feat(crowdstrike): add integration procedures and configuration for CrowdStrike module

Author: mjabascal10

backend/src/main/java/com/park/utmstack/domain/application_modules/enums/ModuleName.java

@@ -65,5 +65,6 @@ public enum ModuleName {
     PFSENSE,
     ORACLE,
     SURICATA,
-    UTMSTACK
+    UTMSTACK,
+    CROWDSTRIKE
 }

backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleCrowdStrike.java

@@ -0,0 +1,97 @@
+package com.park.utmstack.domain.application_modules.factory.impl;
+
+import com.park.utmstack.domain.application_modules.UtmModule;
+import com.park.utmstack.domain.application_modules.UtmModuleGroupConfiguration;
+import com.park.utmstack.domain.application_modules.enums.ModuleName;
+import com.park.utmstack.domain.application_modules.factory.IModule;
+import com.park.utmstack.domain.application_modules.types.ModuleConfigurationKey;
+import com.park.utmstack.domain.application_modules.types.ModuleRequirement;
+import com.park.utmstack.domain.application_modules.validators.UtmModuleConfigValidator;
+import com.park.utmstack.repository.UtmModuleGroupConfigurationRepository;
+import com.park.utmstack.service.application_modules.UtmModuleService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Component
+@RequiredArgsConstructor
+public class ModuleCrowdStrike implements IModule {
+    private static final String CLASSNAME = "ModuleCrowdStrike";
+
+    private final UtmModuleService moduleService;
+    private final UtmModuleConfigValidator utmStackConfigValidator;
+
+    @Override
+    public UtmModule getDetails(Long serverId) throws Exception {
+        final String ctx = CLASSNAME + ".getDetails";
+        try {
+            return moduleService.findByServerIdAndModuleName(serverId, ModuleName.CROWDSTRIKE);
+        } catch (Exception e) {
+            throw new Exception(ctx + ": " + e.getMessage());
+        }
+    }
+
+    @Override
+    public List<ModuleRequirement> checkRequirements(Long serverId) throws Exception {
+        return Collections.emptyList();
+    }
+
+    @Override
+    public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Exception {
+        List<ModuleConfigurationKey> keys = new ArrayList<>();
+
+        keys.add(ModuleConfigurationKey.builder()
+            .withGroupId(groupId)
+            .withConfKey("crowdStrike.client.id")
+            .withConfName("Client ID")
+            .withConfDescription("CrowdStrike Client ID")
+            .withConfDataType("text")
+            .withConfRequired(true)
+            .build());
+
+        keys.add(ModuleConfigurationKey.builder()
+                .withGroupId(groupId)
+                .withConfKey("crowdStrike.client.secret")
+                .withConfName("Secret")
+                .withConfDescription("CrowdStrike Client Secret")
+                .withConfDataType("password")
+                .withConfRequired(true)
+                .build());
+
+        keys.add(ModuleConfigurationKey.builder()
+            .withGroupId(groupId)
+            .withConfKey("crowdStrike.cloud.region.url")
+            .withConfName("Cloud Region URL")
+            .withConfDescription("CrowdStrike Cloud Region URL")
+            .withConfDataType("text")
+            .withConfRequired(false)
+            .build());
+
+
+        keys.add(ModuleConfigurationKey.builder()
+                .withGroupId(groupId)
+                .withConfKey("crowdStrike.app.name")
+                .withConfName("App Name")
+                .withConfDescription("App Name for CrowdStrike integration")
+                .withConfDataType("text")
+                .withConfRequired(false)
+                .build());
+
+        return keys;
+
+    }
+
+    public boolean validateConfiguration(UtmModule module, List<UtmModuleGroupConfiguration> configuration) {
+
+        return utmStackConfigValidator.validate(module, configuration);
+    }
+
+    @Override
+    public ModuleName getName() {
+        return ModuleName.SOC_AI;
+    }
+}

backend/src/main/resources/config/liquibase/changelog/20260105001_adding_crowdstrike_integration.xml

