Background

The Run Crowdstrike Cloud Query Action performs Steampipe queries on CrowdStrike resources with a powerful and simple PostgreSQL syntax. For example, a complicated action such as fetching all of your hosts:
select    instance_id,    hostname,    last_login_timestampfrom    crowdstrike_host;
To list hosts which do not have firewall applied, use the following query:
select    hostname,    device_policiesfrom    crowdstrike_hostwhere    (device_policies -> 'firewall' -> 'applied') :: bool = false;
A query that fetches a list of open detections from the last 4 days might look like this:
select    detection_id,    created_timestamp,    device ->> 'device_id' as device_id,    device ->> 'hostname' as hostname,    device ->> 'platform_name' as platform_name,    device ->> 'os_version' as os_version,    statusfrom    crowdstrike_detectionwhere    status = 'open'  and now() - created_timestamp > interval '4 days';
A full description of all existing tables and official examples are provided here:
Blink supports this Steampipe version: v0.2.0.

Action Parameters

ParameterDescription
SQL statementThe SQL statement we wish to use to query the resource.
Output formatRepresentation of the output result. The possible options are “Table”, “CSV” or “JSON”.
RunAWSCloudQuery