Join our Webinar: Best Security Management Practices for Multi-Cloud Infrastructure Sign up ❯
Sign up ❯
Report an issue
Back to source list
crowdstrike
Official
Premium

CrowdStrike

Sync from CrowdStrike to any destination

Publisher

cloudquery

Latest version

v1.2.8

Type

Source

Platforms
Date Published

DocumentationTablesChangelogDestinations
OverviewLicenses

Overview #

The CloudQuery Crowdstrike plugin pulls data out of Crowdstrike and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Crowdstrike Source Plugin Configuration Reference

Authentication #

The CrowdStrike source supports two different methods of authentication: API Client or Access Token authentication. More details on each method are provided in the configuration reference section.

Example Configuration #

kind: source
spec:
  name: crowdstrike
  path: cloudquery/crowdstrike
  registry: cloudquery
  version: "v1.2.8"
  tables: ["*"]
  destinations: ["postgresql"]

  spec:
    auth_method: "client_secret"
    client_id: "${CROWDSTRIKE_CLIENT_ID}"
    client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"

    # optional
    # base_path_override: "/"
    # cloud: "autodiscover"
    # host_override: ""
    # member_cid: ""

Configuration Reference #

This is the (nested) spec used by the CrowdStrike source plugin.
  • auth_method (string) (optional, default: client_secret)
    This plugin supports different authentication methods when communicating with the CrowdStrike API. Depending on the chosen authentication method, additional configuration parameters are required.
    Supported values are client_secret and access_token. If the client_secret method is selected, the following additional configuration parameters will be used. If the access_token method is selected, the following additional configuration parameters will be used.
  • cloud (string) (optional, default: autodiscover)
    Region where the CrowdStrike backend is hosted. autodiscover can automatically discover the region when using API Client authentication.
    When using Access Token authentication method, a specific cloud region is required:
    spec:
  access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
  cloud: us-1 # possible values are: us-1, us-2, eu-1, us-gov-1
  • host_override (string) (optional, default: empty)
    A specific API host to use when making API requests. This must be a fully qualified domain name without a scheme or slashes.
    When set, the value of cloud will be ignored.
    spec:
  access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
  host_override: api.mysubdomain.crowdstrike.com
  • base_path_override (string) (optional, default: /)
    Sets the URL path to prepend when making API requests. With or without a leading slash.
  • member_cid (string) (optional, default: empty)
    A specific CID to use. This value can be used for filtering when the Client has access to multiple CIDs.
  • concurrency (integer) (optional, default: 10000)
    A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
  • scheduler (string) (optional, default: dfs)
    The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
    For more information about this, see performance tuning.

Client Secret Configuration Reference #

To use this authentication method, generate new Client Credentials by navigating to the Falcon UI. From the left menubar, go to Support and Resources > API Clients and Keys > Create API Client, and select all Read scopes.
  • client_id (string) (required)
    The ID of the CrowdStrike Client to use.
  • client_secret (string) (required)
    The secret to authenticate the client with ID client_id.

Access Token Configuration Reference #

To use this authentication method, you will need to generate an access_token using /oauth2/token API with an existing client. This is done automatically when using the client secret authentication method.
  • access_token (string) (required)
    The OAuth 2.0 Access Token to authenticate with (recommendation: Use environment variable instead of a hardcoded token in the config).

