Back to source list
Official
Premium
CrowdStrike source integration documentation
Sync from CrowdStrike to any destination
Publisher
cloudquery
Latest version
v2.2.1
Type
Source
Platforms
Date Published
Loading plugin documentation
Sync from CrowdStrike to any destination
Publisher
cloudquery
Latest version
v2.2.1
Type
Source
Platforms
Date Published
Loading plugin documentation
CloudQuery's use of cookies
We use tracking cookies to understand how you use the product and help us improve it. Your consent is required before we can enable these cookies. You can opt out via the link in the footer.
kind: source
spec:
name: crowdstrike
path: cloudquery/crowdstrike
registry: cloudquery
version: "v2.2.1"
tables: ["*"]
destinations: ["postgresql"]
backend_options:
table_name: "cq_state_crowdstrike"
connection: "@@plugins.postgresql.connection"
spec:
auth_method: "client_secret"
client_id: "${CROWDSTRIKE_CLIENT_ID}"
client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"
# optional
# base_path_override: "/"
# cloud: "autodiscover"
# host_override: ""
# member_cid: ""
auth_method (string) (optional, default: client_secret)client_secret and access_token. If the client_secret method is selected, the following additional configuration parameters will be used. If the access_token method is selected, the following additional configuration parameters will be used.cloud (string) (optional, default: autodiscover)autodiscover can automatically discover the region when using API Client authentication.spec:
access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
cloud: us-1 # possible values are: us-1, us-2, eu-1, us-gov-1
host_override (string) (optional, default: empty)cloud will be ignored.spec:
access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
host_override: api.mysubdomain.crowdstrike.com
base_path_override (string) (optional, default: /)member_cid (string) (optional, default: empty)concurrency (integer) (optional, default: 10000)scheduler (string) (optional, default: dfs)dfs (depth-first search), round-robin, shuffle and shuffle-queue.table_options (Table Options spec) (optional)crowdstrike_discover_applicationscrowdstrike_discover_hostsbackend_options must be set in the spec (as shown above). This is documented in the Managing Incremental Tables section.crowdstrike_discover_applicationsfilter (string) (optional)vendor: "Google"name, version, vendor, name_vendor, name_vendor_version, first_seen_timestamp, installation_timestamp, architectures, installation_paths, versioning_scheme, groups, is_normalized, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, last_used_timestamp, last_updated_timestamp, is_suspicious, host.id, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aidname, version, vendor, name_vendor, name_vendor_version, architectures, installation_paths, groups, last_used_user_sid, last_used_user_name, last_used_file_name, last_used_file_hash, host.platform_name, host.hostname, cid, host.os_version, host.machine_domain, host.ou, host.site_name, host.country, host.current_mac_address, host.current_network_prefix, host.tags, host.groups, host.product_type_desc, host.kernel_version, host.system_manufacturer, host.internet_exposure, host.agent_version, host.external_ip, host.aidfirst_seen_timestamp, installation_timestamp, last_used_timestamp, last_updated_timestampfacet ([]string) (optional) (default: ["browser_extension", "host_info", "install_usage"])browser_extension, host_info, install_usage. If omitted, related columns will be empty.crowdstrike_discover_hostsfilter (string) (optional)facet ([]string) (optional) (default: [])crowdstrike_vulnerabilitiesfilter (string) (optional) (default: created_timestamp:>'2000-01-01T01:00:00Z')facet ([]string) (optional) (default: ["host_info", "remediation", "cve", "evaluation_logic"])client_id (string) (required)client_secret (string) (required)client_id.access_token using /oauth2/token API with an existing client. This is done automatically when using the client secret authentication method.access_token (string) (required)