anasmuhmd · anasmuhmd · Oct 16, 2024 · Oct 6, 2024
diff --git a/.mockery.yaml b/.mockery.yaml
@@ -52,6 +52,12 @@ packages:
     interfaces:
       AzureOpenaiClient:
       MicrosoftGraphClient:
+  github.com/blackstork-io/fabric/internal/crowdstrike:
+    config:
+    interfaces:
+      Client:
+      CspmRegistrationClient:
+      DiscoverClient:
   github.com/blackstork-io/fabric/plugin/resolver:
     config:
       inpackage: true

diff --git a/docs/plugins/crowdstrike/_index.md b/docs/plugins/crowdstrike/_index.md
@@ -0,0 +1,31 @@
+---
+title: blackstork/crowdstrike
+weight: 20
+plugin:
+  name: blackstork/crowdstrike
+  description: ""
+  tags: []
+  version: "v0.4.2"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/crowdstrike/"
+type: docs
+hideInMenu: true
+---
+
+{{< plugin-header "blackstork/crowdstrike" "crowdstrike" "v0.4.2" >}}
+
+## Installation
+
+To install the plugin, add it to `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), with a version constraint restricting which available versions of the plugin the codebase is compatible with:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/crowdstrike" = ">= v0.4.2"
+  }
+}
+```
+
+
+## Data sources
+
+{{< plugin-resources "crowdstrike" "data-source" >}}
diff --git a/docs/plugins/crowdstrike/data-sources/falcon_cspm_ioms.md b/docs/plugins/crowdstrike/data-sources/falcon_cspm_ioms.md
@@ -0,0 +1,87 @@
+---
+title: "`falcon_cspm_ioms` data source"
+plugin:
+  name: blackstork/crowdstrike
+  description: "The `falcon_cspm_ioms` data source fetches cloud indicators of misconfigurations (IOMs) from the Falcon security posture management (CSPM) feature"
+  tags: []
+  version: "v0.4.2"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/crowdstrike/"
+resource:
+  type: data-source
+type: docs
+---
+
+{{< breadcrumbs 2 >}}
+
+{{< plugin-resource-header "blackstork/crowdstrike" "crowdstrike" "v0.4.2" "falcon_cspm_ioms" "data source" >}}
+
+## Description
+The `falcon_cspm_ioms` data source fetches cloud indicators of misconfigurations (IOMs) from the Falcon security posture management (CSPM) feature
+
+## Installation
+
+To use `falcon_cspm_ioms` data source, you must install the plugin `blackstork/crowdstrike`.
+
+To install the plugin, add the full plugin name to the `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), as shown below:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/crowdstrike" = ">= v0.4.2"
+  }
+}
+```
+
+Note the version constraint set for the plugin.
+
+## Configuration
+
+The data source supports the following configuration arguments:
+
+```hcl
+config data falcon_cspm_ioms {
+  # Client ID for accessing CrowdStrike Falcon Platform
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  client_id = "some string"
+
+  # Client Secret for accessing CrowdStrike Falcon Platform
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  client_secret = "some string"
+
+  # Member CID for MSSP
+  #
+  # Optional string.
+  # Default value:
+  member_cid = null
+
+  # Falcon cloud abbreviation
+  #
+  # Optional string.
+  # Must be one of: "autodiscover", "us-1", "us-2", "eu-1", "us-gov-1", "gov1"
+  # For example:
+  # client_cloud = "us-1"
+  # 
+  # Default value:
+  client_cloud = null
+}
+```
+
+## Usage
+
+The data source supports the following execution arguments:
+
+```hcl
+data falcon_cspm_ioms {
+  # limit the number of queried items
+  #
+  # Required integer.
+  # For example:
+  size = 42
+}
+```
diff --git a/docs/plugins/crowdstrike/data-sources/falcon_discover_host_details.md b/docs/plugins/crowdstrike/data-sources/falcon_discover_host_details.md
@@ -0,0 +1,93 @@
+---
+title: "`falcon_discover_host_details` data source"
+plugin:
+  name: blackstork/crowdstrike
+  description: "The `falcon_discover_host_details` data source fetches host details from Falcon Discover Host API"
+  tags: []
+  version: "v0.4.2"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/crowdstrike/"
+resource:
+  type: data-source
+type: docs
+---
+
+{{< breadcrumbs 2 >}}
+
+{{< plugin-resource-header "blackstork/crowdstrike" "crowdstrike" "v0.4.2" "falcon_discover_host_details" "data source" >}}
+
+## Description
+The `falcon_discover_host_details` data source fetches host details from Falcon Discover Host API.