Licenses #

The following tools / packages are used in this plugin:
NameLicense
github.com/adrg/xdgMIT
github.com/apache/arrow/go/v13Apache-2.0
github.com/apache/arrow-go/v18Apache-2.0
github.com/apapsch/go-jsonmerge/v2MIT
github.com/asaskevich/govalidatorMIT
github.com/aws/aws-sdk-go-v2Apache-2.0
github.com/aws/aws-sdk-go-v2/configApache-2.0
github.com/aws/aws-sdk-go-v2/credentialsApache-2.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imdsApache-2.0
github.com/aws/aws-sdk-go-v2/internal/configsourcesApache-2.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/iniApache-2.0
github.com/aws/aws-sdk-go-v2/internal/sync/singleflightBSD-3-Clause
github.com/aws/aws-sdk-go-v2/service/internal/accept-encodingApache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-urlApache-2.0
github.com/aws/aws-sdk-go-v2/service/licensemanagerApache-2.0
github.com/aws/aws-sdk-go-v2/service/marketplacemeteringApache-2.0
github.com/aws/aws-sdk-go-v2/service/ssoApache-2.0
github.com/aws/aws-sdk-go-v2/service/ssooidcApache-2.0
github.com/aws/aws-sdk-go-v2/service/stsApache-2.0
github.com/aws/smithy-goApache-2.0
github.com/aws/smithy-go/internal/sync/singleflightBSD-3-Clause
github.com/bahlo/generic-list-goBSD-3-Clause
github.com/blang/semver/v4MIT
github.com/buger/jsonparserMIT
github.com/cenkalti/backoff/v4MIT
github.com/cloudquery/cloudquery-api-goMPL-2.0
github.com/cloudquery/plugin-pb-goMPL-2.0
github.com/cloudquery/plugin-sdk/v2/internal/globMIT
github.com/cloudquery/plugin-sdk/v2/schemaMIT
github.com/cloudquery/plugin-sdk/v2/typesMPL-2.0
github.com/cloudquery/plugin-sdk/v4MPL-2.0
github.com/cloudquery/plugin-sdk/v4/globMIT
github.com/cloudquery/plugin-sdk/v4/scalarMIT
github.com/crowdstrike/gofalconMIT
github.com/davecgh/go-spew/spewISC
github.com/ghodss/yamlMIT
github.com/go-logr/logrApache-2.0
github.com/go-logr/stdrApache-2.0
github.com/go-openapi/analysisApache-2.0
github.com/go-openapi/errorsApache-2.0
github.com/go-openapi/jsonpointerApache-2.0
github.com/go-openapi/jsonreferenceApache-2.0
github.com/go-openapi/loadsApache-2.0
github.com/go-openapi/runtimeApache-2.0
github.com/go-openapi/runtime/middleware/dencoMIT
github.com/go-openapi/specApache-2.0
github.com/go-openapi/strfmtApache-2.0
github.com/go-openapi/swagApache-2.0
github.com/go-openapi/validateApache-2.0
github.com/goccy/go-jsonMIT
github.com/google/flatbuffers/goApache-2.0
github.com/google/uuidBSD-3-Clause
github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptorsApache-2.0
github.com/grpc-ecosystem/grpc-gateway/v2BSD-3-Clause
github.com/hashicorp/go-cleanhttpMPL-2.0
github.com/hashicorp/go-retryablehttpMPL-2.0
github.com/invopop/jsonschemaMIT
github.com/josharian/internMIT
github.com/klauspost/compressApache-2.0
github.com/klauspost/compress/internal/snaprefBSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhashMIT
github.com/mailru/easyjsonMIT
github.com/mattn/go-colorableMIT
github.com/mattn/go-isattyMIT
github.com/mitchellh/mapstructureMIT
github.com/oapi-codegen/runtimeApache-2.0
github.com/oklog/ulidApache-2.0
github.com/opentracing/opentracing-goApache-2.0
github.com/pierrec/lz4/v4BSD-3-Clause
github.com/pmezard/go-difflib/difflibBSD-3-Clause
github.com/rs/zerologMIT
github.com/samber/loMIT
github.com/santhosh-tekuri/jsonschema/v6Apache-2.0
github.com/sirupsen/logrusMIT
github.com/spf13/cobraApache-2.0
github.com/spf13/pflagBSD-3-Clause
github.com/stretchr/testifyMIT
github.com/thoas/go-funkMIT
github.com/wk8/go-ordered-map/v2Apache-2.0
github.com/zeebo/xxh3BSD-2-Clause
go.mongodb.org/mongo-driverApache-2.0
go.opentelemetry.io/otelApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttpApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttpApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptraceApache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttpApache-2.0
go.opentelemetry.io/otel/logApache-2.0
go.opentelemetry.io/otel/metricApache-2.0
go.opentelemetry.io/otel/sdkApache-2.0
go.opentelemetry.io/otel/sdk/logApache-2.0
go.opentelemetry.io/otel/sdk/metricApache-2.0
go.opentelemetry.io/otel/traceApache-2.0
go.opentelemetry.io/proto/otlpApache-2.0
golang.org/x/expBSD-3-Clause
golang.org/x/netBSD-3-Clause
golang.org/x/oauth2BSD-3-Clause
golang.org/x/syncBSD-3-Clause
golang.org/x/sysBSD-3-Clause
golang.org/x/textBSD-3-Clause
golang.org/x/xerrorsBSD-3-Clause
google.golang.org/genproto/googleapis/api/httpbodyApache-2.0
google.golang.org/genproto/googleapis/rpc/statusApache-2.0
google.golang.org/grpcApache-2.0
google.golang.org/protobufBSD-3-Clause
gopkg.in/yaml.v2Apache-2.0
gopkg.in/yaml.v3MIT

Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Products and Solutions
Resources
Legal
Social
© 2025 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.