[Feature]: Add Exclusions module
Add a unified exclusions module to falcon-mcp covering IOA, ML, Sensor Visibility, and Certificate-Based exclusions through an exclusion_type discriminator parameter.
Tools (7)
- falcon_search_exclusions - search exclusion rules
- falcon_get_exclusion_details - get exclusion by ID(s)
- falcon_create_exclusion - create an exclusion rule
- falcon_update_exclusion - update an exclusion rule
- falcon_delete_exclusions - delete exclusion rules
- falcon_search_certificates - search certificate signing info (cert-based only)
- falcon_get_certificate_details - get cert details by SHA256 (cert-based only)
Resources (1)
- FQL guide resource for exclusion search filters
FQL Filter Fields
applied_globally, created_by, created_on, last_modified, modified_by, name (IOA only), value, pattern (IOA only)
Scopes
- IOA Exclusions:read/write
- ML Exclusions:read/write
- Sensor Visibility Exclusions:read/write
- (cert-based shares ML Exclusions scope)
Design Decisions
- Unified module - all 4 exclusion types share near-identical CRUD shapes
- exclusion_type discriminator routes to the correct FalconPy service class
- Start with v1 APIs; IOA/ML have v2 APIs (Self-Service, ancestor-process) that can be added as a follow-up
Notes
- Independent of host_groups and policies modules
- FalconPy SDK fully supports all endpoints
- Lower priority than host_groups and policies per original implementation order
Split from #395.
[Feature]: Add Exclusions module
Add a unified exclusions module to falcon-mcp covering IOA, ML, Sensor Visibility, and Certificate-Based exclusions through an exclusion_type discriminator parameter.
Tools (7)
Resources (1)
FQL Filter Fields
applied_globally, created_by, created_on, last_modified, modified_by, name (IOA only), value, pattern (IOA only)
Scopes
Design Decisions
Notes
Split from #395.