falconfeeds

FalconFeeds MCP Server provides access to a suite of cybersecurity threat intelligence tools within the MCP (Model Context Protocol) ecosystem. The server exposes capabilities for CVE data retrieval and analysis, real-time threat feeds, threat actor profiles, threat image retrieval, and IOC management. It also ships a set of pre-built prompts designed for threat intelligence workflows, enabling users to generate comprehensive reports, assess vulnerability impact, correlate incidents, and analyze supply chain risks. To use it, configure your MCP client to load the FalconFeeds MCP server (preferably via the NPX installation described below) and supply your FalconFeeds API key. Once configured, you can issue MCP tool calls such as get_cve_by_id, search_cves_by_keyword, get_threat_feeds, get_threat_actor_profile, get_IOCs, and get_threat_image through your MCP client or inspector tooling.

Prerequisites:

• Node.js 18.x or higher and npm installed on your machine
• Access to the internet to pull the MCP package
• A FalconFeeds API key (see Getting Your API Key in the project docs)

Option A: NPX installation (recommended)

1. Ensure your MCP client will load the FalconFeeds MCP via NPX. Use this in your MCP configuration:

{
  "mcpServers": {
    "falconfeeds": {
      "command": "npx",
      "args": [
        "-y",
        "@falconfeeds/mcp@latest"
      ],
      "env": {
        "FALCONFEEDS_API_KEY": "your_api_key_here"
      }
    }
  }
}

2. Replace your_api_key_here with a valid FalconFeeds API key. Save the configuration and load it in your MCP client.

Option B: Local development (clone and run from source)

1. Clone the repository and install dependencies:

git clone https://github.com/Technisanct/falconfeeds-mcp.git
cd falconfeeds-mcp
npm install

2. Build the project (if a build step exists):

npm run build

3. Run or reference the built server in your MCP client. Example when using a local dist/index.js:

{
  "mcpServers": {
    "falconfeeds": {
      "command": "node",
      "args": [
        "/path/to/falconfeeds-mcp/dist/index.js"
      ],
      "env": {
        "FALCONFEEDS_API_KEY": "your_api_key_here"
      }
    }
  }
}

4. Ensure your API key is set in the environment variables used by the MCP client.

Getting Your API Key:

1. Visit FalconFeeds Dashboard
2. Sign in and go to Settings > API Access
3. Generate and copy your API key
4. Paste the key into the FALCONFEEDS_API_KEY environment variable in your MCP configuration

Tips and troubleshooting:

• Keep your API key secure and do not commit it to source control. Use environment variables in your MCP client.
• If you encounter NPX installation issues, ensure Node.js 18+ is installed and consider clearing npm cache.
• Verify your MCP JSON configuration syntax is valid when editing the client configuration.
• The FalconFeeds MCP supports several operations (CVE, Threat Feeds, Threat Actors, IOCs, Threat Images). Use the provided prompts to generate structured threat intelligence outputs.
• If you plan to customize prompts or extend capabilities, cloning the repo and building locally is recommended for rapid iteration.
• Ensure you have sufficient FalconFeeds credits for API calls to avoid throttling or failures.