# Login Activity Fetches details of recent login sessions for devices using the CrowdStrike API, providing insights into device access and authentication activities for enhanced endpoint security monitoring. **Sync Type: Full Synchronisation** ## Requirements - Before you connect Monad to CrowdStrike, you need a Client ID and Client Secret. Log in to your CrowdStrike portal, and under Support & Resources, click on 'API Client and Keys' to create your credentials. - Enter a Client Name, Description and API Scopes to define the API client. Ensure read roles for Hosts are enabled. - Click **Done**. - Copy the ClientID and ClientSecret key. You'll need them when you set up the Monad connector. ## Details Monad uses the `cron` field to run this input on specific intervals and returns all login sessions' details, performing a full sync of data each time. ## Configuration The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below. #### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | Cron | string | Yes | Cron string for scheduling tasks. Ex: '0 0 * * *' for daily execution at midnight. | | Cloud Type | string | No | Your cloud type for CrowdStrike. Ex: 'autodiscover', 'us-1', 'us-2', 'eu-1', 'us-gov-1'. | #### Secrets | Secret | Type | Required | Description | |---------|------|----------|-------------| | Client ID | string | Yes | Client ID for the CrowdStrike API. This is required to authenticate requests. | | Client Secret | string | Yes | Client Secret for the CrowdStrike API. This is required to authenticate requests. | ## Custom Schema Handling If the source data doesn't align with any of the [OpenSecurityControlFramework (OSCF) schemas](https://schema.ocsf.io/), you can create a custom transformation using our JQ transform pipeline. For example: ```jq { metadata: { schema_version: "1.0.0", custom_framework: "my_framework" }, controls: .[] } ``` For more information on JQ and how to write your own JQ transformations see the JQ docs [here](https://jqlang.github.io/jq/). If you believe this data source should be included in the standard OSCF schema set, please reach out to our team at [support@monad.com](mailto:support@monad.com). We're always looking to expand our coverage of security control frameworks based on community needs. ## Sample Record ```json { "cid": "067cdb26-4049-9c97-4520-12835df15552", "device_id": "device003", "recent_logins": [ { "login_time": "2025-08-11T23:46:33.569833Z", "user_name": "Tom Miller" }, { "login_time": "2025-08-11T23:46:33.569854Z", "user_name": "Peter Johnson" } ] } ```