Back to plugin list
crowdstrike
Official
Premium

CrowdStrike

This plugin is in preview.

Sync from CrowdStrike to any destination

Publisher

cloudquery

Latest version

v1.1.0

Type

Source

Platforms
Date Published

Price

Free while in preview

Set up process #


brew install cloudquery/tap/cloudquery

1. Download CLI and login

See installation options

2. Create source and destination configs

Plugin configuration

cloudquery sync crowdstrike.yml postgresql.yml

3. Run the sync

CloudQuery sync

Overview #

The CloudQuery Crowdstrike plugin pulls data out of Crowdstrike and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Crowdstrike Source Plugin Configuration Reference

Authentication #

The CrowdStrike source supports two different methods of authentication: API Client or Access Token authentication. More details on each method are provided in the configuration reference section.

Example Configuration #

kind: source
spec:
  name: crowdstrike
  path: cloudquery/crowdstrike
  registry: cloudquery
  version: "v1.1.0"
  tables: ["*"]
  destinations: ["postgresql"]

  spec:
    auth_method: "client_secret"
    client_id: "${CROWDSTRIKE_CLIENT_ID}"
    client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"

    # optional
    # base_path_override: "/"
    # cloud: "autodiscover"
    # host_override: ""
    # member_cid: ""

Configuration Reference #

This is the (nested) spec used by the CrowdStrike source plugin.
  • auth_method (string) (optional, default: client_secret)
    This plugin supports different authentication methods when communicating with the CrowdStrike API. Depending on the chosen authentication method, additional configuration parameters are required.
    Supported values are client_secret and access_token. If the client_secret method is selected, the following additional configuration parameters will be used. If the access_token method is selected, the following additional configuration parameters will be used.
  • cloud (string) (optional, default: autodiscover)
    Region where the CrowdStrike backend is hosted. autodiscover can automatically discover the region when using API Client authentication.
    When using Access Token authentication method, a specific cloud region is required:
    spec:
      access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
      cloud: us-1 # possible values are: us-1, us-2, eu-1, us-gov-1
  • host_override (string) (optional, default: empty)
    A specific API host to use when making API requests. This must be a fully qualified domain name without a scheme or slashes.
    When set, the value of cloud will be ignored.
    spec:
      access_token: "${CROWDSTRIKE_ACCESS_TOKEN}"
      host_override: api.mysubdomain.crowdstrike.com
  • base_path_override (string) (optional, default: /)
    Sets the URL path to prepend when making API requests. With or without a leading slash.
  • member_cid (string) (optional, default: empty)
    A specific CID to use. This value can be used for filtering when the Client has access to multiple CIDs.
  • concurrency (integer) (optional, default: 10000)
    A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
  • scheduler (string) (optional, default: dfs)
    The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
    For more information about this, see performance tuning.

Client Secret Configuration Reference #

To use this authentication method, generate new Client Credentials by navigating to the Falcon UI. From the left menubar, go to Support and Resources > API Clients and Keys > Create API Client, and select all Read scopes.
  • client_id (string) (required)
    The ID of the CrowdStrike Client to use.
  • client_secret (string) (required)
    The secret to authenticate the client with ID client_id.

Access Token Configuration Reference #

To use this authentication method, you will need to generate an access_token using /oauth2/token API with an existing client. This is done automatically when using the client secret authentication method.
  • access_token (string) (required)
    The OAuth 2.0 Access Token to authenticate with (recommendation: Use environment variable instead of a hardcoded token in the config).


Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Legal

© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.