Export from CrowdStrike to S3
CloudQuery is an open-source data integration platform that allows you to export data from any source to any destination.
The CloudQuery CrowdStrike plugin allows you to sync data from CrowdStrike to any destination, including S3. It takes only minutes to get started.
CrowdStrike
This plugin is in preview.
Sync data from Crowdstrike APIs
S3
This destination plugin lets you sync data from a CloudQuery source to remote S3 storage in various formats such as CSV, JSON and Parquet
Table of Contents
MacOS Setup
Step 1. Install CloudQuery
brew install cloudquery/tap/cloudquery
Step 2. Log in to CloudQuery CLI
cloudquery login
Step 3. Configure CrowdStrike source plugin
You can find more information about the configuration in the plugin documentation
# crowdstrike.yml
kind: source
spec:
name: "crowdstrike"
registry: "cloudquery"
path: "justmiles/crowdstrike"
version: "v2.0.0"
# use this to enable incremental syncing - unimplemented
# backend_options:
# table_name: "cq_state_crowdstrike"
# connection: "@@plugins.v7.4.4.connection"
destinations: ["sqlite"]
tables: ["*"]
spec:
# plugin spec section
Step 4. Configure S3 destination plugin
You can find more information about the configuration in the plugin documentation
kind: destination
spec:
name: "s3"
path: "cloudquery/s3"
registry: "cloudquery"
version: "v7.4.4"
write_mode: "append"
# Learn more about the configuration options at https://cql.ink/s3_destination
spec:
bucket: "bucket_name"
region: "region-name" # Example: us-east-1
path: "path/to/files/{{TABLE}}/{{UUID}}.{{FORMAT}}"
format: "parquet" # options: parquet, json, csv
format_spec:
# CSV specific parameters:
# delimiter: ","
# skip_header: false
# Parquet specific parameters:
# version: "v2Latest"
# root_repetition: "repeated"
# Optional parameters
# compression: "" # options: gzip
# no_rotate: false
# athena: false # <- set this to true for Athena compatibility
# write_empty_objects_for_empty_tables: false # <- set this to true if using with the CloudQuery Compliance policies
# test_write: true # tests the ability to write to the bucket before processing the data
# endpoint: "" # Endpoint to use for S3 API calls.
# endpoint_skip_tls_verify # Disable TLS verification if using an untrusted certificate
# use_path_style: false
# batch_size: 10000 # 10K entries
# batch_size_bytes: 52428800 # 50 MiB
# batch_timeout: 30s # 30 seconds
Step 5. Run Sync
cloudquery sync crowdstrike.yml s3.yml