What authentication does CrowdStrike use?

CrowdStrike uses OAuth 2.0 Client Credentials. You create an API Client in the Falcon Console under Support > API Clients and Keys. The server automatically obtains and caches Bearer tokens using your Client ID and Secret.

Which cloud regions are supported?

All CrowdStrike commercial clouds: US-1 (api.crowdstrike.com), US-2 (api.us-2.crowdstrike.com), EU-1 (api.eu-1.crowdstrike.com), and US-GOV-1. Configure the Base URL credential to match your tenant region.

Can it triage detections automatically?

Yes. The list_detections tool returns severity, tactic, technique, and device context. An AI agent can use this to auto-triage low/medium detections and escalate critical ones, reducing SOC analyst workload by 60-80%.

CrowdStrike Falcon MCP Server for Google ADK 8 tools — connect in under 2 minutes

Name: CrowdStrike Falcon
Availability: InStock
Author: Vinkius

google.github.io/adk-docs/tools/mcp-tools

Built by Vinkius GDPR 8 Tools SDK

Google Agent Development Kit (ADK) is Google's framework for building production AI agents. Add CrowdStrike Falcon as an MCP tool provider through the Vinkius and your ADK agents can call every tool with full schema introspection.

Get MCP Server for AI Agents

ASK AI ABOUT THIS MCP SERVER

Open in ChatGPT Open in Claude Open in Perplexity

Vinkius supports streamable HTTP and SSE.

python

from google.adk.agents import Agent
from google.adk.tools.mcp_tool import McpToolset
from google.adk.tools.mcp_tool.mcp_session_manager import (
    StreamableHTTPConnectionParams,
)

# Your Vinkius token — get it at cloud.vinkius.com
mcp_tools = McpToolset(
    connection_params=StreamableHTTPConnectionParams(
        url="https://edge.vinkius.com/[YOUR_TOKEN_HERE]/mcp",
    )
)

agent = Agent(
    model="gemini-2.5-pro",
    name="crowdstrike_falcon_agent",
    instruction=(
        "You help users interact with CrowdStrike Falcon "
        "using 8 available tools."
    ),
    tools=[mcp_tools],
)

Fully ManagedVinkius Servers

60%Token savings

High SecurityEnterprise-grade

IAMAccess control

EU AI ActCompliant

DLPData protection

V8 IsolateSandboxed

Ed25519Audit chain

<40msKill switch

Stream every event to Splunk, Datadog, or your own webhook in real-time

* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure

About CrowdStrike Falcon MCP Server

Connect your CrowdStrike Falcon tenant to any AI agent and operate security at machine speed through natural conversation.

Google ADK natively supports CrowdStrike Falcon as an MCP tool provider — declare the Vinkius Edge URL and the framework handles discovery, validation, and execution automatically. Combine 8 tools with Gemini's long-context reasoning for complex multi-tool workflows, with production-ready session management and evaluation built in.

What you can do

Detections — Query, triage, and update detection alerts across your fleet
Hosts — Search and inspect endpoint details, OS info, and sensor versions
Incidents — List, investigate, and manage security incidents
IOCs — Create, list, and manage Indicators of Compromise
Real-Time Response — Query active sessions and retrieve device status
Vulnerabilities — Spotlight vulnerability data across managed endpoints

The CrowdStrike Falcon MCP Server exposes 8 tools through the Vinkius. Connect it to Google ADK in under two minutes — no API keys to rotate, no infrastructure to provision, no vendor lock-in. Your configuration, your data, your control.

How to Connect CrowdStrike Falcon to Google ADK via MCP

Follow these steps to integrate the CrowdStrike Falcon MCP Server with Google ADK.

Install Google ADK

Run pip install google-adk

Replace the token

Replace [YOUR_TOKEN_HERE] with your Vinkius token

Create the agent

Save the code above and integrate into your ADK workflow

Explore tools

The agent will discover 8 tools from CrowdStrike Falcon via MCP

Why Use Google ADK with the CrowdStrike Falcon MCP Server

Google ADK provides unique advantages when paired with CrowdStrike Falcon through the Model Context Protocol.

Google ADK natively supports MCP tool servers — declare a tool provider and the framework handles discovery, validation, and execution

Built on Gemini models, ADK provides long-context reasoning ideal for complex multi-tool workflows with CrowdStrike Falcon

Production-ready features like session management, evaluation, and deployment come built-in — not bolted on

Seamless integration with Google Cloud services means you can combine CrowdStrike Falcon tools with BigQuery, Vertex AI, and Cloud Functions

CrowdStrike Falcon + Google ADK Use Cases

Practical scenarios where Google ADK combined with the CrowdStrike Falcon MCP Server delivers measurable value.

Enterprise data agents: ADK agents query CrowdStrike Falcon and cross-reference results with internal databases for comprehensive analysis

Multi-modal workflows: combine CrowdStrike Falcon tool responses with Gemini's vision and language capabilities in a single agent

Automated compliance checks: schedule ADK agents to query CrowdStrike Falcon regularly and flag policy violations or configuration drift

Internal tool platforms: build self-service agent platforms where teams connect their own MCP servers including CrowdStrike Falcon

CrowdStrike Falcon MCP Tools for Google ADK (8)

These 8 tools become available when you connect CrowdStrike Falcon to Google ADK via MCP:

contain_device

Contain or lift containment on a device.. Actions: default

create_ioc

Types: sha256, md5, domain, ipv4, ipv6. Create a custom IOC indicator.. Actions: default

list_detections

Use FQL filter syntax for precision: severity, technique, hostname, etc. Returns detection details with MITRE ATT&CK mapping. Query detection alerts

list_incidents

Filter by state, severity, assigned_to, or date range using FQL syntax. Query security incidents

list_iocs

Includes type, value, action, and metadata. List custom IOCs

list_vulnerabilities

Filter by CVE, severity, host, or remediation status. Query Spotlight vulnerabilities

search_hosts

Returns full device inventory details. Search endpoints

update_detection

Optionally add a triage comment. Update detection status

Example Prompts for CrowdStrike Falcon in Google ADK

Ready-to-use prompts you can give your Google ADK agent to start working with CrowdStrike Falcon immediately.

"Show me all critical detections from the last 24 hours."

"How many endpoints are running outdated sensors?"

"List all IOCs related to ransomware campaigns added this month."

Troubleshooting CrowdStrike Falcon MCP Server with Google ADK

Common issues when connecting CrowdStrike Falcon to Google ADK through the Vinkius, and how to resolve them.

McpToolset not found

Update: pip install --upgrade google-adk

CrowdStrike Falcon + Google ADK FAQ

Common questions about integrating CrowdStrike Falcon MCP Server with Google ADK.

How does Google ADK connect to MCP servers?

Import the MCP toolset class and pass the server URL. ADK discovers and registers all tools automatically, making them available to your agent's tool-use loop.

Can ADK agents use multiple MCP servers?

Yes. Declare multiple MCP tool providers in your agent configuration. ADK merges all tool schemas and the agent can call tools from any server in a single turn.

Which Gemini models work best with MCP tools?

Gemini 2.0 Flash and Pro models both support function calling required for MCP tools. Flash is recommended for latency-sensitive use cases, Pro for complex reasoning.