{"id":"crowdstrike-api","name":"CrowdStrike Falcon","homepage":"https://www.crowdstrike.com","repo_url":null,"category":"security","subcategories":["endpoint-security","threat-intelligence","xdr"],"tags":["crowdstrike","edr","xdr","endpoint-security","threat-intelligence","falcon","mcp"],"what_it_does":"Cloud-native endpoint detection and response (EDR/XDR) platform that protects devices against malware and advanced threats, with a REST API and MCP server for security automation and threat hunting.","use_cases":["Querying endpoint detections and alerts for security orchestration workflows","Automating threat hunting queries using Falcon Query Language (FQL) via API","Retrieving device inventory and containment status for incident response automation","Integrating CrowdStrike detections into SOAR playbooks and ticketing systems","Enriching threat intelligence by correlating IOCs against CrowdStrike Intel API"],"not_for":["Network-level threat detection (use NDR tools like Darktrace or Vectra)","Small teams without dedicated security staff to tune and respond to alerts","Open-source or budget-constrained environments (pricing is enterprise-tier)","Cloud workload security without endpoint agents (limited agentless capabilities)"],"best_when":"Your organization has CrowdStrike Falcon deployed and you want to build security automation, threat hunting, or SOC workflows on top of the platform's rich detection and intelligence data.","avoid_when":"You don't already use CrowdStrike or are evaluating endpoint security from scratch — the API value is entirely dependent on having the platform deployed.","alternatives":[{"id":"sentinelone-api","reason":"Competing EDR/XDR platform with similar API capabilities — choose based on endpoint agent deployed"},{"id":"virustotal-api","reason":"Better for file/URL/IP threat intelligence lookups without a full EDR deployment"},{"id":"shodan-api","reason":"Better for internet exposure and attack surface monitoring rather than endpoint telemetry"}],"af_score":81.3,"security_score":92.0,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"current","last_evaluated":"2026-03-01T09:50:05.452396+00:00","performance":{"latency_p50_ms":150,"latency_p99_ms":500,"uptime_sla_percent":99.9,"rate_limits":"Rate limits vary by API endpoint; typically 6000 req/min for most endpoints","data_source":"llm_estimated","measured_on":null}}