falcon-integration-gateway

AWS SQS Backend

Integration with AWS SQS – pushes raw events from CrowdStrike event stream to AWS SQS. Deduplication of the events is done on SQS side.

Example Configuration file

config/config.ini configures Falcon Integration Gateway. Below is a minimal configuration example for AWS SQS backend:

[main]
# Cloud backends that are enabled. The gateway will push events to the cloud providers specified below
backends=AWS_SQS

[aws_sqs]
# AWS section is applicable only when AWS backend is enabled in the [main] section.

# Uncomment to provide aws region. Alternatively, use AWS_REGION env variable
#region=eu-west-1

# Uncomment to provide name of AWS SQS. Alternatively, use AWS_SQS env variable
#sqs_queue_name = my-sqs-queue-for-falcon

Developer Guide

• Build the image

  docker build . -t falcon-integration-gateway
  

• Run the application

  docker run -it --rm \
      -e FALCON_CLIENT_ID="$FALCON_CLIENT_ID" \
      -e FALCON_CLIENT_SECRET="$FALCON_CLIENT_SECRET" \
      -e FALCON_CLOUD_REGION="us-1" \
      -e AWS_SQS=my-queue \
      -e AWS_REGION=mars-west-2 \
      -v ~/.aws:/fig/.aws \
      falcon-integration-gateway:latest
  

This site is open source. Improve this page.