment, or containment status.
    • Vulnerability Hunting - Access Spotlight CVE data with ExPRT ratings and remediation priorities.
    • Threat Intelligence - Look up threat actors, indicators, and intelligence reports.
    • Cloud Security - Search CSPM assets, container images, and Kubernetes workloads.
    • Identity Protection - Investigate entities, analyze timelines, and map relationships.
    • Query Capabilities - Run searches against CrowdStrike Next-Gen SIEM using CQL.
    • IOC Management - Search, create, and remove custom indicators of compromise.
    • Firewall Auditing - Search and manage Falcon firewall rule groups.

    Additional modules support Real Time Response, Scheduled Reports, Shield, and more. For the full module list and required API scopes, see the Falcon MCP modules overview .

    Example tool invocation (search for recent detections):

    { "jsonrpc": "2.0", "id": "1", "method": "tools/call", "params": { "name": "falcon_search_detections", "arguments": { "filter": "status:'new'" } } }

    Additional Resources

    For full details, visit the Falcon MCP documentation .

    Support

    Vendor support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    4.6
    99 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    79%
    21%
    0%
    0%
    0%
    0 AWS reviews
    |
    99 external reviews
    External reviews are from G2 .
    Computer Software

    Excellent Cloud Visibility and Clear Alerts with CrowdStrike Falcon Cloud Security

    Reviewed on Jun 29, 2026
    Review provided by G2
    What do you like best about the product?
    CrowdStrike Falcon Cloud Security gives us good visibility into our cloud environment and helps identify security risks quickly. The dashboard is easy to navigate, alerts are clear, and it integrates well with our existing security tools. I also like that it provides continuous monitoring and helps prioritize critical issues.
    What do you dislike about the product?
    The platform has many advanced features, so there is a learning curve for new users. Some policy configurations and reports could be more intuitive, and initial setup may take time depending on the environment.
    What problems is the product solving and how is that benefiting you?
    It helps us monitor our cloud resources, detect misconfigurations, and identify potential security threats before they become major issues. This improves our overall security posture, reduces manual effort, and gives the team more confidence in managing cloud environments.
    Ankit C.

    Comprehensive Cloud Security with Excellent Visibility and Threat Detection

    Reviewed on Jun 28, 2026
    Review provided by G2
    What do you like best about the product?
    What I like best about CrowdStrike Falcon Cloud Security is its unified visibility across multi-cloud environments and its ability to detect misconfigurations, vulnerabilities, and active threats in real time. The platform provides clear, actionable insights, automates security monitoring, and integrates seamlessly with the broader CrowdStrike Falcon ecosystem, making it easier to manage cloud security from a single console while reducing manual effort.
    What do you dislike about the product?
    One downside is that the initial setup and policy configuration can be complex, especially for teams new to cloud security. Some advanced features have a learning curve, and the platform may generate a high volume of alerts until policies are fine-tuned. Additionally, the licensing cost can be relatively high for smaller organizations.
    What problems is the product solving and how is that benefiting you?
    CrowdStrike Falcon Cloud Security helps identify cloud misconfigurations, vulnerabilities, compliance issues, and potential threats before they can be exploited. It provides continuous visibility across cloud environments, automates security monitoring, and prioritizes risks based on severity. This has reduced manual security checks, improved incident response time, strengthened our overall cloud security posture, and helped ensure compliance with organizational and regulatory requirements.
    Siddhesh R.

    Unified Cloud Security Platform with Comprehensive Multi-Cloud Visibility

    Reviewed on Jun 26, 2026
    Review provided by G2
    What do you like best about the product?
    It is a unified platform that combines cloud posture management, workload protection, and runtime threat detection. It provides comprehensive visibility across multiple cloud environments.
    What do you dislike about the product?
    It’s a little expensive for smaller organizations, and it may come with a steeper learning curve for new users.
    What problems is the product solving and how is that benefiting you?
    It identifies misconfigurations, vulnerabilities, and active threats across multi-cloud environments from a single platform.
    Health, Wellness and Fitness

    Adversary-Contextualized Risk Reduction That Stands Out

    Reviewed on Jun 25, 2026
    Review provided by G2
    What do you like best about the product?
    What stands out most about CrowdStrike Falcon Cloud Security (their CNAPP platform) is how it shifts the paradigm from just listing vulnerabilities to delivering adversary-contextualized risk reduction.
    What do you dislike about the product?
    1. The "Endpoint Heritage" Tax on UI/UX
    CrowdStrike grew up as an Endpoint Detection and Response (EDR) company, and it shows. When they expanded into Cloud Native Application Protection (CNAPP) by acquiring companies like RepoCloud and Bionic, they stitched those elements into the existing Falcon Horizon/Insight console.

    The Issue: The interface can feel disjointed and highly complex. Navigating between standard host security logs, Kubernetes infrastructure, and cloud posture management (CSPM) often requires clicking through vastly different administrative portals. It lacks the cohesive, intuitive "single-pane-of-glass" graph view found in cloud-native competitors like Wiz or Orca.
    What problems is the product solving and how is that benefiting you?
    For security operations (SecOps) and cloud engineering teams, this platform is designed to address three major operational challenges, which in turn translates into clear, practical benefits for both day-to-day business needs and engineering work.
    anil y.

    Excellent Visibility

    Reviewed on Jun 24, 2026
    Review provided by G2
    What do you like best about the product?
    CrowdStrike Falcon Cloud Security stands out for its excellent visibility, real-time threat detection, and easy management of cloud workloads from a single console. The platform is intuitive and helps simplify security operations while improving overall cloud security posture.
    What do you dislike about the product?
    No major issues with the product, but it can be expensive, and the initial setup is a bit complex. It took some time for our team to get familiar with all the features and configurations.
    What problems is the product solving and how is that benefiting you?
    CrowdStrike Falcon Cloud Security helps us get better visibility across our cloud environment and identify security risks before they become major issues. It has improved our ability to monitor cloud workloads, detect misconfigurations, and maintain compliance from a single console. This has reduced manual effort for our security team and helped us respond to potential threats much faster.
    View all reviews