CloudQuery

Back to source list
crowdstrike
Official
Premium

CrowdStrike

Sync from CrowdStrike to any destination

Publisher

cloudquery

Latest version

v1.4.4

Type

Source

Platforms

Date Published

Overview #

The CloudQuery Crowdstrike plugin pulls data out of Crowdstrike and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Crowdstrike Source Plugin Configuration Reference

Authentication #

The CrowdStrike source supports two different methods of authentication: API Client or Access Token authentication. More details on each method are provided in the configuration reference section.

Example Configuration #

kind: source
spec:
  name: crowdstrike
  path: cloudquery/crowdstrike
  registry: cloudquery
  version: "v1.4.4"
  tables: ["*"]
  destinations: ["postgresql"]

  spec:
    auth_method: "client_secret"
    client_id: "${CROWDSTRIKE_CLIENT_ID}"
    client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"

    # optional
    # base_path_override: "/"
    # cloud: "autodiscover"
    # host_override: ""
    # member_cid: ""

Configuration Reference #

This is the (nested) spec used by the CrowdStrike source plugin.
  • auth_method (string) (optional, default: client_secret)
    This plugin supports different authentication methods when communicating with the CrowdStrike API. Depending on the chosen authentication method, additional configuration parameters are required.
    Supported values are client_secret and access_token. If the client_secret method is selected, the following additional configuration parameters will be used. If the access_token method is selected, the following additional configuration parameters will be used.
  • cloud (string) (optional, default: autodiscover)
    Region where the CrowdStrike backend is hosted. autodiscover can automatically discover the region when using API Client authentication.
    When using Access Token authentication method, a specific cloud region is required:
    spec:
      access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
      cloud: us-1 # possible values are: us-1, us-2, eu-1, us-gov-1
  • host_override (string) (optional, default: empty)
    A specific API host to use when making API requests. This must be a fully qualified domain name without a scheme or slashes.
    When set, the value of cloud will be ignored.
    spec:
      access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
      host_override: api.mysubdomain.crowdstrike.com
  • base_path_override (string) (optional, default: /)
    Sets the URL path to prepend when making API requests. With or without a leading slash.
  • member_cid (string) (optional, default: empty)
    A specific CID to use. This value can be used for filtering when the Client has access to multiple CIDs.
  • concurrency (integer) (optional, default: 10000)
    A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
  • scheduler (string) (optional, default: dfs)
    The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
    For more information about this, see performance tuning.

Client Secret Configuration Reference #

To use this authentication method, generate new Client Credentials by navigating to the Falcon UI. From the left menubar, go to Support and Resources > API Clients and Keys > Create API Client, and select all Read scopes.
  • client_id (string) (required)
    The ID of the CrowdStrike Client to use.
  • client_secret (string) (required)
    The secret to authenticate the client with ID client_id.

Access Token Configuration Reference #

To use this authentication method, you will need to generate an access_token using /oauth2/token API with an existing client. This is done automatically when using the client secret authentication method.
  • access_token (string) (required)
    The OAuth 2.0 Access Token to authenticate with (recommendation: Use environment variable instead of a hardcoded token in the config).


