turbot/crowdstrike
steampipe plugin install crowdstrike

Table: crowdstrike_user - Query Crowdstrike Users using SQL

Crowdstrike is a cloud-native endpoint security platform that combines next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, and threat intelligence. It uses artificial intelligence (AI) to analyze behavior on endpoints and networks, helping to stop breaches and mitigate threat activity. Crowdstrike Users are individual accounts within the Crowdstrike platform, each with their specific roles and permissions.

Table Usage Guide

The crowdstrike_user table provides insights into user accounts within the Crowdstrike platform. As a security analyst, explore user-specific details through this table, including user ID, email, name, and activity times. Utilize it to uncover information about user behaviors, such as login patterns, and to verify user roles and permissions.

Examples

Basic info

Explore which users are registered in the system, gaining insights into the scope of your user base. This can be beneficial in assessing the scale of your operations and identifying potential areas for user engagement or growth.

select
first_name,
last_name,
uid
from
crowdstrike_user
select
first_name,
last_name,
uid
from
crowdstrike_user

List users with specific roles

Explore which users have been assigned specific roles such as 'custom_ioas_manager' or 'dashboard_admin'. This can be useful in managing user permissions and ensuring appropriate access controls are in place.

select
first_name,
last_name,
uid
from
crowdstrike_user
where
roles ?| array [ 'custom_ioas_manager',
'dashboard_admin' ]
Error: SQLite does not support array operations
and the '?' operator used in PostgreSQL.

Schema for crowdstrike_user

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
customertextThe customer ID.
first_nametextFirst name of the user.
last_nametextLast name of the user.
rolesjsonbRole IDs of roles assigned to a user.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
uidtext=User ID.
uuidtextA unique identifier for the user.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- crowdstrike

You can pass the configuration to the command with the --config argument:

steampipe_export_crowdstrike --config '<your_config>' crowdstrike_user