CrowdStrike Falcon CrowdStrike Subreddit

Using the Kubernetes Protection service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
ReadClustersByDateRangeCount
PEP8read_clusters_by_date_range
Retrieve clusters by date range counts
ReadClustersByKubernetesVersionCount
PEP8read_clusters_by_version
Bucket clusters by kubernetes version
ReadClustersByStatusCount
PEP8read_clusters_by_status
Bucket clusters by status
ReadClusterCount
PEP8read_cluster_count
Retrieve cluster counts
ReadContainersByDateRangeCount
PEP8read_containers_by_date_range
Retrieve containers by date range counts
ReadContainerCountByRegistry
PEP8read_containers_by_registry
Retrieve top container image registries
FindContainersCountAffectedByZeroDayVulnerabilities
PEP8read_zero_day_affected_counts
Retrieve containers count affected by zero day vulnerabilities
ReadVulnerableContainerImageCount
PEP8read_vulnerable_container_count
Retrieve count of vulnerable images running on containers
ReadContainerCount
PEP8read_container_counts
Retrieve container counts
FindContainersByContainerRunTimeVersion
PEP8find_containers_by_runtime_version
Retrieve containers by container_runtime_version
GroupContainersByManaged
PEP8group_managed_containers
Group the containers by Managed
ReadContainerImageDetectionsCountByDate
PEP8read_detections_count_by_date
Retrieve count of image assessment detections on running containers over a period of time
ReadContainerImagesByState
PEP8read_images_by_state
Retrieve count of image states running on containers
ReadContainersSensorCoverage
PEP8read_sensor_coverage
Bucket containers by agent type and calculate sensor coverage
ReadContainerVulnerabilitiesBySeverityCount
PEP8read_vulnerability_counts_by_severity
Retrieve container vulnerabilities by severity counts
ReadDeploymentsByDateRangeCount
PEP8read_deployment_counts_by_date_range
Retrieve deployments by date range counts
ReadDeploymentCount
PEP8read_deployment_count
Retrieve deployment counts
ReadClusterEnrichment
PEP8read_cluster_enrichment
Retrieve cluster enrichment data
ReadContainerEnrichment
PEP8read_container_enrichment
Retrieve container enrichment data
ReadPodEnrichment
PEP8read_pod_enrichment
Retrieve pod enrichment data
ReadDeploymentEnrichment
PEP8read_deployment_enrichment
Retrieve deployment enrichment data
ReadNodeEnrichment
PEP8read_node_enrichment
Retrieve node enrichment data
ReadDistinctContainerImageCount
PEP8read_distinct_image_count
Retrieve count of distinct images running on containers
ReadContainerImagesByMostUsed
PEP8read_images_by_most_used
Bucket container by image-digest
ReadKubernetesIomByDateRange
PEP8read_iom_count_by_date_range
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.
ReadKubernetesIomCount
PEP8read_iom_count
Returns the total count of Kubernetes IOMs over the past seven days
ReadNamespacesByDateRangeCount
PEP8read_namespaces_by_date_range
Retrieve namespaces by date range counts
ReadNamespaceCount
PEP8read_namespace_count
Retrieve namespace counts
ReadNodesByCloudCount
PEP8read_node_counts_by_cloud
Bucket nodes by cloud providers
ReadNodesByContainerEngineVersionCount
PEP8read_nodes_by_container_engine_version
Bucket nodes by their container engine version
ReadNodesByDateRangeCount
PEP8read_node_counts_by_date_range
Retrieve nodes by date range counts
ReadNodeCount
PEP8read_node_counts
Retrieve node counts
ReadPodsByDateRangeCount
PEP8read_pod_counts_by_date_range
Retrieve pods by date range counts
ReadPodCount
PEP8read_pod_counts
Retrieve pod counts
ReadClusterCombined
PEP8read_clusters_combined
Retrieve kubernetes clusters identified by the provided filter criteria
ReadRunningContainerImages
PEP8read_running_images
Retrieve images on running containers
ReadContainerCombined
PEP8read_containers_combined
Retrieve containers identified by the provided filter criteria
ReadDeploymentCombined
PEP8read_deployments_combined
Retrieve kubernetes deployments identified by the provided filter criteria
SearchAndReadKubernetesIomEntities
PEP8search_and_read_ioms
Search Kubernetes IOM by the provided search criteria
ReadNodeCombined
PEP8read_nodes_combined
Retrieve kubernetes nodes identified by the provided filter criteria
ReadPodCombined
PEP8read_pods_combined
Retrieve kubernetes pods identified by the provided filter criteria
ReadKubernetesIomEntities
PEP8read_iom_entities
Retrieve Kubernetes IOM entities identified by the provided IDs
SearchKubernetesIoms
PEP8search_ioms
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
GetAWSAccountsMixin0
PEP 8get_aws_accounts
Provides a list of AWS accounts.
CreateAWSAccount
PEP 8create_aws_account
Creates a new AWS account in our system for a customer and generates the installation script.
DeleteAWSAccountsMixin0
PEP 8delete_aws_accounts
Delete AWS accounts.
UpdateAWSAccount
PEP 8update_aws_account
Updates the AWS account per the query parameters provided.
ListAzureAccounts
PEP 8list_azure_accounts
Provides the azure subscriptions registered to Kubernetes Protection.
CreateAzureSubscription
PEP 8create_azure_subscription
Create Azure Subscriptions.
DeleteAzureSubscription
PEP 8delete_azure_subscription
Delete Azure Subscriptions.
GetLocations
PEP 8get_locations
Provides the cloud locations acknowledged by the Kubernetes Protection service.
GetCombinedCloudClusters
PEP 8get_cloud_clusters
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
GetAzureTenantConfig
PEP 8get_azure_tenant_config
Returns the Azure tenant config.
GetStaticScripts
PEP 8get_static_scripts
Gets static bash scripts that are used during registration.
GetAzureTenantIDs
PEP 8get_azure_tenant_ids
Provides all the azure subscriptions and tenants.
GetAzureInstallScript
PEP 8get_azure_install_script
Provides the script to run for a given tenant id and subscription IDs.
GetHelmValuesYaml
PEP 8get_helm_values_yaml
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart.
RegenerateAPIKey
PEP 8regenerate
Regenerate API key for docker registry integrations.
GetClusters
PEP 8get_clusters
Provides the clusters acknowledged by the Kubernetes Protection service.
TriggerScan
PEP 8trigger_scan
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PatchAzureServicePrincipal
PEP 8update_azure_service_principal
Adds the client ID for the given tenant ID to our system.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadClustersByDateRangeCount

