Using the Container Packages service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Retrieves the N most frequently used packages across images. | ||||
| Retrieve packages count affected by zero day vulnerabilities. | ||||
| Retrieve top x app packages with the most fixable vulnerabilities. | ||||
| Retrieve top x packages with the most vulnerabilities. | ||||
| Retrieve packages identified by the provided filter criteria for the purpose of export. | ||||
| Retrieve packages identified by the provided filter criteria. | ||||
| Retrieve packages identified by the provided filter criteria. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
ReadPackagesByImageCount
Retrieves the N most frequently used packages across images.
PEP8 method name
read_packages_by_image_count
Endpoint
| Method | Route |
|---|---|
 | /container-security/aggregates/packages/by-image-count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filter fields: ai_related, cveid, running_images, severity, type, and vulnerability_count | ||
| limit | query | integer | Maximum number of package results to return. Default value: 5 | ||
| parameters |  | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_packages_by_image_count(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesByImageCount(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesByImageCount", filter="string", limit=integer)
print(response)
Back to Table of Contents
ReadPackagesCountByZeroDay
Retrieve packages count affected by zero day vulnerabilities.
PEP8 method name
read_zero_day_counts
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/packages/count-by-zero-day/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_zero_day_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesCountByZeroDay(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesCountByZeroDay", filter="string")
print(response)
Back to Table of Contents
ReadPackagesByFixableVulnCount
Retrieve top x app packages with the most fixable vulnerabilities.
PEP8 method name
read_fixable_vuln_count
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/packages/app-by-fixable-vulnerability-count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_fixable_vuln_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesByFixableVulnCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesByFixableVulnCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadPackagesByVulnCount
Retrieve top x packages with the most vulnerabilities.
PEP8 method name
read_vuln_count
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/packages/by-vulnerability-count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vuln_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesByVulnCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesByVulnCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadPackagesCombinedExport
Retrieve packages identified by the provided filter criteria for the purpose of export.
PEP8 method name
read_combined_export
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/packages/export/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count |
| only_zero_day_affected | | | query | boolean | (true/false) load zero day affected packages, default is false |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: [license package_name_version type] |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_export(filter="string",
only_zero_day_affected=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesCombinedExport(filter="string",
only_zero_day_affected=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesCombinedExport",
filter="string",
only_zero_day_affected=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadPackagesCombined
Retrieve packages identified by the provided filter criteria.
PEP8 method name
read_combined
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/packages/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filters: ai_related, cid, container_id, cveid, fix_status, image_digest, license, package_name_version, severity, type, and vulnerability_count |
| only_zero_day_affected | | | query | boolean | Load zero day affected packages. Default: false |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: license, package_name_version, and type |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined(filter="string",
only_zero_day_affected=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesCombined(filter="string",
only_zero_day_affected=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesCombined",
filter="string",
only_zero_day_affected=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadPackagesCombinedV2
Retrieve packages identified by the provided filter criteria.
PEP8 method name
read_packages
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/packages/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter packages using a query in Falcon Query Language (FQL). Supported filters: ai_related, cid, container_id, cveid, fix_status, image_digest, license, package_name_version, severity, type, and vulnerability_count |
| only_zero_day_affected | | | query | boolean | Load zero day affected packages. Default: false |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: license, package_name_version, and type |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_packages(filter="string",
only_zero_day_affected=boolean,
sort="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages
# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPackagesCombinedV2(filter="string",
only_zero_day_affected=boolean,
sort="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPackagesCombinedV2",
filter="string",
only_zero_day_affected=boolean,
sort="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents