CLI Commands
Basic Usage
Section titled “Basic Usage”Run the server with default settings (stdio transport):
falcon-mcpRun with SSE transport:
falcon-mcp --transport sseRun with streamable-http transport:
falcon-mcp --transport streamable-httpRun with streamable-http on a custom port:
falcon-mcp --transport streamable-http --host 0.0.0.0 --port 8080Run with stateless HTTP mode (for scalable deployments like AWS AgentCore):
falcon-mcp --transport streamable-http --stateless-httpRun with API key authentication:
falcon-mcp --transport streamable-http --api-key your-secret-keyModule Selection
Section titled “Module Selection”Enable specific modules by name (comma-separated):
falcon-mcp --modules detections,incidents,intel,spotlight,idpEnable only one module:
falcon-mcp --modules detectionsIf no --modules flag is provided, all available modules are enabled.
All Options
Section titled “All Options”falcon-mcp --help| Flag | Env Variable | Default | Description |
|---|---|---|---|
--transport | FALCON_MCP_TRANSPORT | stdio | Transport method: stdio, sse, streamable-http |
--host | FALCON_MCP_HOST | 127.0.0.1 | Host for HTTP transports |
--port | FALCON_MCP_PORT | 8000 | Port for HTTP transports |
--modules | FALCON_MCP_MODULES | all | Comma-separated list of modules to enable |
--debug | FALCON_MCP_DEBUG | false | Enable debug logging |
--api-key | FALCON_MCP_API_KEY | — | API key for HTTP transport auth |
--stateless-http | FALCON_MCP_STATELESS_HTTP | false | Stateless mode for scalable deployments |
--member-cid | FALCON_MEMBER_CID | — | Flight Control child CID |
Using as a Library
Section titled “Using as a Library”You can also embed the server directly in Python:
from falcon_mcp.server import FalconMCPServer
server = FalconMCPServer( base_url="https://api.us-2.crowdstrike.com", # Optional debug=True, enabled_modules=["detections", "incidents", "spotlight"], api_key="your-api-key")
# Run with stdio transport (default)server.run()
# Or with a specific transportserver.run("streamable-http")For enterprise deployments using secret management systems (HashiCorp Vault, AWS Secrets Manager, etc.), you can pass credentials directly:
server = FalconMCPServer( client_id="your-client-id", client_secret="your-client-secret", base_url="https://api.us-2.crowdstrike.com", enabled_modules=["detections", "incidents"])server.run()When both direct parameters and environment variables are available, direct parameters take precedence.