Retrieve clusters by date range counts

PEP8 method name

read_clusters_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/clusters/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_by_date_range()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClustersByDateRangeCount()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClustersByDateRangeCount")

print(response)

ReadClustersByKubernetesVersionCount

Bucket clusters by kubernetes version

PEP8 method name

read_clusters_by_version

Endpoint

MethodRoute
GET/container-security/aggregates/clusters/count-by-kubernetes-version/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_by_version(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClustersByKubernetesVersionCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClustersByKubernetesVersionCount", filter="string")

print(response)

ReadClustersByStatusCount

Bucket clusters by status

PEP8 method name

read_clusters_by_status

Endpoint

MethodRoute
GET/container-security/aggregates/clusters/count-by-status/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_by_status(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClustersByStatusCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClustersByStatusCount", filter="string")

print(response)

ReadClusterCount

Retrieve cluster counts

PEP8 method name

read_cluster_count

Endpoint

MethodRoute
GET/container-security/aggregates/clusters/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_cluster_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClusterCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClusterCount", filter="string")

print(response)

ReadContainersByDateRangeCount

Retrieve containers by date range counts

PEP8 method name

read_containers_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/containers/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringGet container counts using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_containers_by_date_range(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainersByDateRangeCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainersByDateRangeCount", filter="string")

print(response)

ReadContainerCountByRegistry

Retrieve top container image registries

PEP8 method name

read_containers_by_registry

Endpoint

MethodRoute
GET/container-security/aggregates/containers/count-by-registry/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
under_assessment
Service Class Support

Uber Class Support
queryboolean(true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_containers_by_registry(under_assessment=boolean, limit=integer)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerCountByRegistry(under_assessment=boolean, limit=integer)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerCountByRegistry", under_assessment=boolean, limit=integer)

print(response)

