Copy page

CrowdStrike

IoT Assets

Collects detailed information on IoT devices managed by CrowdStrike, including security status and activity logs. This integration supports monitoring and securing IoT environments.

Details

Monad uses the cron field to run this input on specific intervals and returns all IoT assets' details, performing a full sync of data each time.

Requirements

• Before you connect Monad to CrowdStrike, you need a Client ID and Client Secret. Log in to falcon.crowdstrike.com and under Support & Resources, click on 'API Client and Keys' to create your credentials.
• Enter a Client Name, Description and API Scopes to define the API client. Ensure read roles for User Management are enabled.
• Click Done.
• Copy the ClientID and ClientSecret key. You'll need them when you set up the Monad connector. setup documentation

Related Articles

• https://developer.crowdstrike.com/crowdstrike/reference/get-hosts-1
• https://developer.crowdstrike.com/crowdstrike/reference/query-iot-hosts-1

Configurationcrowdstrike-iot-details

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Cron	string	Yes	Cron string for scheduling tasks. Ex: '0 0 * * *' for daily execution at midnight.
Cloud Type	string	No	Your cloud type for CrowdStrike. Ex: 'autodiscover', 'us-1', 'us-2', 'eu-1', 'us-gov-1'.

Secrets

Secret	Type	Required	Description
Client ID	string	Yes	Client ID for the CrowdStrike API. This is required to authenticate requests.
Client Secret	string	Yes	Client Secret for the CrowdStrike API. This is required to authenticate requests.

Custom Schema Handling

If the source data doesn't align with any of the OpenSecurityControlFramework (OSCF) schemas, you can create a custom transformation using our JQ transform pipeline. For example:

Code
{
  metadata: {
    schema_version: "1.0.0",
    custom_framework: "my_framework"
  },
  controls: .[]
}

For more information on JQ and how to write your own JQ transformations see the JQ docs here

If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at support@monad.com. We're always looking to expand our coverage of security control frameworks based on community needs.

Sample Record

Code
{
  "agent_version": "2.0.1",
  "aid": "f5f4cc34-5bf8-b872-9c02-2fe0f8a0109d",
  "available_disk_space": 3468,
  "average_memory_usage": 2581,
  "average_processor_usage": 14,
  "bios_id": "cc93a598-69bc-94d3-a874-721deda14f68",
  "bios_manufacturer": "ACME Inc.",
  "bios_version": "1.0",
  "business_criticality": "High",
  "cid": "customer789",
  "city": "Chicago",
  "claroty_id": "XYZ789",
  "computed_internet_exposure": "Yes",
  "computed_internet_exposure_external_ip": "159.190.34.148",
  "computed_internet_exposure_last_seen": "2025-08-11T23:46:29.604883Z",
  "confidence": 79,
  "country": "USA",
  "cpu_processor_name": "Intel Core i7-8700K",
  "credential_guard_status": true,
  "current_local_ip": "172.51.55.51",
  "data_providers": [
    "Provider A",
    "Provider B"
  ],
  "data_providers_count": 2,
  "device_class": "Industrial IoT",
  "device_family": "Sensor",
  "device_guard_status": true,
  "device_type": "Sensor",
  "discoverer_count": 2,
  "discoverer_ics_collector_ids": [
    "collector123",
    "collector456"
  ],
  "discoverer_product_type_descs": [
    "Type A",
    "Type B"
  ],
  "disk_sizes": [],
  "dragos_id": "DRAGOS123",
  "encrypted_drives": [
    "Drive A",
    "Drive B"
  ],
  "encrypted_drives_count": 2,
  "encryption_status": "Enabled",
  "entity_type": "Managed",
  "external_ip": "160.240.146.197",
  "field_metadata": {
    "agent_version": {
      "description": "Version of the Falcon sensor"
    },
    "aid": {
      "description": "Agent ID of the Falcon sensor"
    }
  },
  "first_seen_timestamp": "2025-08-11T23:46:29.604969Z",
  "groups": [
    "Group A",
    "Group B"
  ],
  "hostname": "iot-host-1",
  "ics_id": "ICS123",
  "id": "c81aba6b-de00-0ca0-f84b-988eeb71184d",
  "internet_exposure": "Yes",
  "iommu_protection_status": "Enabled",
  "kernel_dma_protection_status": true,
  "kernel_version": "4.19.0-16-amd64",
  "last_discoverer_ics_collector_id": "collector456",
  "last_seen_timestamp": "2025-08-11T23:46:29.604984Z",
  "local_ip_addresses": [
    "172.147.160.136",
    "fe80::1"
  ],
  "local_ips_count": 2,
  "logical_core_count": 8,
  "mac_addresses": [
    "8e:d9:ec:d2:c9:17"
  ],
  "machine_domain": "example.com",
  "max_memory_usage": 4096,
  "max_processor_usage": 60,
  "memory_total": 8192,
  "mount_storage_info": [],
  "network_id": "network123",
  "network_interfaces": [],
  "number_of_disk_drives": 1,
  "os_is_eol": "No",
  "os_version": "Ubuntu 20.04",
  "ot_information_sources": [
    "Source A",
    "Source B"
  ],
  "ot_serial_numbers": [
    "Serial A",
    "Serial B"
  ],
  "ou": "Engineering",
  "physical_core_count": 4,
  "platform_name": "Windows",
  "processor_package_count": 1,
  "product_type": "3",
  "product_type_desc": "Server",
  "protocols": [
    "HTTP",
    "HTTPS"
  ],
  "purdue_level": "Level 2",
  "reduced_functionality_mode": "No",
  "secure_boot_enabled_status": true,
  "secure_boot_requested_status": true,
  "secure_memory_overwrite_requested_status": "Enabled",
  "site_name": "Site A",
  "subnet": "192.168.1.0/24",
  "system_guard_status": "Enabled",
  "system_manufacturer": "ACME Inc.",
  "system_product_name": "IoT Sensor X",
  "system_serial_number": "SN123456",
  "tags": [
    "Tag A",
    "Tag B"
  ],
  "total_bios_files": 2,
  "total_disk_space": 2048,
  "uefi_memory_protection_status": "Enabled",
  "unencrypted_drives": [
    "Drive C"
  ],
  "unencrypted_drives_count": 1,
  "used_disk_space": 1024,
  "virtual_zone": "Zone A",
  "virtualization_based_security_status": true,
  "vlan": [
    "VLAN123"
  ],
  "xdome_id": "XDOME456"
}