+
+## Installation
+
+To use `falcon_discover_host_details` data source, you must install the plugin `blackstork/crowdstrike`.
+
+To install the plugin, add the full plugin name to the `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), as shown below:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/crowdstrike" = ">= v0.4.2"
+  }
+}
+```
+
+Note the version constraint set for the plugin.
+
+## Configuration
+
+The data source supports the following configuration arguments:
+
+```hcl
+config data falcon_discover_host_details {
+  # Client ID for accessing CrowdStrike Falcon Platform
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  client_id = "some string"
+
+  # Client Secret for accessing CrowdStrike Falcon Platform
+  #
+  # Required string.
+  # Must be non-empty
+  # For example:
+  client_secret = "some string"
+
+  # Member CID for MSSP
+  #
+  # Optional string.
+  # Default value:
+  member_cid = null
+
+  # Falcon cloud abbreviation
+  #
+  # Optional string.
+  # Must be one of: "autodiscover", "us-1", "us-2", "eu-1", "us-gov-1", "gov1"
+  # For example:
+  # client_cloud = "us-1"
+  # 
+  # Default value:
+  client_cloud = null
+}
+```
+
+## Usage
+
+The data source supports the following execution arguments:
+
+```hcl
+data falcon_discover_host_details {
+  # limit the number of queried items
+  #
+  # Required integer.
+  # For example:
+  size = 42
+
+  # Host search expression using Falcon Query Language (FQL)
+  #
+  # Optional string.
+  # Default value:
+  filter = null
+}
+```
diff --git a/docs/plugins/plugins.json b/docs/plugins/plugins.json
@@ -133,6 +133,40 @@
       }
     ]
   },
+  {
+    "name": "blackstork/crowdstrike",
+    "version": "v0.4.2",
+    "shortname": "crowdstrike",
+    "resources": [
+      {
+        "name": "falcon_cspm_ioms",
+        "type": "data-source",
+        "config_params": [
+          "client_cloud",
+          "client_id",
+          "client_secret",
+          "member_cid"
+        ],
+        "arguments": [
+          "size"
+        ]
+      },
+      {
+        "name": "falcon_discover_host_details",
+        "type": "data-source",
+        "config_params": [
+          "client_cloud",
+          "client_id",
+          "client_secret",
+          "member_cid"
+        ],
+        "arguments": [
+          "filter",
+          "size"
+        ]
+      }
+    ]
+  },
   {
     "name": "blackstork/elastic",
     "version": "v0.4.2",

diff --git a/examples/templates/crowdstrike/data_falcon_cspm_ioms.fabric b/examples/templates/crowdstrike/data_falcon_cspm_ioms.fabric
@@ -0,0 +1,38 @@
+fabric {
+    plugin_versions = {
+        "blackstork/crowdstrike" = ">= 0.4 < 1.0 || 0.4.0-rev0"
+    }
+}
+
+document "cspm_ioms" {
+  meta {
+    name = "example_document"
+  }
+
+  data falcon_cspm_ioms "cspm" {
+    config {
+        client_id = ""
+        client_secret = ""
+        client_cloud = "eu-1"
+    }
+    size = 100
+  }
+
+  title = "List of CSPM IOMS"
+
+  content table {
+        rows = query_jq(".data.falcon_cspm_ioms.cspm")
+        columns = [
+            {
+                "header" = "Account Id"
+                "value"  = "{{.row.value.account_id}}"
+            },
+            {
+                "header" = "Cloud Provider"
+                "value"  = "{{.row.value.cloud_provider}}"
+            }
+        ]
+  }
+
+}
+
diff --git a/examples/templates/crowdstrike/data_falcon_discover_host_details.fabric b/examples/templates/crowdstrike/data_falcon_discover_host_details.fabric
@@ -0,0 +1,32 @@
+document "falcon_discover_host_details" {
+  meta {
+    name = "example_document"
+  }
+
+  data falcon_discover_host_details "fdhd" {
+    config {
+        client_id = ""
+        client_secret = ""
+        client_cloud = "eu-1"
+    }
+    size = 100
+  }
+
+  title = "List of discover host details"
+
+  content table {
+        rows = query_jq(".data.falcon_discover_host_details.fdhd")
+        columns = [
+            {
+                "header" = "Cid"
+                "value"  = "{{.row.value.cid}}"
+            },
+            {
+                "header" = "City"
+                "value"  = "{{.row.value.city}}"
+            }
+        ]
+  }
+
+}
+