FindContainersCountAffectedByZeroDayVulnerabilities

Retrieve containers count affected by zero day vulnerabilities

PEP8 method name

read_zero_day_affected_counts

Endpoint

MethodRoute
GET/container-security/aggregates/containers/count-by-zero-day/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_zero_day_affected_counts()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.FindContainersCountAffectedByZeroDayVulnerabilities()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("FindContainersCountAffectedByZeroDayVulnerabilities")

print(response)

ReadVulnerableContainerImageCount

Retrieve count of vulnerable images running on containers

PEP8 method name

read_vulnerable_container_count

Endpoint

MethodRoute
GET/container-security/aggregates/containers/count-vulnerable-images/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_vulnerable_container_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadVulnerableContainerImageCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerableContainerImageCount", filter="string")

print(response)

ReadContainerCount

Retrieve container counts

PEP8 method name

read_container_counts

Endpoint

MethodRoute
GET/container-security/aggregates/containers/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_container_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerCount", filter="string")

print(response)

FindContainersByContainerRunTimeVersion

Retrieve containers by container_runtime_version

PEP8 method name

find_containers_by_runtime_version

Endpoint

MethodRoute
GET/container-security/aggregates/containers/find-by-runtimeversion/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of container records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerIt is used to get the offset
sort
Service Class Support

Uber Class Support
querystringField to sort results by
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.find_containers_by_runtime_version(limit=integer,
                                                     offset=integer,
                                                     sort="string",
                                                     filter="string"
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.FindContainersByContainerRunTimeVersion(limit=integer,
                                                          offset=integer,
                                                          sort="string",
                                                          filter="string"
                                                          )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("FindContainersByContainerRunTimeVersion",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

GroupContainersByManaged

Group the containers by Managed

PEP8 method name

group_managed_containers

Endpoint

MethodRoute
GET/container-security/aggregates/containers/group-by-managed/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.group_managed_containers(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GroupContainersByManaged(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GroupContainersByManaged", filter="string")

print(response)

ReadContainerImageDetectionsCountByDate

Retrieve count of image assessment detections on running containers over a period of time

PEP8 method name

read_detections_count_by_date

Endpoint

MethodRoute
GET/container-security/aggregates/containers/image-detections-count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_detections_count_by_date(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerImageDetectionsCountByDate(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerImageDetectionsCountByDate", filter="string")

print(response)

ReadContainerImagesByState

Retrieve count of image states running on containers

PEP8 method name

read_images_by_state

Endpoint

MethodRoute
GET/container-security/aggregates/containers/images-by-state/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter using a query in Falcon Query Language (FQL). Supported filters: cid
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_images_by_state(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerImagesByState(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerImagesByState", filter="string")

print(response)

ReadContainersSensorCoverage

Bucket containers by agent type and calculate sensor coverage

PEP8 method name

read_sensor_coverage

Endpoint

MethodRoute
GET/container-security/aggregates/containers/sensor-coverage/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_sensor_coverage(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainersSensorCoverage(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainersSensorCoverage", filter="string")

print(response)

ReadContainerVulnerabilitiesBySeverityCount

Retrieve container vulnerabilities by severity counts

PEP8 method name

read_vulnerability_counts_by_severity

Endpoint

MethodRoute
GET/container-security/aggregates/containers/vulnerability-count-by-severity/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringGet vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_vulnerability_counts_by_severity(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerVulnerabilitiesBySeverityCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerVulnerabilitiesBySeverityCount", filter="string")

print(response)

ReadDeploymentsByDateRangeCount

Retrieve deployments by date range counts

PEP8 method name

read_deployment_counts_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/deployments/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_deployment_counts_by_date_range()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDeploymentsByDateRangeCount()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentsByDateRangeCount")

print(response)

ReadDeploymentCount

Retrieve deployment counts

PEP8 method name

read_deployment_count

Endpoint

MethodRoute
GET/container-security/aggregates/deployments/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_deployment_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDeploymentCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentCount", filter="string")

print(response)

