announcement
Announcing the CrowdStrike Source Integration
At CloudQuery, we're constantly adding new source integrations to streamline your data integration processes and enhance your data analytics capabilities.
Today, we're excited to announce the release of the CrowdStrike Source Integration for CloudQuery. The integration allows you to seamlessly extract and load your data from CrowdStrike into any database destination. This integration allows you to perform advanced analytics and gain deeper insights into your Cybersecurity data.
What is CrowdStrike? #
CrowdStrike is a Cybersecurity company specializing in cloud-native endpoint protection, threat intelligence, and proactive defense against cyberattacks. The company’s Falcon platform leverages artificial intelligence, machine learning, and behavioral analysis to detect, prevent, and respond to security threats in real time.
How to Sync CrowdStrike Data with CloudQuery #
To start using the CrowdStrike integration, you'll need to:
- Generate new Client Credentials: Navigate to the CrowdStrike's UI. From the left menu bar, go to Support and Resources > API Clients and Keys > Create API Client, and select all Read scopes. Save the credentials securely, as they will be needed later.
- Install CloudQuery CLI: Download and install the CloudQuery CLI on your machine by following the steps on our download page.
- Set Up the Sync Configuration: Create a CloudQuery configuration file by running the following init command:
cloudquery init --source=crowdstrike --destination=postgresql
This command will create acrowdstrike_to_postgresql.yaml
file in your current directory. - Update Environment Variables: Set the environment variables
CROWDSTRIKE_CLIENT_ID
andCROWDSTRIKE_CLIENT_SECRET
using the corresponding values from the credentials obtained in the first step:export CROWDSTRIKE_CLIENT_ID="YOUR_CROWDSTRIKE_CLIENT_ID" export CROWDSTRIKE_CLIENT_SECRET="YOUR_CROWDSTRIKE_CLIENT_SECRET"
- Login to CloudQuery: Log into the CloudQuery Platform using:
cloudquery login
- Sync with CloudQuery: Run the command below to begin syncing:
cloudquery sync crowdstrike_to_postgresql.yaml
Example Queries #
List all devices that run macOS:
select *
from crowdstrike_hosts
where platform_name = 'Mac';
List all CrowdStrike endpoint alerts with a confidence above a certain threshold:
select *
from crowdstrike_alerts
where confidence >= 60
and 'Endpoint' = ANY(data_domains);
List all devices that meet the ZTA criterion of running macOS version 11.0 or newer:
select *
from crowdstrike_host_zta_assessments
where exists (
select 1
from jsonb_array_elements(assessment_items->'os_signals') as os_signal
where os_signal->>'criteria' ilike 'macos version is ≥11.0'
and os_signal->>'meets_criteria' = 'yes'
);
Ready to get insights into your infrastructure? You can download CloudQuery and follow along with our quick start guide, or explore CloudQuery Cloud for a more scalable solution.
Want help getting started? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Written by Alex Savanovich
Alex is a Senior Software Engineer at CloudQuery, specializing in cloud data infrastructure and application development, with a focus on building scalable solutions for multi-cloud environments.