Using the Cloud Snapshots service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Search for snapshot jobs identified by the provided filter. | ||||
| Register a cloud account for snapshot scanning. | ||||
| Retrieve snapshot jobs identified by the provided IDs. | ||||
| Launch a snapshot scan for a given cloud asset. | ||||
| Gets the registry credentials. | ||||
| Retrieve the scan report for an instance. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
ReadDeploymentsCombined
Search for snapshot jobs identified by the provided filter.
PEP8 method name
search_scan_jobs
Endpoint
| Method | Route |
|---|---|
 | /snapshots/combined/deployments/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Search snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,asset_identifier,cloud_provider,region,status |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider instance_type last_updated_timestamp region status] |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_scan_jobs(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
RegisterCspmSnapshotAccount
Register a cloud account for snapshot scanning.
PEP8 method name
register_account
Endpoint
| Method | Route |
|---|---|
 | /snapshots/entities/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | list of dictionaries | Full body payload in JSON format. |
| aws_accounts | |  | body | list of dictionaries | Complete list of AWS accounts to register. |
| account_number | | | body | string | AWS account number. Overriden if aws_accounts keyword is provided. |
| batch_regions | | | body | string | Region the batch is executed within. Overriden if aws_accounts keyword is provided. |
| iam_external_id | | | body | string | The external ID of the IAM account used. Overriden if aws_accounts keyword is provided. |
| iam_role_arn | | | body | string | The AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided. |
| kms_alias | | | body | string | The KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided. |
| processing_account | | | body | string | The ID of the processing account. Overriden if aws_accounts keyword is provided. |
Usage
Service class example (PEP8 syntax)
from falconpy import CLoudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.register_account(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegisterCspmSnapshotAccount(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aws_accounts": [
{
"account_number": "string",
"batch_regions": [
{
"job_definition_name": "string",
"job_queue": "string",
"region": "string"
}
],
"iam_external_id": "string",
"iam_role_arn": "string",
"kms_alias": "string",
"processing_account": "string"
}
]
}
response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)
print(response)
ReadDeploymentsEntities
Retrieve snapshot jobs identified by the provided IDs.
PEP8 method name
get_scan_jobs
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/deployments/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Search snapshot jobs by ids - The maximum amount is 100 IDs |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_jobs(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDeploymentsEntities(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDeploymentsEntities", ids=id_list)
print(response)
CreateDeploymentEntity
Launch a snapshot scan for a given cloud asset.
PEP8 method name
launch_scan_job
Endpoint
| Method | Route |
|---|---|
 | /snapshots/entities/deployments/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id | | | body | string | Cloud provider account ID. |
| asset_id | | | body | string | Asset ID. |
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| cloud_provider | | | body | string | Cloud provider. |
| region | | | body | string | Cloud provider region. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.launch_scan_job(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDeploymentEntity(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"account_id": "string",
"asset_identifier": "string",
"cloud_provider": "string",
"region": "string"
}
]
}
response = falcon.command("CreateDeploymentEntity", body=body_payload)
print(response)
GetCredentialsMixin0
Gets the registry credentials
PEP8 method name
get_credentials
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/image-registry-credentials/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentialsMixin0()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsMixin0")
print(response)
GetScanReport
retrieve the scan report for an instance
PEP8 method name
get_scan_reports
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/scanreports/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | the instance identifiers to fetch the report for. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_reports(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetScanReport(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetScanReport", ids=id_list)
print(response)