ReadClusterEnrichment

Retrieve cluster enrichment data

PEP8 method name

read_cluster_enrichment

Endpoint

MethodRoute
GET/container-security/aggregates/enrichment/clusters/entities/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_id
Service Class Support

Uber Class Support
querystring or list of stringsOne or more cluster ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
querystringSupported filters: last_seen
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadClusterEnrichment(cluster_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadClusterEnrichment", cluster_id=id_list, filter="string")

print(response)

ReadContainerEnrichment

Retrieve container enrichment data

PEP8 method name

read_container_enrichment

Endpoint

MethodRoute
GET/container-security/aggregates/enrichment/containers/entities/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
container_id
Service Class Support

Uber Class Support
querystring or list of stringsOne or more container ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
querystringSupported filters: last_seen
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_container_enrichment(container_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadContainerEnrichment(container_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadContainerEnrichment", container_id=id_list, filter="string")

print(response)

ReadDeploymentEnrichment

Retrieve deployment enrichment data

PEP8 method name

read_deployment_enrichment

Endpoint

MethodRoute
GET/container-security/aggregates/enrichment/deployments/entities/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
deployment_id
Service Class Support

Uber Class Support
querystring or list of stringsOne or more deployment ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
querystringSupported filters: last_seen
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_deployment_enrichment(deployment_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadDeploymentEnrichment(deployment_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadDeploymentEnrichment", deployment_id=id_list, filter="string")

print(response)

ReadNodeEnrichment

Retrieve node enrichment data

PEP8 method name

read_node_enrichment

Endpoint

MethodRoute
GET/container-security/aggregates/enrichment/nodes/entities/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
node_name
Service Class Support

Uber Class Support
querystring or list of stringsOne or more node names for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
querystringSupported filters: last_seen
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_node_enrichment(node_name=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadNodeEnrichment(node_name=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadNodeEnrichment", node_name=id_list, filter="string")

print(response)

ReadPodEnrichment

Retrieve pod enrichment data

PEP8 method name

read_pod_enrichment

Endpoint

MethodRoute
GET/container-security/aggregates/enrichment/pods/entities/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
pod_id
Service Class Support

Uber Class Support
querystring or list of stringsOne or more pod ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
querystringSupported filters: last_seen
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_pod_enrichment(pod_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadPodEnrichment(pod_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadPodEnrichment", pod_id=id_list, filter="string")

print(response)

ReadDistinctContainerImageCount

Retrieve count of distinct images running on containers

PEP8 method name

read_distinct_image_count

Endpoint

MethodRoute
GET/container-security/aggregates/images/count-by-distinct/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_distinct_image_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDistinctContainerImageCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDistinctContainerImageCount", filter="string")

print(response)

ReadContainerImagesByMostUsed

Bucket container by image-digest

PEP8 method name

read_images_by_most_used

Endpoint

MethodRoute
GET/container-security/aggregates/images/most-used/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_images_by_most_used(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerImagesByMostUsed(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerImagesByMostUsed", filter="string")

print(response)

ReadKubernetesIomByDateRange

Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.

PEP8 method name

read_iom_count_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/kubernetes-ioms/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_iom_count_by_date_range(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadKubernetesIomByDateRange(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadKubernetesIomByDateRange", filter="string")

print(response)

ReadNamespacesByDateRangeCount

Retrieve namespaces by date range counts

PEP8 method name

read_namespaces_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/namespaces/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_namespaces_by_date_range()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNamespacesByDateRangeCount")

print(response)

ReadNamespaceCount

Retrieve namespace counts

PEP8 method name

read_namespace_count

Endpoint

MethodRoute
GET/container-security/aggregates/namespaces/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cloud_service,cluster_id,cluster_name,first_seen,kac_agent_id,last_seen,namespace_id,namespace_name,resource_status
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 / Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_namespace_count(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNamespaceCount", filter="string")

print(response)

ReadKubernetesIomCount

Returns the total count of Kubernetes IOMs over the past seven days

PEP8 method name

read_iom_count

Endpoint

MethodRoute
GET/container-security/aggregates/kubernetes-ioms/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_iom_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadKubernetesIomCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadKubernetesIomCount", filter="string")

print(response)

