Using the Container Vulnerabilities service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Aggregate count of vulnerabilities grouped by actively exploited | ||||
| Aggregate count of vulnerabilities grouped by csp_rating | ||||
| Aggregate count of vulnerabilities grouped by cvss score | ||||
| Aggregate count of vulnerabilities grouped by severity | ||||
| Aggregate count of vulnerabilities | ||||
| Retrieve top x vulnerabilities with the most impacted images | ||||
| Retrieve top x vulnerabilities with the most recent publication date | ||||
| Retrieve vulnerability details related to an image | ||||
| Retrieve vulnerability and package related info for this customer | ||||
| Retrieve vulnerability and aggregate data filtered by the provided FQL | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
ReadVulnerabilityCountByActivelyExploited
Aggregate count of vulnerabilities grouped by actively exploited
PEP8 method name
read_vulnerability_counts_by_active_exploited
Endpoint
| Method | Route |
|---|---|
 | /container-security/aggregates/vulnerabilities/count-by-actively-exploited/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_active_exploited(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByActivelyExploited",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadVulnerabilityCountByCPSRating
Aggregate count of vulnerabilities grouped by csp_rating
PEP8 method name
read_vulnerability_counts_by_cps_rating
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count-by-cps-rating/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_cps_rating(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByCPSRating(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByCPSRating",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadVulnerabilityCountByCVSSScore
Aggregate count of vulnerabilities grouped by cvss score
PEP8 method name
read_vulnerability_counts_by_cvss_score
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count-by-cvss-score/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_cvss_score(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByCVSSScore",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadVulnerabilityCountBySeverity
Aggregate count of vulnerabilities grouped by severity
PEP8 method name
read_vulnerability_counts_by_severity
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count-by-severity/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_severity(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountBySeverity(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountBySeverity",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadVulnerabilityCount
Aggregate count of vulnerabilities
PEP8 method name
read_vulnerability_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadVulnerabilitiesByImageCount
Retrieve top x vulnerabilities with the most impacted images
PEP8 method name
read_vulnerabilities_by_count
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/by-image-count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerabilities_by_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilitiesByImageCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilitiesByImageCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadVulnerabilitiesPublicationDate
Retrieve top x vulnerabilities with the most recent publication date
PEP8 method name
read_vulnerabilities_by_pub_date
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/by-published-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerabilities_by_pub_date(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilitiesPublicationDate(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilitiesPublicationDate",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadCombinedVulnerabilitiesDetails
Retrieve vulnerability details related to an image
PEP8 method name
read_combined_vulnerability_detail
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/details/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Image UUID |
| filter | | | query | string | Filter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,include_base_image_vuln,is_zero_day,remediation_available,severity |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. Default: 5000 |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerability_detail(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilitiesDetails(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilitiesDetails",
id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadCombinedVulnerabilitiesInfo
Retrieve vulnerability and package related info for this customer
PEP8 method name
read_combined_vulnerabilities_info
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/info/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cve_id | | | query | string | Vulnerability CVE ID |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerabilities_info(cve_id="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilitiesInfo",
cve_id="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadCombinedVulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL
PEP8 method name
read_combined_vulnerabilities
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity] |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents