Google Antigravity Directory

The #1 directory for Google Antigravity prompts, rules, workflows & MCP servers. Optimized for Gemini 3 agentic development.

Resources

PromptsMCP ServersAntigravity RulesGEMINI.md GuideBest Practices

Company

Submit PromptAntigravityAI.directory

Popular Prompts

Next.js 14 App RouterReact TypeScriptTypeScript AdvancedFastAPI GuideDocker Best Practices

Legal

Privacy PolicyTerms of ServiceContact Us
Featured on FazierVerified on Verified ToolsFeatured on WayfindioAntigravity AI - Featured on Startup FameFeatured on Wired BusinessFeatured on Twelve ToolsListed on Turbo0Featured on findly.toolsFeatured on Aura++That App ShowFeatured on FazierVerified on Verified ToolsFeatured on WayfindioAntigravity AI - Featured on Startup FameFeatured on Wired BusinessFeatured on Twelve ToolsListed on Turbo0Featured on findly.toolsFeatured on Aura++That App Show

© 2026 Antigravity AI Directory. All rights reserved.

The #1 directory for Google Antigravity IDE

This website is not affiliated with, endorsed by, or associated with Google LLC. "Google" and "Gemini" are trademarks of Google LLC.

Antigravity AI Directory
PromptsMCPBest PracticesUse CasesLearn
Home
MCP Servers
CrowdStrike Falcon
shield

CrowdStrike Falcon MCP Server

Official CrowdStrike Falcon MCP server

crowdstrikesecurityedrthreat-intelsiem

About

## CrowdStrike Falcon MCP Server: Endpoint Detection and Response The **CrowdStrike Falcon MCP Server** integrates industry-leading endpoint protection into Google Antigravity, enabling security teams to detect threats, investigate incidents, and respond to attacks across endpoints through intelligent automation. ### Why CrowdStrike Falcon MCP? - **Real-time detection** - Identify and alert on malicious activity across endpoints - **Threat intelligence** - Access CrowdStrike extensive threat intelligence database - **Incident investigation** - Deep dive into alerts with process trees and IOCs - **Automated response** - Contain threats and remediate compromised endpoints - **Host management** - Monitor and manage endpoint agents fleet-wide ### Key Features #### 1. Threat Detection ```python # Get recent high-severity detections detections = await mcp.call("crowdstrike", "get_detections", { "filter": "severity:>3+status:new", "sort": "last_behavior|desc", "limit": 50 }) for detection in detections: print(f"Severity: {detection[\"severity\"]}, Technique: {detection[\"technique\"]}") print(f"Host: {detection[\"hostname\"]}") print(f"Behavior: {detection[\"description\"]}") ``` #### 2. Incident Investigation ```python # Get detailed incident information incident = await mcp.call("crowdstrike", "get_incident", { "incident_id": "inc:xxx", "include_behaviors": True, "include_devices": True }) # Get process tree for investigation process_tree = await mcp.call("crowdstrike", "get_process_tree", { "device_id": incident["devices"][0]["id"], "process_id": incident["behaviors"][0]["parent_process_id"] }) for proc in process_tree: indent = " " * proc["depth"] print(f"{indent}{proc[\"filename\"]} PID:{proc[\"pid\"]}") ``` #### 3. Threat Response ```python # Contain compromised host await mcp.call("crowdstrike", "contain_host", { "device_id": "device_xxx", "reason": "Active ransomware detected" }) # Kill malicious process await mcp.call("crowdstrike", "kill_process", { "device_id": "device_xxx", "process_id": "12345", "reason": "Malicious PowerShell execution" }) # Run remediation script await mcp.call("crowdstrike", "run_script", { "device_id": "device_xxx", "script_name": "Remove-MaliciousFiles" }) ``` #### 4. Threat Intelligence ```python # Search threat intelligence intel = await mcp.call("crowdstrike", "search_intel", { "query": "ransomware+lockbit", "types": ["report", "indicator", "actor"] }) for item in intel: print(f"Type: {item[\"type\"]}, Name: {item[\"name\"]}") # Get IOCs for an actor iocs = await mcp.call("crowdstrike", "get_actor_iocs", { "actor": "SCATTERED SPIDER", "ioc_types": ["domain", "hash_sha256"] }) ``` ### Configuration ```json { "mcpServers": { "crowdstrike": { "command": "npx", "args": ["-y", "@anthropic/mcp-crowdstrike"], "env": { "CS_CLIENT_ID": "your-client-id", "CS_CLIENT_SECRET": "your-client-secret", "CS_BASE_URL": "https://api.crowdstrike.com" } } } } ``` ### Use Cases **Threat Hunting**: Proactively search for indicators of compromise across your endpoint fleet. **Incident Response**: Investigate alerts, trace attack paths, and contain compromised systems. **Automated Remediation**: Create playbooks to automatically respond to common attack patterns. **Security Monitoring**: Build dashboards showing real-time threat landscape across the organization. The CrowdStrike Falcon MCP Server brings enterprise endpoint protection into your security workflow.

Installation

Configuration
{
  "mcpServers": {
    "crowdstrike": {
      "mcpServers": {
        "crowdstrike": {
          "env": {
            "FALCON_CLIENT_ID": "YOUR_FALCON_CLIENT_ID",
            "FALCON_CLIENT_SECRET": "YOUR_FALCON_CLIENT_SECRET"
          },
          "args": [
            "falcon-mcp"
          ],
          "command": "uvx"
        }
      }
    }
  }
}

How to Use

  1. 11. Set Falcon API credentials
  2. 22. Access detections and threat intelligence
  3. 33. Currently in public preview

Related MCP Servers

🧰

Toolhouse MCP

Universal AI tool platform that equips your AI with production-ready capabilities. Execute code, browse the web, manage files, send emails, and more through a unified MCP interface.

🔨

Smithery Registry MCP

The MCP server registry and discovery platform. Browse, search, and install MCP servers from the community. Find the perfect integrations for your AI development workflow.

🔍

MCP Inspector

Official debugging and testing tool for MCP servers. Inspect server capabilities, test tool calls, validate responses, and debug protocol communication in real-time.

← Back to All MCP Servers