ReadNodesByCloudCount

Bucket nodes by cloud providers

PEP8 method name

read_node_counts_by_cloud

Endpoint

MethodRoute
GET/container-security/aggregates/nodes/count-by-cloud/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_node_counts_by_cloud(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodesByCloudCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodesByCloudCount", filter="string")

print(response)

ReadNodesByContainerEngineVersionCount

Bucket nodes by their container engine version

PEP8 method name

read_nodes_by_container_engine_version

Endpoint

MethodRoute
GET/container-security/aggregates/nodes/count-by-container-engine-version/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_nodes_by_container_engine_version(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodesByContainerEngineVersionCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodesByContainerEngineVersionCount", filter="string")

print(response)

ReadNodesByDateRangeCount

Retrieve nodes by date range counts

PEP8 method name

read_node_counts_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/nodes/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_node_counts_by_date_range(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodesByDateRangeCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodesByDateRangeCount", filter="string")

print(response)

ReadNodeCount

Retrieve node counts

PEP8 method name

read_node_counts

Endpoint

MethodRoute
GET/container-security/aggregates/nodes/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_node_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodeCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodeCount", filter="string")

print(response)

ReadPodsByDateRangeCount

Retrieve pods by date range counts

PEP8 method name

read_pod_counts_by_date_range

Endpoint

MethodRoute
GET/container-security/aggregates/pods/count-by-date/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_pod_counts_by_date_range()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadPodsByDateRangeCount()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPodsByDateRangeCount")

print(response)

ReadPodCount

Retrieve pod counts

PEP8 method name

read_pod_counts

Endpoint

MethodRoute
GET/container-security/aggregates/pods/count/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_pod_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadPodCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPodCount", filter="string")

print(response)

ReadClusterCombined

Retrieve kubernetes clusters identified by the provided filter criteria

PEP8 method name

read_clusters_combined

Endpoint

MethodRoute
GET/container-security/combined/clusters/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringField to sort results by
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_combined(filter="string",
                                         limit=integer,
                                         offset=integer,
                                         sort="string"
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClusterCombined(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClusterCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadRunningContainerImages

Retrieve images on running containers

PEP8 method name

read_running_images

Endpoint

MethodRoute
GET/container-security/combined/container-images/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringRetrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,running_status
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringField to sort results by
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_running_images(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadRunningContainerImages(filter="string",
                                             limit=integer,
                                             offset=integer,
                                             sort="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "filter": "string",
    "limit": integer,
    "offset": integer,
    "sort": "string"
}

response = falcon.command("ReadRunningContainerImages",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadContainerCombined

Retrieve containers identified by the provided filter criteria

PEP8 method name

read_containers_combined

Endpoint

MethodRoute
GET/container-security/combined/containers/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringField to sort results by
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_containers_combined(filter="string",
                                           limit=integer,
                                           offset=integer,
                                           sort="string"
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerCombined(filter="string",
                                        limit=integer,
                                        offset=integer,
                                        sort="string"
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadDeploymentCombined

Retrieve kubernetes deployments identified by the provided filter criteria

PEP8 method name

read_deployments_combined

Endpoint

MethodRoute
GET/container-security/combined/deployments/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringField to sort results by
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_deployments_combined(filter="string",
                                            limit=integer,
                                            offset=integer,
                                            sort="string"
                                            )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDeploymentCombined(filter="string",
                                         limit=integer,
                                         offset=integer,
                                         sort="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

SearchAndReadKubernetesIomEntities

Search Kubernetes IOM by the provided search criteria

PEP8 method name

search_and_read_ioms

Endpoint

MethodRoute
GET/container-security/combined/kubernetes-ioms/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringThe fields to sort the records on.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.search_and_read_ioms(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.SearchAndReadKubernetesIomEntities(filter="string",
                                                     limit=integer,
                                                     offset=integer,
                                                     sort="string"
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("SearchAndReadKubernetesIomEntities",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadNodeCombined

Retrieve kubernetes nodes identified by the provided filter criteria

PEP8 method name

read_nodes_combined

Endpoint

MethodRoute
GET/container-security/combined/nodes/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringField to sort results by
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_nodes_combined(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodeCombined(filter="string",
                                   limit=integer,
                                   offset=integer,
                                   sort="string"
                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodeCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPodCombined

