![CrowdStrike Subreddit](https://img.shields.io/badge/-r%2Fcrowdstrike-white?logo=reddit&labelColor=gray&link=https%3A%2F%2Freddit.com%2Fr%2Fcrowdstrike)
![Page Updated](https://img.shields.io/badge/Page%20Updated-1.4.2-19F?logo=gitbook&logoColor=white)
Operation ID | Description |
| Search for snapshot jobs identified by the provided filter. |
| Register a cloud account for snapshot scanning. |
| Retrieve snapshot jobs identified by the provided IDs. |
| Launch a snapshot scan for a given cloud asset. |
| Gets the registry credentials. |
| Retrieve the scan report for an instance. |
WARNING
client_id
and client_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for snapshot jobs identified by the provided filter.
search_scan_jobs
Method | Route |
![GET](https://img.shields.io/badge/-GET-green) | /snapshots/combined/deployments/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | string | Search snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,asset_identifier,cloud_provider,region,status |
limit | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | integer | The upper-bound on the number of records to retrieve. |
offset | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | integer | The offset from where to begin. |
parameters | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
sort | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | string | The fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider instance_type last_updated_timestamp region status] |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_scan_jobs(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Register a cloud account for snapshot scanning.
register_account
Method | Route |
![POST](https://img.shields.io/badge/-PATCH-af0) | /snapshots/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
body | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Required-red)
![]() | body | list of dictionaries | Full body payload in JSON format. |
aws_accounts | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | list of dictionaries | Complete list of AWS accounts to register. |
account_number | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | string | AWS account number. Overriden if aws_accounts keyword is provided. |
batch_regions | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | string | Region the batch is executed within. Overriden if aws_accounts keyword is provided. |
iam_external_id | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | string | The external ID of the IAM account used. Overriden if aws_accounts keyword is provided. |
iam_role_arn | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | string | The AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided. |
kms_alias | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | string | The KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided. |
processing_account | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-No-inactive)
![]() | body | string | The ID of the processing account. Overriden if aws_accounts keyword is provided. |
from falconpy import CLoudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.register_account(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegisterCspmSnapshotAccount(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aws_accounts": [
{
"account_number": "string",
"batch_regions": [
{
"job_definition_name": "string",
"job_queue": "string",
"region": "string"
}
],
"iam_external_id": "string",
"iam_role_arn": "string",
"kms_alias": "string",
"processing_account": "string"
}
]
}
response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)
print(response)
Retrieve snapshot jobs identified by the provided IDs.
get_scan_jobs
Method | Route |
![GET](https://img.shields.io/badge/-GET-green) | /snapshots/entities/deployments/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | string or list of strings | Search snapshot jobs by ids - The maximum amount is 100 IDs |
parameters | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_jobs(ids=id_list)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDeploymentsEntities(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDeploymentsEntities", ids=id_list)
print(response)
Launch a snapshot scan for a given cloud asset.
launch_scan_job
Method | Route |
![POST](https://img.shields.io/badge/-POST-blue) | /snapshots/entities/deployments/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
account_id | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Required-red) | body | string | Cloud provider account ID. |
asset_id | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Required-red) | body | string | Asset ID. |
body | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Required-red) | body | list of dictionaries | Full body payload in JSON format. |
cloud_provider | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Required-red) | body | string | Cloud provider. |
region | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Required-red) | body | string | Cloud provider region. |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.launch_scan_job(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDeploymentEntity(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"account_id": "string",
"asset_identifier": "string",
"cloud_provider": "string",
"region": "string"
}
]
}
response = falcon.command("CreateDeploymentEntity", body=body_payload)
print(response)
Gets the registry credentials
get_credentials
Method | Route |
![GET](https://img.shields.io/badge/-GET-green) | /snapshots/entities/image-registry-credentials/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentialsMixin0()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsMixin0")
print(response)
retrieve the scan report for an instance
get_scan_reports
Method | Route |
![GET](https://img.shields.io/badge/-GET-green) | /snapshots/entities/scanreports/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | string or list of strings | the instance identifiers to fetch the report for. |
parameters | ![Service Class Support](https://img.shields.io/badge/-Yes-green) | ![Uber Class Support](https://img.shields.io/badge/-Yes-green) | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_reports(ids=id_list)
print(response)
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetScanReport(ids=id_list)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetScanReport", ids=id_list)
print(response)