Table: crowdstrike_zta_compliance - Query CrowdStrike Zero Trust Assessment Compliances using SQL
CrowdStrike Zero Trust Assessment (ZTA) is a security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. CrowdStrike ZTA ensures that only authenticated and authorized users and devices can access applications and data. It minimizes the risk of attackers gaining access and moving laterally within the network.
Table Usage Guide
The crowdstrike_zta_compliance
table provides insights into device compliance with CrowdStrike's Zero Trust Assessment. As a security engineer, explore device-specific details through this table, including compliance status, device ID, and associated metadata. Utilize it to uncover information about device compliance, such as those not meeting CrowdStrike's security standards, and to verify the security posture of each device.
Examples
Basic info
Explore the average security score and the number of aids across different platforms. This analysis is useful for understanding the overall security compliance in your system.
select average_overall_score, num_aids, platformsfrom crowdstrike_zta_compliance;
select average_overall_score, num_aids, platformsfrom crowdstrike_zta_compliance;
List compliance information per platform
Explore compliance information for each operating system platform, understanding the average overall score and the number of assessments conducted. This can be useful in assessing the security posture and risk management across different platforms.
select p ->> 'name' as os_platform, p ->> 'average_overall_score' as overall_zta_score, p ->> 'num_aids' as no_of_assessmentsfrom crowdstrike_zta_compliance, jsonb_array_elements(platforms) as p;
select json_extract(p.value, '$.name') as os_platform, json_extract(p.value, '$.average_overall_score') as overall_zta_score, json_extract(p.value, '$.num_aids') as no_of_assessmentsfrom crowdstrike_zta_compliance, json_each(platforms) as p;
Schema for crowdstrike_zta_compliance
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
average_overall_score | double precision | Average overall score of this compliance. | |
cid | text | The Customer ID. | |
num_aids | bigint | Number of Zero Trust assessments. | |
platforms | jsonb | Zero Trust compliance information by platform. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- crowdstrike
You can pass the configuration to the command with the --config
argument:
steampipe_export_crowdstrike --config '<your_config>' crowdstrike_zta_compliance