Retrieve kubernetes pods identified by the provided filter criteria

PEP8 method name

read_pods_combined

Endpoint

MethodRoute
GET/container-security/combined/pods/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringField to sort results by
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_pods_combined(filter="string",
                                     limit=integer,
                                     offset=integer,
                                     sort="string"
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadPodCombined(filter="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string"
                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPodCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadKubernetesIomEntities

Retrieve Kubernetes IOM entities identified by the provided IDs

PEP8 method name

read_iom_entities

Endpoint

MethodRoute
GET/container-security/entities/kubernetes-ioms/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
queryarray (string)Search Kubernetes IOMs by ids - The maximum amount is 100 IDs
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.read_iom_entities(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.ReadKubernetesIomEntities(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("ReadKubernetesIomEntities", ids=id_list)

print(response)

SearchKubernetesIoms

Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query

PEP8 method name

search_ioms

Endpoint

MethodRoute
GET/container-security/queries/kubernetes-ioms/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringSearch Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringThe fields to sort the records on.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.search_ioms(filter="string",
                              limit=integer,
                              offset=integer,
                              sort="string"
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.SearchKubernetesIoms(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "filter": "string",
    "limit": integer,
    "offset": integer,
    "sort": "string"
}

response = falcon.command("SearchKubernetesIoms",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

GetAWSAccountsMixin0

Provides a list of AWS accounts.

PEP8 method name

get_aws_accounts

Endpoint

MethodRoute
GET/kubernetes-protection/entities/accounts/aws/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s).
is_horizon_account
Service Class Support

Uber Class Support
querystringFilter by whether an account originates from Horizon or not. Allowed values: False or True
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of records to return.
offset
Service Class Support

Uber Class Support
queryintegerStarting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
querystringFilter by account status.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_accounts(status="string",
                                   limit=integer,
                                   offset=integer,
                                   ids=id_list,
                                   is_horizon_account="string"
                                   )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAWSAccountsMixin0(status="string",
                                       limit=integer,
                                       offset=integer,
                                       ids=id_list,
                                       is_horizon_account="string"
                                       )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAWSAccountsMixin0",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          is_horizon_account="string"
                          )


print(response)

Back to Table of Contents

CreateAWSAccount

Creates a new AWS account in our system for a customer and generates the installation script

PEP8 method name

create_aws_account

Endpoint

MethodRoute
POST/kubernetes-protection/entities/accounts/aws/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
account_id
Service Class Support

Uber Class Support
bodystringAccount ID.
region
Service Class Support

Uber Class Support
bodystringCloud region.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_aws_account(account_id="string", region="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAWSAccount(account_id="string", region="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "region": "string"
        }
    ]
}

response = falcon.command("CreateAWSAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteAWSAccountsMixin0

Delete AWS accounts.

PEP8 method name

delete_aws_accounts

Endpoint

MethodRoute
DELETE/kubernetes-protection/entities/accounts/aws/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s) to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_aws_accounts(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAWSAccountsMixin0(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)

print(response)

Back to Table of Contents

UpdateAWSAccount

Updates the AWS account per the query parameters provided

PEP8 method name

update_aws_account

Endpoint

MethodRoute
PATCH/kubernetes-protection/entities/accounts/aws/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s) to update.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
region
Service Class Support

Uber Class Support
querystringDefault region for account automation.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_aws_account(region="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.UpdateAWSAccount(region="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)

print(response)

Back to Table of Contents

ListAzureAccounts

Provides the azure subscriptions registered to Kubernetes Protection.

PEP8 method name

list_azure_accounts

Endpoint

MethodRoute
GET/kubernetes-protection/entities/accounts/azure/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAzure Tenant ID(s).
subscription_id
Service Class Support

Uber Class Support
querystring or list of stringsAzure Subscription ID(s).
is_horizon_account
Service Class Support

Uber Class Support
querybooleanFlag indicating if we should filter by accounts originating from Horizon.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of records to return.
offset
Service Class Support

Uber Class Support
queryintegerStarting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
querystringFilter by account status (operational or provisioned).

