turbot/crowdstrike

GitHub
steampipe plugin install crowdstrikesteampipe plugin install crowdstrike

CrowdStrike + Steampipe

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

CrowdStrike provides cloud workload and endpoint security, threat intelligence, and cyberattack response services.

For example:

select
created_timestamp,
host_info -> 'hostname' AS hostname,
status
from
crowdstrike_spotlight_vulnerability
where
created_timestamp > now() - interval '15 days';

Documentation

Get started

Install

Download and install the latest CrowdStrike plugin:

steampipe plugin install crowdstrike

Configuration

Installing the latest crowdstrike plugin will create a config file (~/.steampipe/config/crowdstrike.spc) with a single connection named crowdstrike:

connection "crowdstrike" {
plugin = "crowdstrike"
# CrowdStrike client ID
# Can also be set with the FALCON_CLIENT_ID environment variable
# client_id = "4fe29d3fakeclientid"
# CrowdStrike client secret
# Can also be set with the FALCON_CLIENT_SECRET environment variable
# client_secret = "Z0F3MTfakesecret"
# Falcon cloud (us-1, us-2, eu-1, us-gov-1)
# Can also be set with the FALCON_CLOUD environment variable
# client_cloud = "us-2"
}
  • client_cloud - (Required) The Falcon cloud abbreviation (us-1, us-2, eu-1, us-gov-1). Can also be set with the FALCON_CLOUD environment variable.
  • client_id - (Required) The client ID. Can also be set with the FALCON_CLIENT_ID environment variable.
  • client_secret - (Required) The client secret. Can also be set with the FALCON_CLIENT_SECRET environment variable.

Get involved