Using the Container Packages service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadPackagesCountByZeroDay

Retrieve packages count affected by zero day vulnerabilities

PEP8 method name

read_zero_day_counts

Endpoint

Method	Route
	/container-security/aggregates/packages/count-by-zero-day/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_zero_day_counts(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCountByZeroDay(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCountByZeroDay", filter="string")

print(response)

ReadPackagesByFixableVulnCount

Retrieve top x app packages with the most fixable vulnerabilities

PEP8 method name

read_fixable_vuln_count

Endpoint

Method	Route
	/container-security/combined/packages/app-by-fixable-vulnerability-count/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_fixable_vuln_count(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByFixableVulnCount(filter="string",
                                                 limit=integer,
                                                 offset=integer
                                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByFixableVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesByVulnCount

Retrieve top x packages with the most vulnerabilities

PEP8 method name

read_vuln_count

Endpoint

Method	Route
	/container-security/combined/packages/by-vulnerability-count/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_vuln_count(filter="string",
                                  limit=integer,
                                  offset=integer
                                  )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByVulnCount(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesCombinedExport

Retrieve packages identified by the provided filter criteria for the purpose of export

PEP8 method name

read_combined_export

Endpoint

Method	Route
	/container-security/combined/packages/export/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected			query	boolean	(true/false) load zero day affected packages, default is false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined_export(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombinedExport(filter="string",
                                             only_zero_day_affected=boolean,
                                             limit=integer,
                                             offset=integer,
                                             sort="string"
                                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombinedExport",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPackagesCombined

Retrieve packages identified by the provided filter criteria

PEP8 method name

read_combined

Endpoint

Method	Route
	/container-security/combined/packages/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected			query	boolean	(true/false) load zero day affected packages, default is false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined(filter="string",
                                only_zero_day_affected=boolean,
                                limit=integer,
                                offset=integer,
                                sort="string"
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombined(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombined",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)