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.list_azure_accounts(status="string",
                                      limit=integer,
                                      offset=integer,
                                      ids=id_list,
                                      subscription_id=sub_list,
                                      is_horizon_account=boolean
                                      )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.ListAzureAccounts(status="string",
                                    limit=integer,
                                    offset=integer,
                                    ids=id_list,
                                    subscription_id=sub_list,
                                    is_horizon_account=boolean
                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.command("ListAzureAccounts",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          subscription_id=sub_list,
                          is_horizon_account=boolean
                          )

print(response)

Back to Table of Contents

CreateAzureSubscription

Creates a new Azure Subscription in our system

PEP8 method name

create_azure_subscription

Endpoint

MethodRoute
POST/kubernetes-protection/entities/accounts/azure/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
subscription_id
Service Class Support

Uber Class Support
bodystringAzure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
bodystringAzure Tenant ID.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "subscription_id": "string",
            "tenant_id": "string"
        }
    ]
}

response = falcon.command("CreateAzureSubscription", body=BODY)

print(response)

Back to Table of Contents

DeleteAzureSubscription

Delete an Azure Subscription from the system.

PEP8 method name

delete_azure_subscription

Endpoint

MethodRoute
DELETE/kubernetes-protection/entities/accounts/azure/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAzure Subscription ID(s) to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_azure_subscription(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAzureSubscription(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAzureSubscription", ids=id_list)

print(response)

Back to Table of Contents

GetLocations

Provides the cloud locations acknowledged by the Kubernetes Protection service

PEP8 method name

get_locations

Endpoint

MethodRoute
GET/kubernetes-protection/entities/cloud-locations/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
clouds
Service Class Support

Uber Class Support
querystring or list of stringsCloud provider.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.get_locations(clouds=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.GetLocations(clouds=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.command("GetLocations", clouds=id_list)

print(response)

Back to Table of Contents

GetCombinedCloudClusters

Returns a combined list of provisioned cloud accounts and known kubernetes clusters.

PEP8 method name

get_cloud_clusters

Endpoint

MethodRoute
GET/kubernetes-protection/entities/cloud_cluster/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_service
Service Class Support

Uber Class Support
querystring or list of stringsCluster Service.
cluster_status
Service Class Support

Uber Class Support
querystring or list of stringsCluster Status.
ids
Service Class Support

Uber Class Support
querystring or list of stringsCloud Account IDs.
locations
Service Class Support

Uber Class Support
querystring or list of stringsCloud location.
limit
Service Class Support

Uber Class Support
queryintegerLimit returned results.
offset
Service Class Support

Uber Class Support
queryintegerPagination offset.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
                                     cluster_status="string or list of strings",
                                     ids="string or list of strings",
                                     locations="string or list of strings",
                                     limit=integer,
                                     offset=integer
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
                                           cluster_status="string or list of strings",
                                           ids="string or list of strings",
                                           locations="string or list of strings",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters", 
                          cluster_service="string or list of strings",
                          cluster_status="string or list of strings",
                          ids="string or list of strings",
                          locations="string or list of strings",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureTenantConfig

Returns the Azure tenant config.

PEP8 method name

get_azure_tenant_config

Endpoint

MethodRoute
GET/kubernetes-protection/entities/config/azure/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsCloud Account IDs.
limit
Service Class Support

Uber Class Support
queryintegerLimit returned results.
offset
Service Class Support

Uber Class Support
queryintegerPagination offset.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_config(ids=id_list,
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantConfig(ids=id_list,
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantConfig", 
                          ids=id_list,
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetStaticScripts

Get static bash scripts that are used during registration.

PEP8 method name

get_static_scripts

Endpoint

MethodRoute
GET/kubernetes-protection/entities/gen/scripts/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_static_scripts()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetStaticScripts()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetStaticScripts")

print(response)

Back to Table of Contents

GetAzureTenantIDs

Provides all the azure subscriptions and tenants IDs.

PEP8 method name

get_azure_tenant_ids

Endpoint

MethodRoute
GET/kubernetes-protection/entities/tenants/azure/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsCloud Account IDs.
status
Service Class Support

Uber Class Support
querystringCluster status. (Not Installed, Running, Stopped)
limit
Service Class Support

Uber Class Support
queryintegerLimit returned results.
offset
Service Class Support

Uber Class Support
queryintegerPagination offset.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_ids(ids=id_list,
                                       status="string",
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantIDs(ids=id_list,
                                    status="string",
                                    limit=integer,
                                    offset=integer
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantIDs", 
                          ids=id_list,
                          status="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureInstallScript

Provide the script to run for a given tenant id and subscription IDs.

