CrowdStrike + Steampipe
Steampipe is an open source CLI to instantly query cloud APIs using SQL.
CrowdStrike provides cloud workload and endpoint security, threat intelligence, and cyberattack response services.
For example:
select created_timestamp, host_info -> 'hostname' AS hostname, statusfrom crowdstrike_spotlight_vulnerabilitywhere created_timestamp > now() - interval '15 days';
Documentation
Get started
Install
Download and install the latest CrowdStrike plugin:
steampipe plugin install crowdstrike
Configuration
Installing the latest crowdstrike plugin will create a config file (~/.steampipe/config/crowdstrike.spc
) with a single connection named crowdstrike
:
connection "crowdstrike" { plugin = "crowdstrike"
# CrowdStrike client ID # Can also be set with the FALCON_CLIENT_ID environment variable # client_id = "4fe29d3fakeclientid"
# CrowdStrike client secret # Can also be set with the FALCON_CLIENT_SECRET environment variable # client_secret = "Z0F3MTfakesecret"
# Falcon cloud (us-1, us-2, eu-1, us-gov-1) # Can also be set with the FALCON_CLOUD environment variable # client_cloud = "us-2"}
client_cloud
- (Required) The Falcon cloud abbreviation (us-1, us-2, eu-1, us-gov-1). Can also be set with theFALCON_CLOUD
environment variable.client_id
- (Required) The client ID. Can also be set with theFALCON_CLIENT_ID
environment variable.client_secret
- (Required) The client secret. Can also be set with theFALCON_CLIENT_SECRET
environment variable.
Get involved
- Open source: https://github.com/turbot/steampipe-plugin-crowdstrike
- Community: Slack Channel