Using the Cloud Snapshots service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Search IaC Detections using a query in Falcon Query Language. | ||||
| Search for snapshot jobs identified by the provided filter. | ||||
| Register customer cloud account for snapshot scanning. | ||||
| Retrieve snapshot jobs identified by the provided IDs. | ||||
| Launch a snapshot scan for a given cloud asset. | ||||
| Gets the registry credentials. | ||||
| Gets the registry credentials (external endpoint). | ||||
| Retrieve the scan report for an instance. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
CombinedDetections
Search IaC Detections using a query in Falcon Query Language.
PEP8 method name
search_detections
Endpoint
| Method | Route |
|---|---|
 | /iac/combined/detections/v1 |
Required Scope
-READ-red?style=for-the-badge&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABIAAAAOCAYAAAAi2ky3AAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw1AUhU9TpaIVBzuIOGSoDmJBVEQ3rUIRKoRaoVUHk5f+CE0akhQXR8G14ODPYtXBxVlXB1dBEPwBcXNzUnSREu9LCi1ifPB4H+e9c7jvXkColZhmtY0Cmm6bqURczGRXxNAruhAEMI1hmVnGrCQl4bu+7hHg512MZ/m/+3N1qzmLAQGReIYZpk28Tjy5aRuc94kjrCirxOfEIyYVSPzIdcXjN84FlwWeGTHTqTniCLFYaGGlhVnR1IgniKOqplO+kPFY5bzFWStVWKNO/sNwTl9e4jrtASSwgEVIEKGggg2UYCNGp06KhRTdx338/a5fIpdCrg0wcsyjDA2y6wefwe/eWvnxMS8pHAfaXxznYxAI7QL1quN8HztO/QQIPgNXetNfrgFTn6RXm1r0COjZBi6um5qyB1zuAH1PhmzKrsTnL+TzwPsZjSkL9N4Cnate3xr3OH0A0tSr5A1wcAgMFSh7zeffHa19+/dNo38/hq9yr+iELI0AAAAGYktHRAAAAAAAAPlDu38AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQflDAsTByz7Va2cAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAAYBJREFUKM+lkjFIlVEYht/zn3sFkYYUyUnIRcemhCtCU6JQOLiIU+QeJEQg6BBIm0s4RBCBLjq5OEvgJC1uOniJhivesLx17/97/vO9b4NK4g25157hfHCGB773/cA0HZIEAKiMj+LWiOxljG/i96pnCFP58XHnrWX2+9cj0dYl9Yu2FE9/9rXrcAAgs2eSyiBfOe/XRD503h/CuffOubQVUXL+Jh9BllzBbyJJBgDclVkO4Kukd8zzkXJbeUljIldFTstsmSHM6S81ma2KfPKlFdkGAMY4wzx/bbXapMy21My+YizdKNq5mDzLkrxafSxySFKjSWX2oTmjKzz4vN0r2lOFcL/Q3V0/mX95ILMXTTGYVfaut/aP2+oCMAvnZgCcsF5fcR0dg65YHAdwB+QApADvu0AuOe/ftlJAD7Nsgmm6yBjDtfWORJZlNtFyo/lR5Z7MyheKA5ktSur7sTAHazSG27pehjAiaVfkN8b4XFIJ/wOzbOx07VNRUuHy7w98CzCcGPyWywAAAABJRU5ErkJggg==){kind=icon}
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Search IaC detections using a query in Falcon Query Language (FQL). Supported filters: detection_uuid,file_name,last_detected,platform,project_name,project_owner,project_ref,provider,resource_name ,rule_category,rule_name,rule_type,rule_uuid,service,severity |
| limit | | | query | integer | the upper-bound on the number of records to retrieve |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | fields to sort the records on. Supported columns: [detection_uuid file_name last_detected platform project_name project_owner project_ref provider resource_name rule_category rule_name rule_type rule_uuid service severity] |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_detections(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedDetections(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedDetections",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadDeploymentsCombined
Search for snapshot jobs identified by the provided filter.
PEP8 method name
search_scan_jobs
Endpoint
| Method | Route |
|---|---|
| /snapshots/combined/deployments/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,asset_identifier,cloud_provider,region,status |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider instance_type last_updated_timestamp region status] |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_scan_jobs(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
RegisterCspmSnapshotAccount
Register a cloud account for snapshot scanning.
PEP8 method name
register_account
Endpoint
| Method | Route |
|---|---|
 | /snapshots/entities/accounts/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | list of dictionaries | Full body payload in JSON format. |
| aws_accounts | |  | body | list of dictionaries | Complete list of AWS accounts to register. |
| account_number | | | body | string | AWS account number. Overriden if aws_accounts keyword is provided. |
| batch_regions | | | body | string | Region the batch is executed within. Overriden if aws_accounts keyword is provided. |
| iam_external_id | | | body | string | The external ID of the IAM account used. Overriden if aws_accounts keyword is provided. |
| iam_role_arn | | | body | string | The AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided. |
| kms_alias | | | body | string | The KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided. |
| processing_account | | | body | string | The ID of the processing account. Overriden if aws_accounts keyword is provided. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.register_account(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegisterCspmSnapshotAccount(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aws_accounts": [
{
"account_number": "string",
"batch_regions": [
{
"job_definition_name": "string",
"job_queue": "string",
"region": "string"
}
],
"iam_external_id": "string",
"iam_role_arn": "string",
"kms_alias": "string",
"processing_account": "string"
}
]
}
response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)
print(response)
Back to Table of Contents
ReadDeploymentsEntities
Retrieve snapshot jobs identified by the provided IDs.
PEP8 method name
get_scan_jobs
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/deployments/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Search snapshot jobs by ids - The maximum amount is 100 IDs |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_jobs(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDeploymentsEntities(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDeploymentsEntities", ids=id_list)
print(response)
Back to Table of Contents
CreateDeploymentEntity
Launch a snapshot scan for a given cloud asset.
PEP8 method name
launch_scan_job
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/deployments/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id | | | body | string | Cloud provider account ID. |
| asset_identifier | | | body | string | Cloud asset identifier. |
| body | | | body | list of dictionaries | Full body payload in JSON format. |
| cloud_provider | | | body | string | Cloud provider. |
| region | | | body | string | Cloud provider region. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.launch_scan_job(account_id="string",
asset_identifier="string",
cloud_provider="string",
region="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDeploymentEntity(account_id="string",
asset_identifier="string",
cloud_provider="string",
region="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"account_id": "string",
"asset_identifier": "string",
"cloud_provider": "string",
"region": "string"
}
]
}
response = falcon.command("CreateDeploymentEntity", body=body_payload)
print(response)
Back to Table of Contents
GetCredentials
Gets the registry credentials
PEP8 method name
get_credentials
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/image-registry-credentials/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentials()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsMixin0")
print(response)
Back to Table of Contents
GetCredentialsIAC
Gets the registry credentials (external endpoint)
PEP8 method name
get_iac_credentials
Endpoint
| Method | Route |
|---|---|
| /iac/entities/image-registry-credentials/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_iac_credentials()
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentialsIAC()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsIAC")
print(response)
Back to Table of Contents
GetScanReport
retrieve the scan report for an instance
PEP8 method name
get_scan_reports
Endpoint
| Method | Route |
|---|---|
| /snapshots/entities/scanreports/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | the instance identifiers to fetch the report for. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_reports(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetScanReport(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetScanReport", ids=id_list)
print(response)
Back to Table of Contents