CrowdStrike Falcon CrowdStrike Subreddit

Using the Cloud Snapshots service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
ReadDeploymentsCombined
PEP8search_scan_jobs
Search for snapshot jobs identified by the provided filter.
RegisterCspmSnapshotAccount
PEP 8register_account
Register a cloud account for snapshot scanning.
ReadDeploymentsEntities
PEP8get_scan_jobs
Retrieve snapshot jobs identified by the provided IDs.
CreateDeploymentEntity
PEP8launch_scan_job
Launch a snapshot scan for a given cloud asset.
GetCredentialsMixin0
PEP 8get_credentials
Gets the registry credentials.
GetScanReport
PEP8get_scan_reports
Retrieve the scan report for an instance.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadDeploymentsCombined

Search for snapshot jobs identified by the provided filter.

PEP8 method name

search_scan_jobs

Endpoint

MethodRoute
GET/snapshots/combined/deployments/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filterService Class SupportUber Class SupportquerystringSearch snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,asset_identifier,cloud_provider,region,status
limitService Class SupportUber Class SupportqueryintegerThe upper-bound on the number of records to retrieve.
offsetService Class SupportUber Class SupportqueryintegerThe offset from where to begin.
parametersService Class SupportUber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortService Class SupportUber Class SupportquerystringThe fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider instance_type last_updated_timestamp region status]

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )

response = falcon.search_scan_jobs(filter="string",
                                   limit=integer,
                                   offset=integer,
                                   sort="string"
                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
                       client_secret=CLIENT_SECRET
                       )

response = falcon.ReadDeploymentsCombined(filter="string",
                                          limit=integer,
                                          offset=integer,
                                          sort="string"
                                          )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentsCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

RegisterCspmSnapshotAccount

Register a cloud account for snapshot scanning.

PEP8 method name

register_account

Endpoint

MethodRoute
POST/snapshots/entities/accounts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
bodyService Class SupportUber Class Support
bodylist of dictionariesFull body payload in JSON format.
aws_accountsService Class SupportUber Class Support
bodylist of dictionariesComplete list of AWS accounts to register.
account_numberService Class SupportUber Class Support
bodystringAWS account number. Overriden if aws_accounts keyword is provided.
batch_regionsService Class SupportUber Class Support
bodystringRegion the batch is executed within. Overriden if aws_accounts keyword is provided.
iam_external_idService Class SupportUber Class Support
bodystringThe external ID of the IAM account used. Overriden if aws_accounts keyword is provided.
iam_role_arnService Class SupportUber Class Support
bodystringThe AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided.
kms_aliasService Class SupportUber Class Support
bodystringThe KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided.
processing_accountService Class SupportUber Class Support
bodystringThe ID of the processing account. Overriden if aws_accounts keyword is provided.

Usage

Service class example (PEP8 syntax)
from falconpy import CLoudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.register_account(account_number="string",
                                   batch_regions="string",
                                   iam_external_id="string",
                                   iam_role_arn="string",
                                   kms_alias="string",
                                   processing_account="string"
                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.RegisterCspmSnapshotAccount(account_number="string",
                                              batch_regions="string",
                                              iam_external_id="string",
                                              iam_role_arn="string",
                                              kms_alias="string",
                                              processing_account="string"
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "aws_accounts": [
        {
            "account_number": "string",
            "batch_regions": [
                {
                    "job_definition_name": "string",
                    "job_queue": "string",
                    "region": "string"
                }
            ],
            "iam_external_id": "string",
            "iam_role_arn": "string",
            "kms_alias": "string",
            "processing_account": "string"
        }
    ]
}

response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)

print(response)

ReadDeploymentsEntities

Retrieve snapshot jobs identified by the provided IDs.

PEP8 method name

get_scan_jobs

Endpoint

MethodRoute
GET/snapshots/entities/deployments/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
idsService Class SupportUber Class Supportquerystring or list of stringsSearch snapshot jobs by ids - The maximum amount is 100 IDs
parametersService Class SupportUber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scan_jobs(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.ReadDeploymentsEntities(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("ReadDeploymentsEntities", ids=id_list)

print(response)

CreateDeploymentEntity

Launch a snapshot scan for a given cloud asset.

PEP8 method name

launch_scan_job

Endpoint

MethodRoute
POST/snapshots/entities/deployments/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
account_idService Class SupportUber Class SupportbodystringCloud provider account ID.
asset_idService Class SupportUber Class SupportbodystringAsset ID.
bodyService Class SupportUber Class Supportbodylist of dictionariesFull body payload in JSON format.
cloud_providerService Class SupportUber Class SupportbodystringCloud provider.
regionService Class SupportUber Class SupportbodystringCloud provider region.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.launch_scan_job(account_id="string",
                                  asset_id="string",
                                  cloud_provider="string",
                                  region="string"
                                  )

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.CreateDeploymentEntity(account_id="string",
                                         asset_id="string",
                                         cloud_provider="string",
                                         region="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
    "resources": [
        {
            "account_id": "string",
            "asset_identifier": "string",
            "cloud_provider": "string",
            "region": "string"
        }
    ]
}

response = falcon.command("CreateDeploymentEntity", body=body_payload)

print(response)

GetCredentialsMixin0

Gets the registry credentials

PEP8 method name

get_credentials

Endpoint

MethodRoute
GET/snapshots/entities/image-registry-credentials/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.get_credentials()

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots

# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

response = falcon.GetCredentialsMixin0()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCredentialsMixin0")

print(response)

GetScanReport

retrieve the scan report for an instance

PEP8 method name

get_scan_reports

Endpoint

MethodRoute
GET/snapshots/entities/scanreports/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
idsService Class SupportUber Class Supportquerystring or list of stringsthe instance identifiers to fetch the report for.
parametersService Class SupportUber Class SupportquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSnapshots

falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_scan_reports(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSnapshots

falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetScanReport(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetScanReport", ids=id_list)

print(response)