PEP8 method name

get_azure_install_script

Endpoint

MethodRoute
GET/kubernetes-protection/entities/user-script/azure/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringAzure Tenant ID.
subscription_id
Service Class Support

Uber Class Support
querystring or list of stringsAzure Subscription IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_install_script(id="string",
                                           subscription_id=id_list,
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureInstallScript(id="string",
                                        subscription_id=id_list
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureInstallScript", 
                          id="string",
                          subscription_id=id_list
                          )
print(response)

Back to Table of Contents

GetHelmValuesYaml

Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart

PEP8 method name

get_helm_values_yaml

Endpoint

MethodRoute
GET/kubernetes-protection/entities/integration/agent/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/yaml

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_name
Service Class Support

Uber Class Support
querystring or list of stringsCluster name. For EKS this will be the cluster ARN.
is_self_managed_cluster
Service Class Support

Uber Class Support
querybooleanSet to True if the cluster is not managed by a cloud provider, and False if it is.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetHelmValuesYaml",
                          cluster_name="string",
                          is_self_managed_cluster=boolean
                          )

print(response)

Back to Table of Contents

RegenerateAPIKey

Regenerate API key for docker registry integrations.

PEP8 method name

regenerate

Endpoint

MethodRoute
POST/kubernetes-protection/entities/integration/api-key/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords are arguments are required.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.regenerate()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.RegenerateAPIKey()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("RegenerateAPIKey")

print(response)

Back to Table of Contents

GetClusters

Provides the clusters acknowledged by the Kubernetes Protection service

PEP8 method name

get_clusters

Endpoint

MethodRoute
GET/kubernetes-protection/entities/kubernetes/clusters/v1

Required Scope

kubernetes-protection:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_name
Service Class Support

Uber Class Support
querystring or list of stringsCluster name. For EKS this will be the cluster ARN.
account_ids
Service Class Support

Uber Class Support
querystring or list of stringsCluster account ID. For EKS this will be the AWS account ID.
locations
Service Class Support

Uber Class Support
querystring or list of stringsCloud location.
cluster_service
Service Class Support

Uber Class Support
querystringCluster service.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return.
offset
Service Class Support

Uber Class Support
queryintegerStarting offset to begin returning results.
status
Service Class Support

Uber Class Support
querystring or list of stringsCluster status.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.get_clusters(cluster_names=clusters,
                               account_ids=accounts,
                               locations=locations,
                               cluster_service="string",
                               limit=integer,
                               offset=integer,
                               status=status_types
                               )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.GetClusters(cluster_names=clusters,
                              account_ids=accounts,
                              locations=locations,
                              cluster_service="string",
                              limit=integer,
                              offset=integer,
                              status=status_types
                              )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.command("GetClusters",
                          cluster_names=clusters,
                          account_ids=accounts,
                          locations=locations,
                          cluster_service="string",
                          limit=integer,
                          offset=integer,
                          status=status_types
                          )

print(response)

Back to Table of Contents

TriggerScan

Triggers a dry run or a full scan of a customer's kubernetes footprint.

PEP8 method name

trigger_scan

Endpoint

MethodRoute
POST/kubernetes-protection/entities/scan/trigger/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.trigger_scan(scan_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.TriggerScan(scan_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("TriggerScan", scan_type="string")

print(response)

Back to Table of Contents

PatchAzureServicePrincipal

Adds the client ID for the given tenant ID to our system.

PEP8 method name

update_azure_service_principal or patch_azure_service_principal

Endpoint

MethodRoute
PATCH/kubernetes-protection/entities/service-principal/azure/v1

Required Scope

kubernetes-protection:write

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringAzure Tenant ID.
client_id
Service Class Support

Uber Class Support
querystringAzure Client ID.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.update_azure_service_principal(id="string", client_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")

print(response)

Back to Table of Contents