Back to source list
Official
Premium
CrowdStrike
Sync from CrowdStrike to any destination
Publisher
cloudquery
Latest version
v1.4.4
Type
Source
Platforms
Date Published
Overview #
The CloudQuery Crowdstrike plugin pulls data out of Crowdstrike and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).
Crowdstrike Source Plugin Configuration Reference
Authentication #
The CrowdStrike source supports two different methods of authentication: API Client or Access Token authentication.
More details on each method are provided in the configuration reference section.
Example Configuration #
kind: source
spec:
name: crowdstrike
path: cloudquery/crowdstrike
registry: cloudquery
version: "v1.4.4"
tables: ["*"]
destinations: ["postgresql"]
spec:
auth_method: "client_secret"
client_id: "${CROWDSTRIKE_CLIENT_ID}"
client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"
# optional
# base_path_override: "/"
# cloud: "autodiscover"
# host_override: ""
# member_cid: ""Configuration Reference #
This is the (nested) spec used by the CrowdStrike source plugin.
auth_method(string) (optional, default:client_secret)This plugin supports different authentication methods when communicating with the CrowdStrike API. Depending on the chosen authentication method, additional configuration parameters are required.Supported values areclient_secretandaccess_token. If theclient_secretmethod is selected, the following additional configuration parameters will be used. If theaccess_tokenmethod is selected, the following additional configuration parameters will be used.cloud(string) (optional, default:autodiscover)Region where the CrowdStrike backend is hosted.autodiscovercan automatically discover the region when using API Client authentication.When using Access Token authentication method, a specific cloud region is required:spec: access_token: "${CROWDSTRIKE_ACCESS_TOKEN}" cloud: us-1 # possible values are: us-1, us-2, eu-1, us-gov-1host_override(string) (optional, default: empty)A specific API host to use when making API requests. This must be a fully qualified domain name without a scheme or slashes.When set, the value ofcloudwill be ignored.spec: access_token: "${CROWDSTRIKE_ACCESS_TOKEN}" host_override: api.mysubdomain.crowdstrike.combase_path_override(string) (optional, default:/)Sets the URL path to prepend when making API requests. With or without a leading slash.member_cid(string) (optional, default: empty)A specific CID to use. This value can be used for filtering when the Client has access to multiple CIDs.concurrency(integer) (optional, default:10000)A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.scheduler(string) (optional, default:dfs)The scheduler to use when determining the priority of resources to sync. Supported values aredfs(depth-first search),round-robin,shuffleandshuffle-queue.For more information about this, see performance tuning.
Client Secret Configuration Reference #
To use this authentication method, generate new Client Credentials by navigating to the Falcon UI. From the left menubar, go to Support and Resources > API Clients and Keys > Create API Client, and select all Read scopes.
client_id(string) (required)The ID of the CrowdStrike Client to use.client_secret(string) (required)The secret to authenticate the client with IDclient_id.
Access Token Configuration Reference #
To use this authentication method, you will need to generate an
access_token using /oauth2/token API with an existing client. This is done automatically when using the client secret authentication method.access_token(string) (required)The OAuth 2.0 Access Token to authenticate with (recommendation: Use environment variable instead of a hardcoded token in the config).