Changelog

0.9.0 (2026-04-10)

Features

add Flight Control (MSSP) support with member_cid parameter (#317) (d15b1c8), closes #283
add version reporting via startup log, CLI flag, and MCP metadata (#334) (27acc45)
modules/cloud: add CSPM asset inventory search (#319) (cbf2614)
modules/rtr: add real time response support (#327) (d975534)

Bug Fixes

modules/cloud: correct CSPM asset FQL tag filter syntax (#320) (95fd9bd)

0.8.0 (2026-03-09)

Features

modules: add Custom IOA behavioral rules module (#307) (1c10c1d)
modules: add firewall management module and tests (#306) (eedd89c)
modules: add MCP tool annotations for all tools (#303) (339e7c4), closes #229

Bug Fixes

handle trailing-slash redirects and json-rpc content-type in HTTP transports (#308) (b4260b7)

Refactoring

examples/adk: simplify agent.py and clean up documentation (#304) (4baef37)

0.7.0 (2026-02-26)

Features

ioc: add IOC Service Collection search/create/delete module (#292) (ef1b502)
server: pass host/port to FastMCP to prevent HTTP 421 in proxied deployments (#293) (7aff692), closes #291

0.6.0 (2026-02-09)

Features

modules/ngsiem: add NGSIEM module for Next-Gen SIEM search (#281) (00b8385)

0.5.0 (2026-02-02)

Features

add x-api-key authentication for HTTP transports (#269) (82a594f)
modules/detections: improve FQL filter UX and tool descriptions (#259) (80f0639)
modules/scheduled-reports: add scheduled reports and executions module (#252) (8b54b7f)
tests: add integration tests with real API calls (#263) (01b8c97)

Bug Fixes

modules/scheduled-reports: return full details from search tools (#254) (c6c39ba)
sync gemini-extension.json version and remove harden-runner (#274) (e152edb)

0.4.1 (2026-01-08)

Bug Fixes

docs: updated docs but more for testing release pipeline (c7106f9)

0.4.0 (2026-01-08)

Features

client: allow credential setting through init parameters (#245) (120e56f)
modules/intel: provide the ability to get the mitre report in json or csv format (#227) (04e4411)
server: add stateless HTTP mode for scalable deployments (#242) (8c39de1)

Bug Fixes

tests/intel: correct test expectations for get_mitre_report (#241) (c1e8b6b)

Refactoring

reduce repeated API code patterns in modules (2d5debd)
utils: simplify generate_md_table function (#214) (792e128)

0.3.0 (2025-09-08)

Features

module/discover: Add unmanaged assets search tool to Discover module (#132) (1c7a798)
modules/discover: add new discover module (#131) (2862361)
modules/idp: Add geolocation info to entities and timeline in i… (#124) (31bb268)
modules/idp: Add geolocation info to entities and timeline in idp module (#121) (31bb268)
modules/serverless: add serverless module (#127) (0d7b7b3)

Bug Fixes

fix incorrect module registration assumptions (#153) (bd3aa95)
modules/identity: add missing scope for Identity Protection module (#148) (791a262)

0.2.0 (2025-08-07)

Features

add origins to intel fql guide (#89) (c9a147e)
disable telemetry (#102) (feb4507)
modules/sensorusage: add new sensor usage module (#101) (ad97eb8)
resources/spotlight: FQL filter as tuples (#91) (d9664a6)
server: add distinct tools for active vs available modules (#103) (f5f941a)

Bug Fixes

resources/detections: added severity_name over severity level and cleaned up example filters (#93) (5f4b775)

Refactoring

remove all return statements from tool docstrings (#117) (80250bb)
remove mention to Host from FQL guide (cf82392)
resources/cloud: remove mention to Host from FQL guide (#76) (81ec4de)
resources/cloud: use new tuple methodology to create filters (#95) (fd5cce7)
resources/detections: update guide to be more accurate (#83) (4ff2144)
resources/detections: use new tuple method for fql detections table (#97) (f328b79)
resources/hosts: tested and updated fql filters and operator support for hosts module (#63) (e0b971c)
resources/hosts: use new tuple methodology to create filters (#96) (da38d69)
resources/incidents: use new tuple methodology to create filters (#98) (a9ba2f7)
resources/intel: use new tuple methodology to create filters (#99) (cf0c19e)
standardize parameter consistency across all modules (#106) (3c9c299)

0.1.0 (2025-07-16)

Features

add Docker support (#19) (f60adc1)
add E2E testing (#16) (c8a1d18)
add filter guide for all tools which have filter param (#46) (61ffde9)
add hosts module (#42) (9375f4b)
add intel module (#22) (6da3359)
add resources infrastructure (#39) (2629eae)
add spotlight module (#58) (713b551)
add streamable-http transport with Docker support and testing (#24) (5e44e97)
add user agent (#68) (824a69f)
average CrowdScore (#20) (6580663)
cloud module (#56) (7f563c2)
convert fql guides to resources (#62) (63bff7d)
create _is_error method (ee7bd01)
flexible tool input parsing (#41) (06287fe)
idp support domain lookup and input sanitization (#73) (9d6858c)
implement lazy module discovery (#37) (a38c949)
implement lazy module discovery approach (a38c949)
initial implementation for the falcon-mcp server (#4) (773ecb5)
refactor to use falcon_mcp name and absolute imports (#52) (8fe3f2d)

Bug Fixes

conversational incidents (#21) (ee7bd01)
count number of tools correctly (#72) (6c2284e)
discover modules in examples (#31) (e443fc8)
ensures proper lists are passed to module arg + ENV VAR support for args (#54) (9820310)
freshen up e2e tests (#40) (7ba3d86)
improve error handling and fix lint issue (#69) (31672ad)
lock version for mcp-use to 1.3.1 (#47) (475fe0a)
make api scope names the UI name to prevent confusion (#67) (0089fec)
return types for incidents (ee7bd01)

Documentation

major refinements to README (#55) (c98dde4)
minor readme updates (7ad3285)
provide better clarity around using .env (#71) (2e5ec0c)
update descriptions for better clarity (#49) (1fceee1)
update readme (#64) (7b21c1b)