@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20260105001" author="Manuel">
+        <createProcedure dbms="postgresql">
+        <![CDATA[
+            CREATE OR REPLACE FUNCTION public.register_integration_crowdstrike(srv_id integer)RETURNS void
+            LANGUAGE plpgsql
+            AS
+                $function$
+                declare
+                    grp_id integer;
+                    mod_id bigint;
+
+                        begin
+                            INSERT INTO utm_module (pretty_name, module_description, module_active, module_icon, module_name,
+                                                    server_id, module_category, needs_restart, lite_version, is_activatable)
+                            VALUES ('CrowdStrike',
+                                    'CrowdStrike is a leading cybersecurity company whose cloud-native Falcon platform uses AI, threat intelligence, and a lightweight agent to protect endpoints, cloud workloads, identities, and data.',
+                                    FALSE,
+                                    'crowdstrike.svg',
+                                    'CROWDSTRIKE',
+                                    srv_id,
+                                    'Device',
+                                    FALSE,
+                                    TRUE,
+                                    TRUE)
+                                ON CONFLICT (module_name, server_id) DO UPDATE SET pretty_name        = 'CrowdStrike',
+                                                                            module_icon        = 'crowdstrike.svg',
+                                                                            module_name        = 'CROWDSTRIKE',
+                                                                            module_category    = 'Device',
+                                                                            module_description = 'CrowdStrike is a leading cybersecurity company whose cloud-native Falcon platform uses AI, threat intelligence, and a lightweight agent to protect endpoints, cloud workloads, identities, and data.',
+                                                                            lite_version       = TRUE,
+                                                                            server_id          = srv_id;
+
+                            end;
+                $function$;
+            ]]>
+        </createProcedure>
+
+        <createProcedure dbms="postgresql">
+            <![CDATA[
+                create or replace function register_integrations(srv_id integer, srv_type character varying)
+                    returns void
+                    language plpgsql
+                    as
+                $$
+                BEGIN
+
+                    perform public.register_integration_netflow(srv_id);
+
+                    perform public.register_integration_window_agent(srv_id);
+
+                    perform public.register_integration_syslog(srv_id);
+
+                    perform public.register_integration_vmware(srv_id);
+
+                    perform public.register_integration_linux_agent(srv_id);
+
+                    perform public.register_integration_apache(srv_id);
+
+                    perform public.register_integration_linux_audit_demon(srv_id);
+
+                    perform public.register_integration_elasticsearch(srv_id);
+
+                    perform public.register_integration_hap(srv_id);
+
+                    perform public.register_integration_kafka(srv_id);
+
+                    perform public.register_integration_kibana(srv_id);
+
+                    perform public.register_integration_logstash(srv_id);
+
+                    perform public.register_integration_mongodb(srv_id);
+
+                    perform public.register_integration_mysql(srv_id);
+
+                    perform public.register_integration_nats(srv_id);
+
+                    perform public.register_integration_nginx(srv_id);
+
+                    perform public.register_integration_osquery(srv_id);
+
+                    perform public.register_integration_postgresql(srv_id);
+
+                    perform public.register_integration_redis(srv_id);
+
+                    perform public.register_integration_traefik(srv_id);
+
+                    perform public.register_integration_cisco(srv_id);
+
+                    perform public.register_integration_cisco_meraki(srv_id);
+
+                    perform public.register_integration_json(srv_id);
+
+                    perform public.register_integration_iis(srv_id);
+
+                    perform public.register_integration_kaspersky(srv_id);
+
+                    perform public.register_integration_eset(srv_id);
+
+                    perform public.register_integration_sentinel_one(srv_id);
+
+                    perform public.register_integration_fortigate(srv_id);
+
