README
¶
CloudQuery CrowdStrike Falcon Source Plugin
A crowdstrike source plugin for CloudQuery Falcon that loads data from crowdstrike to any database, data warehouse or data lake supported by CloudQuery, such as PostgreSQL, BigQuery, Athena, and many more.
Features
- Detections – Extracts details for Falcon detections, including behavior, severity, host, timestamps, and more.
- Hosts – Extracts host details including OS, version, sensor specific data, and more.
- Incidents - Extracts incidents and their details
- Vulnerabilities - Extracts vulnerabilities and their details
Configuration
Example
# crowdstrike.yml
kind: source
spec:
name: "crowdstrike"
registry: "github"
path: "justmiles/crowdstrike"
version: "v0.0.0"
destinations: ["sqlite"]
tables: ["*"]
spec:
auth:
strategy: "ondemand"
creds:
siteUrl: ${SP_SITE_URL}
# align creds with the used strategy
Tables
- crowdstrike_falcon_detections
- crowdstrike_falcon_hosts
- crowdstrike_falcon_incidents
- crowdstrike_falcon_vulnerabilities
Development
Run tests
make test
Run linter
make lint
Generate docs
make gen-docs
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.