Licenses #

The following tools / packages are used in this plugin:
NameLicense
github.com/adrg/xdgMIT
github.com/apache/arrow-go/v18Apache-2.0
github.com/apache/arrow/go/v13Apache-2.0
github.com/apapsch/go-jsonmerge/v2MIT
github.com/asaskevich/govalidatorMIT
github.com/aws/aws-sdk-go-v2Apache-2.0
github.com/aws/aws-sdk-go-v2/configApache-2.0
github.com/aws/aws-sdk-go-v2/credentialsApache-2.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imdsApache-2.0
github.com/aws/aws-sdk-go-v2/internal/configsourcesApache-2.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/iniApache-2.0
github.com/aws/aws-sdk-go-v2/internal/sync/singleflightBSD-3-Clause
github.com/aws/aws-sdk-go-v2/service/internal/accept-encodingApache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-urlApache-2.0
github.com/aws/aws-sdk-go-v2/service/licensemanagerApache-2.0
github.com/aws/aws-sdk-go-v2/service/marketplacemeteringApache-2.0
github.com/aws/aws-sdk-go-v2/service/ssoApache-2.0
github.com/aws/aws-sdk-go-v2/service/ssooidcApache-2.0
github.com/aws/aws-sdk-go-v2/service/stsApache-2.0
github.com/aws/smithy-goApache-2.0
github.com/aws/smithy-go/internal/sync/singleflightBSD-3-Clause
github.com/bahlo/generic-list-goBSD-3-Clause
github.com/blang/semver/v4MIT
github.com/buger/jsonparserMIT
github.com/cenkalti/backoff/v4MIT
github.com/cloudquery/cloudquery-api-goMPL-2.0
github.com/cloudquery/codegen/jsonschema/docsMPL-2.0
github.com/cloudquery/plugin-pb-goMPL-2.0
github.com/cloudquery/plugin-sdk/v2/internal/globMIT
github.com/cloudquery/plugin-sdk/v2/schemaMIT
github.com/cloudquery/plugin-sdk/v2/typesMPL-2.0
github.com/cloudquery/plugin-sdk/v4MPL-2.0
github.com/cloudquery/plugin-sdk/v4/globMIT
github.com/cloudquery/plugin-sdk/v4/scalarMIT
github.com/crowdstrike/gofalconMIT
github.com/davecgh/go-spew/spewISC
github.com/ghodss/yamlMIT
github.com/go-logr/logrApache-2.0
github.com/go-logr/stdrApache-2.0
github.com/go-openapi/analysisApache-2.0
github.com/go-openapi/errorsApache-2.0
github.com/go-openapi/jsonpointerApache-2.0
github.com/go-openapi/jsonreferenceApache-2.0
github.com/go-openapi/loadsApache-2.0
github.com/go-openapi/runtimeApache-2.0
github.com/go-openapi/runtime/middleware/dencoMIT
github.com/go-openapi/specApache-2.0
github.com/go-openapi/strfmtApache-2.0
github.com/go-openapi/swagApache-2.0
github.com/go-openapi/validateApache-2.0
github.com/goccy/go-jsonMIT
github.com/google/flatbuffers/goApache-2.0
github.com/google/uuidBSD-3-Clause
github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptorsApache-2.0
github.com/grpc-ecosystem/grpc-gateway/v2BSD-3-Clause
github.com/hashicorp/go-cleanhttpMPL-2.0
github.com/hashicorp/go-retryablehttpMPL-2.0
github.com/invopop/jsonschemaMIT
github.com/josharian/internMIT
github.com/klauspost/compressApache-2.0
github.com/klauspost/compress/internal/snaprefBSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhashMIT
github.com/mailru/easyjsonMIT
github.com/mattn/go-colorableMIT
github.com/mattn/go-isattyMIT
github.com/mitchellh/mapstructureMIT
github.com/oapi-codegen/runtimeApache-2.0
github.com/oklog/ulidApache-2.0
github.com/opentracing/opentracing-goApache-2.0
github.com/pierrec/lz4/v4BSD-3-Clause
github.com/pmezard/go-difflib/difflibBSD-3-Clause
github.com/rs/zerologMIT
github.com/samber/loMIT
github.com/santhosh-tekuri/jsonschema/v6Apache-2.0
github.com/sirupsen/logrusMIT
github.com/spf13/cobraApache-2.0
github.com/spf13/pflagBSD-3-Clause
github.com/stretchr/testifyMIT
github.com/thoas/go-funkMIT
github.com/wk8/go-ordered-map/v2Apache-2.0
github.com/zeebo/xxh3BSD-2-Clause
go.mongodb.org/mongo-driverApache-2.0
go.opentelemetry.io/auto/sdkApache-2.0
go.opentelemetry.io/otelApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttpApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttpApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptraceApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttpApache-2.0
go.opentelemetry.io/otel/logApache-2.0
go.opentelemetry.io/otel/metricApache-2.0
go.opentelemetry.io/otel/sdkApache-2.0
go.opentelemetry.io/otel/sdk/logApache-2.0
go.opentelemetry.io/otel/sdk/metricApache-2.0
go.opentelemetry.io/otel/traceApache-2.0
go.opentelemetry.io/proto/otlpApache-2.0
golang.org/x/expBSD-3-Clause
golang.org/x/netBSD-3-Clause
golang.org/x/oauth2BSD-3-Clause
golang.org/x/syncBSD-3-Clause
golang.org/x/sysBSD-3-Clause
golang.org/x/textBSD-3-Clause
golang.org/x/xerrorsBSD-3-Clause
google.golang.org/genproto/googleapis/api/httpbodyApache-2.0
google.golang.org/genproto/googleapis/rpc/statusApache-2.0
google.golang.org/grpcApache-2.0
google.golang.org/protobufBSD-3-Clause
gopkg.in/yaml.v2Apache-2.0
gopkg.in/yaml.v3MIT



© 2025 CloudQuery, Inc. All rights reserved.