cloudquery · cqgaurav · Dec 9, 2022 · Nov 28, 2022 · Nov 28, 2022 · Nov 28, 2022
@@ -135,6 +135,7 @@ bugfix
 nvm
 npm
 Gandi
+CrowdStrike
 parallelization
 hyperscale
 goroutines
@@ -0,0 +1,38 @@
+# Generate mocks for mock/unit testing 
+.PHONY: gen-mocks
+gen-mocks:
+	go generate ./client/...
+
+# Test unit
+.PHONY: test
+test:
+	go test -timeout 3m ./...
+
+# Install tools
+.PHONY: install-tools
+install-tools:
+	@echo Installing tools from tools/tool.go
+	@cat tools/tool.go | grep _ | awk -F'"' '{print $$2}' | xargs -tI % go install %
+
+# Install pre-commit hooks. This requires pre-commit to be installed (https://pre-commit.com/)
+.PHONY: install-hooks
+install-hooks:
+	pre-commit install
+
+.PHONY: gen-docs
+gen-docs:
+	rm -rf ./docs/tables/*
+	go run main.go doc ./docs/tables
+
+.PHONY: lint
+lint:
+	golangci-lint run --config ../../.golangci.yml 
+
+.PHONY: gen-code
+gen-code:
+	grep -rl '// Code generated by codegen; DO NOT EDIT.' resources/services/* | xargs rm
+	go run codegen/main.go
+
+# All gen targets
+.PHONY: gen
+gen: gen-code gen-docs
@@ -0,0 +1,38 @@
+# CrowdStrike Plugin
+
+This plugin pulls information from CrowdStrike and loads it into any supported CloudQuery destination (e.g. PostgreSQL).
+
+## Links
+
+- [Tables](./docs/tables/README.md)
+
+## Authentication
+
+In order to fetch information from CrowdStrike, `cloudquery` needs to be authenticated. A client id and secret is required for authentication. Follow [these steps](https://www.crowdstrike.com/blog/tech-center/get-access-falcon-apis/) to set these up. Note that you will also need to enlist the client to have the appropriate scope for what you want to query.
+
+## Configuration
+
+To configure CloudQuery to extract from CrowdStrike, create a `.yml` file in your CloudQuery configuration directory.
+For example, the following configuration will extract information from CrowdStrike, and connect it to a `postgresql` destination plugin
+
+```yml
+kind: source
+spec:
+  # Source spec section
+  name: crowdstrike
+  path: cloudquery/crowdstrike
+  version: "0.0.1" # latest version of crowdstrike plugin
+  tables: ["*"]
+  destinations: ["postgresql"]
+  spec:
+    client_id: <CLIENT_ID>
+    client_secret: <CLIENT_SECRET>
+```
+
+## Example
+
+You can reduce alert fatigue by narrowing alerts down from CrowdStrike using fuzzy matching.
+
+```sql
+select * from crowdstrike_alerts_query where resources like ('%filter_here%');
+```
@@ -0,0 +1,72 @@
+package client
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/cloudquery/plugin-sdk/schema"
+	"github.com/cloudquery/plugin-sdk/specs"
+	"github.com/crowdstrike/gofalcon/falcon"
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+)
+
+type Client struct {
+	logger   zerolog.Logger
+	spec     specs.Source
+	Services Services
+}
+
+type Services struct {
+	Incidents Incidents
+	Alerts    Alerts
+}
+
+func (*Client) Logger() *zerolog.Logger {
+	return &log.Logger
+}
+
+func (*Client) ID() string {
+	return c.spec.Name
+}
+
+func New(ctx context.Context, logger zerolog.Logger, s specs.Source) (schema.ClientMeta, error) {
+	crowdStrikeSpec := &Spec{}
+	if err := s.UnmarshalSpec(&crowdStrikeSpec); err != nil {
+		return nil, fmt.Errorf("failed to unmarshal CrowdStrike spec: %w", err)
+	}
+	clientId, ok := os.LookupEnv("FALCON_CLIENT_ID")
+	if !ok {
+		if crowdStrikeSpec.ClientID == "" {
+			return nil, errors.New("missing FALCON_CLIENT_ID, either set it as an environment variable or pass it in the configuration")
+		}
+		clientId = crowdStrikeSpec.ClientID
+	}
+
+	secret, ok := os.LookupEnv("FALCON_CLIENT_SECRET")
+	if !ok {
+		if crowdStrikeSpec.ClientID == "" {
+			return nil, errors.New("missing FALCON_CLIENT_SECRET, either set it as an environment variable or pass it in the configuration")
+		}
+		secret = crowdStrikeSpec.ClientSecret
+	}
+
+	c, err := falcon.NewClient(&falcon.ApiConfig{
+		ClientId:     clientId,
+		ClientSecret: secret,
+		Context:      ctx,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &Client{
+		logger: logger,
+		Services: Services{
+			Incidents: c.Incidents,
+			Alerts:    c.Alerts,
+		},
+		spec: s,
+	}, nil
+}
diff --git a/plugins/source/crowdstrike/client/mocks/mock_alerts_client.go b/plugins/source/crowdstrike/client/mocks/mock_alerts_client.go