Overview: GET /policy/queries/sensor-update/v1 through CrowdStrike Falcon.
Benefits:
Common Use Cases:
1. Automated Threat Detection & Response
AI agents monitor CrowdStrike Falcon detections in real time, correlate alerts across endpoints, and trigger automated containment and remediation actions.
2. Endpoint Health & Compliance Monitoring
AI agents pull endpoint status data from CrowdStrike Falcon to track device health, patch compliance, and sensor coverage across the organization.
3. Incident Investigation & Forensics
AI agents query CrowdStrike Falcon's detection and event data to accelerate investigation workflows, building timelines and correlating indicators of compromise.
4. Vulnerability Prioritization
AI agents analyze vulnerability data from CrowdStrike Falcon Spotlight, prioritize by exploitability and asset criticality, and route remediation tasks to the right teams.
5. Security Posture Dashboards
AI agents aggregate detection, prevention, and compliance data from CrowdStrike Falcon to generate executive security dashboards and trend reports.
GET /discover/queries/accounts/v1.
GET /reports/queries/scheduled-reports/v1.
GET /sensor-installers/entities/installers/v1.
POST /user-management/entities/users/GET/v1.
POST /malware-query/queries/samples/v1.
GET /realtime-response/queries/sessions/GET/v1.
GET /devices/entities/devices/v2 with ids comma-separated.
GET /host-group/entities/groups/v1.
POST /spotlight/entities/vulnerabilities/v2.
GET /host-group/queries/groups/v1.
GET /policy/entities/prevention/v1.
GET /filevantage/queries/changes/v1.
GET /falconx/queries/reports/v1.
POST /quarantine/entities/quarantined-files/v1.
GET /intel/indicators/queries/indicators/v1.
GET /iocs/queries/indicators/v1.
PATCH /alerts/entities/alerts/v2.
POST /ioarules/entities/rules/v1.
GET /intel/actors/queries/actors/v1.
POST /devices/combined/devices/login-history/v1.
POST /detects/entities/summaries/GET/v1.
PATCH /detects/entities/detects/v2.
GET /policy/combined/prevention/v1.
GET /quarantine/queries/quarantined-files/v1.
GET /quick-scan/queries/scans/v1.
GET /ioarules/queries/rules/v1.
POST /devices/queries/devices-scroll/v1 for paging large device sets.
PATCH /iocs/entities/indicators/v1.
GET /cloud-connect-aws/queries/accounts/v1.
GET /zero-trust-assessment/queries/devices/v1.
POST /spotlight/queries/vulnerabilities/v1.
POST /realtime-response/combined/batch-init/v1.
GET /overwatch/queries/detects/v1.
GET /zero-trust-assessment/entities/devices/v1.
POST /alerts/queries/alerts/v2.
GET /kernel-detection/queries/detections/v1.
POST /incidents/entities/incidents/GET/v1 with ids in body.
GET /message-center/queries/aggregates-events/v1.
POST /incidents/entities/incident-actions/v1.
DELETE /iocs/entities/indicators/v1 (body JSON ids).
GET /sensor-installers/queries/installers/v1.
GET /recon/queries/notifications/v1.
POST /alerts/entities/alerts/v2.
GET /policy/queries/firewall/v1.
POST /intel/actors/entities/actors/v1.
GET /history/queries/actions/v1.
GET /policy/queries/prevention/v1.
GET /detects/queries/detects/v1.
POST /incidents/queries/incidents/v1.
POST /hosts/entities/hosts/v2 get host details.
GET /usage/queries/entities/v1.
POST /samples/entities/samples/v2 upload metadata JSON.
GET /container-security/queries/images/v1.
GET /cspm-registration/queries/policy/v1.
GET /policy/queries/response/v1.
GET /hosts/entities/devices/v2?ids=.
GET /policy/entities/sensor-update/v2.
POST /iocs/entities/indicators/v1.
POST /devices/queries/devices/v1. Body JSON filter, limit, offset.
GET /workflows/combined/definitions/v1.
GET /hosts/queries/devices/v1.
GET /user-management/queries/users/v1.
GET /custom-ioa/queries/rules/v1.
GET /asset-management/queries/assets/v1.
GET /history/entities/actions/v1.
Do I need my own developer credentials to use CrowdStrike Falcon MCP with Adopt AI?
No, you can get started immediately using Adopt AI's built-in CrowdStrike Falcon integration. For production use, we recommend configuring your own API credentials for greater control and security.
Can I connect CrowdStrike Falcon with other apps through Adopt AI?
Yes! Adopt AI supports multi-app workflows, so your AI agents can seamlessly move data between CrowdStrike Falcon and SIEM tools, ticketing platforms, communication apps, and more.
Is Adopt AI secure?
Absolutely. Adopt AI is SOC 2 Type 2 certified and ISO/IEC 27001 compliant, and adheres to EU GDPR, CCPA, and HIPAA standards. All data is encrypted in transit and at rest, ensuring the confidentiality, integrity, and availability of your data. Learn more here.
What happens if the CrowdStrike Falcon API changes?
Adopt AI maintains and updates all integrations automatically, so your agents always work with the latest API versions, no manual maintenance required.
Do I need coding skills to set up the CrowdStrike Falcon integration?
Not at all. Adopt AI's zero-shot API discovery means your agents understand CrowdStrike Falcon's schema on first contact. Setup takes minutes with no code required.
How do I set up custom CrowdStrike Falcon MCP in Adopt AI?
For a step-by-step guide on creating and configuring your own CrowdStrike Falcon API credentials with Adopt AI, see here.
