cq-source-crowdstrike

command module
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 1, 2023 License: MPL-2.0 Imports: 2 Imported by: 0

README

CloudQuery CrowdStrike Falcon Source Plugin

release test

A crowdstrike source plugin for CloudQuery Falcon that loads data from crowdstrike to any database, data warehouse or data lake supported by CloudQuery, such as PostgreSQL, BigQuery, Athena, and many more.

Features

  • Detections – Extracts details for Falcon detections, including behavior, severity, host, timestamps, and more.
  • Hosts – Extracts host details including OS, version, sensor specific data, and more.
  • Incidents - Extracts incidents and their details
  • Vulnerabilities - Extracts vulnerabilities and their details
  • Disover Hosts - Extracts managed host details from Discover data
  • Discover Applications - Extracts application information from Discover for all managed hosts

Configuration

Export the following environment variables to configure CrowdStrike:

  • FALCON_CLIENT_ID - Falcon ClientID
  • FALCON_SECRET - Falcon Secret

To obtain an OAuth2 API Client navigate to the CrowdStrike Falcon / API clients and keys portal.

CloudQuery should only have read access to CrowdStrike resources. The intent is to index all resources in CrowdStrike, so all scopes should be accessible, but read-only.

  • Alerts
  • Custom IOA rules
  • Detections
  • Hosts
  • Falcon Discover
  • Falcon Complete Dashboard
  • Actors (Falcon Intelligence)
  • Reports (Falcon Intelligence)
  • Host groups
  • Incidents
  • Installation Tokens
  • IOC Management
  • IOCs (Indicators of Compromise)
  • Message Center for Overwatch
  • Message Center
  • Machine Learning Exclusions
  • On-demand scans (ODS)
  • OverWatch Dashboard
  • Prevention policies
  • Quarantined Files
  • Real time response (admin)
  • Real time responseResponse policies
  • Scheduled ReportsIOA Exclusions
  • Sensor DownloadSensor update policies
  • Sensor Visibility Exclusions
  • Spotlight vulnerabilities
  • Event streams
  • User management
  • Zero Trust Assessment
Example
# crowdstrike.yml
kind: source
spec:
  name: "crowdstrike"
  registry: "github"
  path: "justmiles/crowdstrike"
  version: "v0.0.0"
  destinations: ["sqlite"]
  tables: ["*"]

Tables

Development

Run tests
make test
Run linter
make lint
Generate docs
make gen-docs

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.