Table: crowdstrike_user - Query Crowdstrike Users using SQL
Crowdstrike is a cloud-native endpoint security platform that combines next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence. It uses artificial intelligence (AI) to analyze behavior on endpoints and networks, helping to stop breaches and mitigate threat activity. Crowdstrike Users are individual accounts within the Crowdstrike platform, each with their specific roles and permissions.
Table Usage Guide
The crowdstrike_user
table provides insights into user accounts within the Crowdstrike platform. As a security analyst, explore user-specific details through this table, including user ID, email, name, and activity times. Utilize it to uncover information about user behaviors, such as login patterns, and to verify user roles and permissions.
Examples
Basic info
Explore which users are registered in the system, gaining insights into the scope of your user base. This can be beneficial in assessing the scale of your operations and identifying potential areas for user engagement or growth.
select first_name, last_name, uidfrom crowdstrike_user
select first_name, last_name, uidfrom crowdstrike_user
List users with specific roles
Explore which users have been assigned specific roles such as 'custom_ioas_manager' or 'dashboard_admin'. This can be useful in managing user permissions and ensuring appropriate access controls are in place.
select first_name, last_name, uidfrom crowdstrike_userwhere roles ?| array [ 'custom_ioas_manager', 'dashboard_admin' ]
Error: SQLite does not support array operationsand the '?' operator used in PostgreSQL.
Schema for crowdstrike_user
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
customer | text | The customer ID. | |
first_name | text | First name of the user. | |
last_name | text | Last name of the user. | |
roles | jsonb | Role IDs of roles assigned to a user. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. | |
uid | text | = | User ID. |
uuid | text | A unique identifier for the user. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- crowdstrike
You can pass the configuration to the command with the --config
argument:
steampipe_export_crowdstrike --config '<your_config>' crowdstrike_user