CrowdStrike Falcon CrowdStrike Subreddit

Using the Container Vulnerabilities service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
ReadVulnerabilityCountByActivelyExploited
PEP8read_vulnerability_counts_by_active_exploited
Aggregate count of vulnerabilities grouped by actively exploited
ReadVulnerabilityCountByCPSRating
PEP8read_vulnerability_counts_by_cps_rating
Aggregate count of vulnerabilities grouped by csp_rating
ReadVulnerabilityCountByCVSSScore
PEP8read_vulnerability_counts_by_cvss_score
Aggregate count of vulnerabilities grouped by cvss score
ReadVulnerabilityCountBySeverity
PEP8read_vulnerability_counts_by_severity
Aggregate count of vulnerabilities grouped by severity
ReadVulnerabilityCount
PEP8read_vulnerability_count
Aggregate count of vulnerabilities
ReadVulnerabilitiesByImageCount
PEP8read_vulnerabilities_by_count
Retrieve top x vulnerabilities with the most impacted images
ReadVulnerabilitiesPublicationDate
PEP8read_vulnerabilities_by_pub_date
Retrieve top x vulnerabilities with the most recent publication date
ReadCombinedVulnerabilitiesDetails
PEP8read_combined_vulnerability_detail
Retrieve vulnerability details related to an image
ReadCombinedVulnerabilitiesInfo
PEP8read_combined_vulnerabilities_info
Retrieve vulnerability and package related info for this customer
ReadCombinedVulnerabilities
PEP8read_combined_vulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadVulnerabilityCountByActivelyExploited

Aggregate count of vulnerabilities grouped by actively exploited

PEP8 method name

read_vulnerability_counts_by_active_exploited

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-actively-exploited/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_active_exploited(filter="string",
                                                                limit=integer,
                                                                offset=integer
                                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
                                                            limit=integer,
                                                            offset=integer
                                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountByActivelyExploited",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountByCPSRating

Aggregate count of vulnerabilities grouped by csp_rating

PEP8 method name

read_vulnerability_counts_by_cps_rating

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-cps-rating/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_cps_rating(filter="string",
                                                          limit=integer,
                                                          offset=integer
                                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByCPSRating(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountByCPSRating",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountByCVSSScore

Aggregate count of vulnerabilities grouped by cvss score

PEP8 method name

read_vulnerability_counts_by_cvss_score

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-cvss-score/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_cvss_score(filter="string",
                                                          limit=integer,
                                                          offset=integer
                                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.command("ReadVulnerabilityCountByCVSSScore",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountBySeverity

Aggregate count of vulnerabilities grouped by severity

PEP8 method name

read_vulnerability_counts_by_severity

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-severity/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_severity(filter="string",
                                                        limit=integer,
                                                        offset=integer
                                                        )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountBySeverity(filter="string",
                                                   limit=integer,
                                                   offset=integer
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountBySeverity",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCount

Aggregate count of vulnerabilities

PEP8 method name

read_vulnerability_count

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_count(filter="string",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCount(filter="string",
                                         limit=integer,
                                         offset=integer
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilitiesByImageCount

Retrieve top x vulnerabilities with the most impacted images

PEP8 method name

read_vulnerabilities_by_count

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/by-image-count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerabilities_by_count(filter="string",
                                                limit=integer,
                                                offset=integer
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilitiesByImageCount(filter="string",
                                                  limit=integer,
                                                  offset=integer
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilitiesByImageCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilitiesPublicationDate

Retrieve top x vulnerabilities with the most recent publication date

PEP8 method name

read_vulnerabilities_by_pub_date

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/by-published-date/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerabilities_by_pub_date(filter="string",
                                                   limit=integer,
                                                   offset=integer
                                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilitiesPublicationDate(filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilitiesPublicationDate",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilitiesDetails

Retrieve vulnerability details related to an image

PEP8 method name

read_combined_vulnerability_detail

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/details/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringImage UUID
filter
Service Class Support

Uber Class Support
querystringFilter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,include_base_image_vuln,is_zero_day,remediation_available,severity
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerability_detail(id="string",
                                                     filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilitiesDetails(id="string",
                                                     filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilitiesDetails",
                          id="string",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilitiesInfo

Retrieve vulnerability and package related info for this customer

PEP8 method name

read_combined_vulnerabilities_info

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/info/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cve_id
Service Class Support

Uber Class Support
querystringVulnerability CVE ID
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerabilities_info(cve_id="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
                                                  limit=integer,
                                                  offset=integer
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilitiesInfo",
                          cve_id="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilities

Retrieve vulnerability and aggregate data filtered by the provided FQL

PEP8 method name

read_combined_vulnerabilities

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
parametersService Class Support
Uber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support

Uber Class Support
querystringThe fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity]

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerabilities(filter="string",
                                                limit=integer,
                                                offset=integer,
                                                sort="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilities(filter="string",
                                              limit=integer,
                                              offset=integer,
                                              sort="string"
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilities",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)