falcon_detection_details data source

blackstork/crowdstrike, v0.4.2

Description #

The falcon_detection_details data source fetches detection details from Falcon API.

Installation #

BlackStork SaaS: Plugin dependencies are resolved automatically by the platform. You do not need to install plugins or define the blackstork configuration block manually.

To use the falcon_detection_details data source locally via blackstork-cli, you must declare the blackstork/crowdstrike plugin as a dependency in your global configuration block.

blackstork {
  plugin_versions = {
    "blackstork/crowdstrike" = ">= v0.4.2"
  }
}

After declaring the dependency, execute blackstork-cli install to fetch the plugin. See Configuration for details.

Configuration #

This data source accepts the following configuration arguments within a config data falcon_detection_details block:

config data falcon_detection_details {
  # Client ID for accessing CrowdStrike Falcon Platform
  #
  # Required string.
  # Must be non-empty
  #
  # For example:
  client_id = "some string"

  # Client Secret for accessing CrowdStrike Falcon Platform
  #
  # Required string.
  # Must be non-empty
  #
  # For example:
  client_secret = "some string"

  # Member CID for MSSP
  #
  # Optional string.
  # Default value:
  member_cid = null

  # Falcon cloud abbreviation
  #
  # Optional string.
  # Must be one of: "autodiscover", "us-1", "us-2", "eu-1", "us-gov-1", "gov1"
  #
  # For example:
  # client_cloud = "us-1"
  #
  # Default value:
  client_cloud = null
}

Usage #

This data source accepts the following arguments within a data falcon_detection_details block:

data falcon_detection_details {
  # Host search expression using Falcon Query Language (FQL)
  #
  # Optional string.
  # Default value:
  filter = null

  # limit the number of queried items
  #
  # Optional integer.
  # Default value:
  limit = 10
}