Use natural language to triage, investigate, and respond in CrowdStrike Falcon.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "falcon-mcp" yet — see the docs or source repo.
Connect to Falcon and list all high-severity detections from the last 24 hours, grouped by host, user, detection name, and current status. Then analyze the most suspicious one and provide a timeline, related processes, affected endpoints, and recommended next response steps.
A summary of high-severity detections plus an investigation finding, evidence trail, and response recommendations for the top case.
Review security activity for host HOST-123 over the last 7 days, including detections, suspicious processes, network connections, and login behavior. Determine whether there are signs of lateral movement or malicious execution, and provide a concise conclusion.
An endpoint investigation summary highlighting abnormal behavior, risk assessment, and recommended response actions.
Look up Falcon threat intelligence for the domain evil-example.com, including its risk level, known malicious behaviors, and potential impact. If related indicators appear in our environment, provide hunting guidance and response steps.
A threat intelligence summary with environment hunting guidance and step-by-step response recommendations.
Connects AI agents to CrowdStrike Falcon for security analysis and automation.
Investigate threats and respond to incidents across security data with natural language.
Connect OSSEC security monitoring to AI for alerts, host status, and event analysis.
Triage RocketCyber alerts, track MTTR, and analyze security posture.
Query threat intelligence and trace incidents for faster security triage automation.
Analyze security incidents, map ATT&CK techniques, score severity, and recommend remediation.