Back to plugin list
Official
Premium
CrowdStrike
This plugin is in preview.
Sync from CrowdStrike to any destination
Publisher
cloudquery
Latest version
v1.1.0
Type
Source
Platforms
Date Published
Price
Free while in preview
Set up process #
brew install cloudquery/tap/cloudquery
1. Download CLI and login
2. Create source and destination configs
Plugin configurationOverview #
The CloudQuery Crowdstrike plugin pulls data out of Crowdstrike and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).
Crowdstrike Source Plugin Configuration Reference
Authentication #
The CrowdStrike source supports two different methods of authentication: API Client or Access Token authentication.
More details on each method are provided in the configuration reference section.
Example Configuration #
kind: source
spec:
name: crowdstrike
path: cloudquery/crowdstrike
registry: cloudquery
version: "v1.1.0"
tables: ["*"]
destinations: ["postgresql"]
spec:
auth_method: "client_secret"
client_id: "${CROWDSTRIKE_CLIENT_ID}"
client_secret: "${CROWDSTRIKE_CLIENT_SECRET}"
# optional
# base_path_override: "/"
# cloud: "autodiscover"
# host_override: ""
# member_cid: ""
Configuration Reference #
This is the (nested) spec used by the CrowdStrike source plugin.
auth_method
(string
) (optional, default:client_secret
)This plugin supports different authentication methods when communicating with the CrowdStrike API. Depending on the chosen authentication method, additional configuration parameters are required.Supported values areclient_secret
andaccess_token
. If theclient_secret
method is selected, the following additional configuration parameters will be used. If theaccess_token
method is selected, the following additional configuration parameters will be used.cloud
(string
) (optional, default:autodiscover
)Region where the CrowdStrike backend is hosted.autodiscover
can automatically discover the region when using API Client authentication.When using Access Token authentication method, a specific cloud region is required:spec: access_token: "${CROWDSTRIKE_ACCESS_TOKEN}" cloud: us-1 # possible values are: us-1, us-2, eu-1, us-gov-1
host_override
(string
) (optional, default: empty)A specific API host to use when making API requests. This must be a fully qualified domain name without a scheme or slashes.When set, the value ofcloud
will be ignored.spec: access_token: "${CROWDSTRIKE_ACCESS_TOKEN}" host_override: api.mysubdomain.crowdstrike.com
base_path_override
(string
) (optional, default:/
)Sets the URL path to prepend when making API requests. With or without a leading slash.member_cid
(string
) (optional, default: empty)A specific CID to use. This value can be used for filtering when the Client has access to multiple CIDs.concurrency
(integer
) (optional, default:10000
)A best effort maximum number of Go routines to use. Lower this number to reduce memory usage.scheduler
(string
) (optional, default:dfs
)The scheduler to use when determining the priority of resources to sync. Supported values aredfs
(depth-first search),round-robin
,shuffle
andshuffle-queue
.For more information about this, see performance tuning.
Client Secret Configuration Reference #
To use this authentication method, generate new Client Credentials by navigating to the Falcon UI. From the left menubar, go to Support and Resources > API Clients and Keys > Create API Client, and select all Read scopes.
client_id
(string
) (required)The ID of the CrowdStrike Client to use.client_secret
(string
) (required)The secret to authenticate the client with IDclient_id
.
Access Token Configuration Reference #
To use this authentication method, you will need to generate an
access_token
using /oauth2/token
API with an existing client. This is done automatically when using the client secret authentication method.access_token
(string
) (required)The OAuth 2.0 Access Token to authenticate with (recommendation: Use environment variable instead of a hardcoded token in the config).