Using the Kubernetes Container Compliance service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types. | ||||
| Provides aggregated compliance assessment metrics and rule status information, organized by asset type. | ||||
| Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type. | ||||
| Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework. | ||||
| Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low). | ||||
| Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts. | ||||
| Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low). | ||||
| Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations. | ||||
| Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations. | ||||
| Retrieve detailed compliance rule information by ID. Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
AggregateAssessmentsGroupedByClustersV2
Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types.
PEP8 method name
aggregate_assessments_by_cluster
Endpoint
| Method | Route |
|---|---|
 | /container-compliance/aggregates/clusters/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| offset |  | | query | integer | The zero-based position of the first record to return. |
| limit | | | query | integer | The maximum number of records to return. (1-500) Default is 20. |
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_assessments_by_cluster(offset=integer,
limit=integer,
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateAssessmentsGroupedByClustersV2(offset=integer,
limit=integer,
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateAssessmentsGroupedByClustersV2",
offset=integer,
limit=integer,
filter="string"
)
print(response)
Back to Table of Contents
AggregateComplianceByAssetType
Provides aggregated compliance assessment metrics and rule status information, organized by asset type.
PEP8 method name
aggregate_compliance_by_asset_type
Endpoint
| Method | Route |
|---|---|
| /container-compliance/aggregates/compliance-by-asset-type/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_compliance_by_asset_type(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateComplianceByAssetType(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateComplianceByAssetType", filter="string")
print(response)
Back to Table of Contents
AggregateComplianceByClusterType
Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type.
PEP8 method name
aggregate_compliance_by_cluster_type
Endpoint
| Method | Route |
|---|---|
| /container-compliance/aggregates/compliance-by-cluster-type/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_compliance_by_cluster_type(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateComplianceByClusterType(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateComplianceByClusterType", filter="string")
print(response)
Back to Table of Contents
AggregateComplianceByFramework
Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework.
PEP8 method name
aggregate_compliance_by_framework
Endpoint
| Method | Route |
|---|---|
| /container-compliance/aggregates/compliance-by-framework/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_compliance_by_framework(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateComplianceByFramework(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateComplianceByFramework", filter="string")
print(response)
Back to Table of Contents
AggregateFailedRulesByClustersV3
Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low).
PEP8 method name
aggregate_failed_rules_by_clusters
Endpoint
| Method | Route |
|---|---|
| /container-compliance/aggregates/failed-rules-by-clusters/v3 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity |
| limit | | | query | integer | The maximum number of records to return. (1-100) Default is 10. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_by_clusters(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateFailedRulesByClustersV3(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateFailedRulesByClustersV3", filter="string", limit=integer)
print(response)
Back to Table of Contents
AggregateAssessmentsGroupedByRulesV2
Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts.
PEP8 method name
aggregate_assessments_by_rules
Endpoint
| Method | Route |
|---|---|
| /container-compliance/aggregates/rules/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| offset | | | query | integer | The zero-based position of the first record to return. |
| limit | | | query | integer | The maximum number of records to return. (1-500) Default is 20. |
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_assessments_by_rules(offset=integer,
limit=integer,
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateAssessmentsGroupedByRulesV2(offset=integer,
limit=integer,
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateAssessmentsGroupedByRulesV2",
offset=integer,
limit=integer,
filter="string"
)
print(response)
Back to Table of Contents
AggregateTopFailedImages
Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low).
PEP8 method name
aggregate_top_failed_images
Endpoint
| Method | Route |
|---|---|
| /container-compliance/aggregates/top-failed-images/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity |
| limit | | | query | integer | The maximum number of records to return. (1-100) Default is 10. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_top_failed_images(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateTopFailedImages(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateTopFailedImages", filter="string", limit=integer)
print(response)
Back to Table of Contents
CombinedImagesFindings
Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations.
PEP8 method name
image_findings
Endpoint
| Method | Route |
|---|---|
| /container-compliance/combined/findings-by-images/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, cloud_info.namespace, compliance_finding.asset_uid, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status, image_digest, image_id, image_registry, image_repository, image_tag |
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| limit | | | query | integer | The maximum number of images for which assessments are to be returned: 1-100. Default is 100. Use with the after parameter to manage pagination of results. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.image_findings(filter="string",
after="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImagesFindings(filter="string",
after="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImagesFindings",
filter="string",
after="string",
limit=integer
)
print(response)
Back to Table of Contents
CombinedNodesFindings
Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations.
PEP8 method name
node_findings
Endpoint
| Method | Route |
|---|---|
| /container-compliance/combined/findings-by-nodes/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.asset_uid, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status, aid, node_id, node_name, node_type |
| after | | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| limit | | | query | integer | The maximum number of nodes for which assessments are to be returned: 1-100. Default is 100. Use with the after parameter to manage pagination of results. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.node_findings(filter="string",
after="string",
limit=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedNodesFindings(filter="string",
after="string",
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedNodesFindings",
filter="string",
after="string",
limit=integer
)
print(response)
Back to Table of Contents
getRulesMetadataByID
Retrieve detailed compliance rule information by ID.
Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers.
PEP8 method name
get_rules_metadata
Endpoint
| Method | Route |
|---|---|
| /container-compliance/combined/findings-by-nodes/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Rule IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_rules_metadata(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance
# Do not hardcode API credentials!
falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.getRulesMetadataByID(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("getRulesMetadataByID", ids=id_list)
print(response)
Back to Table of Contents