+                    perform public.register_integration_sophosxg(srv_id);
+
+                    perform public.register_integration_macos(srv_id);
+
+
+                IF srv_type = 'aio' THEN
+
+                    perform public.register_integration_file_integrity(srv_id);
+
+                    perform public.register_integration_azure(srv_id);
+
+                    perform public.register_integration_o365(srv_id);
+
+                    perform public.register_integration_aws(srv_id);
+
+                    perform public.register_integration_sophos_central(srv_id);
+
+                    perform public.register_integration_gcp(srv_id);
+
+                    perform public.register_integration_fire_power(srv_id);
+
+                    perform public.register_integration_mikrotik(srv_id);
+
+                    perform public.register_integration_palo_alto(srv_id);
+
+                    perform public.register_integration_cisco_switch(srv_id);
+
+                    perform public.register_integration_sonic_wall(srv_id);
+
+                    perform public.register_integration_deceptive_bytes(srv_id);
+
+                    perform public.register_integration_github(srv_id);
+
+                    perform public.register_integration_bitdefender(srv_id);
+
+                    perform public.register_integration_soc_ai(srv_id);
+
+                    perform public.register_integration_suricata(srv_id);
+
+                    perform public.register_integration_utmstack(srv_id);
+
+                    perform public.register_integration_crowdstrike(srv_id);
+
+                END IF;
+
+                perform public.update_module_dependencies();
+            END;
+            $$;
+            ]]>
+        </createProcedure>
+        <createProcedure dbms="postgresql">
+            do
+            $$
+            begin
+                perform public.execute_register_integration_function();
+            end;
+            $$
+            language plpgsql;
+        </createProcedure>
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            INSERT INTO utm_data_types (id, data_type, data_type_name, data_type_description, last_update, included, system_owner)
+            VALUES (51, 'crowdstrike', 'CrowdStrike', 'Used to filter logs and apply alerting rules related to CrowdStrike integration', NOW(), true, true);
+
+                INSERT INTO utm_logstash_filter (id, logstash_filter, filter_name, filter_group_id, system_owner, module_name, is_active, filter_version, data_type_id)
+                VALUES (1532, $$
+
+                    # Crowdstrike module filter, version 1.0.0
+                    # Based in docs and samples provided
+                    #
+                    # Documentations
+                    # 1- https://docs.cyderes.cloud/parser-knowledge-base/cs_stream
+
+                    pipeline:
+                      - dataTypes:
+                          - crowdstrike
+                        steps:
+                          - json:
+                              source: raw
+
+                    $$, 'CrowdStrike', null, true, 'CROWDSTRIKE', false, '2.0.0', 51);
+            ]]>
+        </sql>
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+                    INSERT INTO public.utm_logstash_pipeline (id, pipeline_id, pipeline_name, pipeline_status, module_name, system_owner, pipeline_description, pipeline_internal, events_out)
+                    VALUES (57, 'crowdstrike', 'CrowdStrike', 'down', 'CROWDSTRIKE', true, null, false, 0);
+
+                    INSERT INTO utm_group_logstash_pipeline_filters (filter_id, pipeline_id, relation)
+                    VALUES (1532, 57, 'PIPELINE_FILTER');
+
+                    INSERT INTO utm_index_pattern (id, pattern, pattern_module, pattern_system, is_active)
+                    VALUES (70,'v11-log-crowdstrike-*', 'CrowdStrike', true, true);
+
+                    INSERT INTO utm_menu (id, name, url, parent_id, type, dashboard_id, position, menu_active, menu_action, menu_icon, module_name_short)
+                    VALUES (268, 'CrowdStrike', 'discover/log-analyzer?patternId=70&indexPattern=v11-log-crowdstrike-*', 200, 1, null, 68, false, false, null, 'CROWDSTRIKE');
+
+                    INSERT INTO utm_menu_authority (menu_id, authority_name)
+                    VALUES ( 268, 'ROLE_USER');
+
+                    INSERT INTO utm_menu_authority (menu_id, authority_name)
+                    VALUES ( 268, 'ROLE_ADMIN');
+
+            ]]>
+
+
+        </sql>
+    </changeSet>
+</databaseChangeLog>

backend/src/main/resources/config/liquibase/master.xml

@@ -291,5 +291,7 @@
 
     <include file="/config/liquibase/changelog/20251223003_update_filter_wineventlog.xml" relativeToChangelogFile="false"/>
 
+    <include file="/config/liquibase/changelog/20260105001_adding_crowdstrike_integration.xml" relativeToChangelogFile="false"/>
+
 
 </databaseChangeLog>