Using the Cloud Snapshots service collection
Table of Contents
Operation ID | Description | ||||
---|---|---|---|---|---|
| Gets the registry credentials. | ||||
| Create inventory from data received from snapshot. | ||||
| Register a cloud account for snapshot scanning. |
Passing credentials
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetCredentialsMixin0
Gets the registry credentials
PEP8 method name
get_credentials
Endpoint
Method | Route |
---|---|
/snapshots/entities/image-registry-credentials/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer
# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentialsMixin0()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsMixin0")
print(response)
CreateInventory
Create inventory from data received from a snapshot.
PEP8 method name
create_inventory
Endpoint
Method | Route |
---|---|
/snapshots/entities/inventories/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | list of dictionaries | Full body payload in JSON format. | ||
cloud_provider | body | string | Name of the cloud provider. Overriden if job_metadata keyword is provided. | ||
instance_id | body | string | ID of the instance. Overriden if job_metadata keyword is provided. | ||
job_end_time | body | string | End time for the job. UTC date format. Overriden if job_metadata keyword is provided. | ||
job_id | body | string | Job ID. Overriden if job_metadata keyword is provided. | ||
job_start_time | body | string | Start time for the job. UTC date format. Overriden if job_metadata keyword is provided. | ||
message | body | string | Message received upon job completion. Overriden if job_metadata keyword is provided. | ||
scanner_version | body | string | Version identifier for the scanner used. Overriden if job_metadata keyword is provided. | ||
status | body | string | Job completion status. Overriden if job_metadata keyword is provided. | ||
results | body | dictionary | Full results payload. | ||
os_version | body | string | Operating system version. Overriden if results keyword is specified. | ||
applications | body | list of dictionaries | Complete application list. Overriden if results keyword is specified. | ||
major_version | body | string | Application major version. Overriden if results or applications keywords are specified. | ||
package_hash | body | string | Package hash. Overriden if results or applications keywords are specified. | ||
package_provider | body | string | Package provider. Overriden if results or applications keywords are specified. | ||
path | body | string | Application path. Overriden if results or applications keywords are specified. | ||
product | body | string | Application product name. Overriden if results or applications keywords are specified. | ||
software_architecture | body | string | Running architecture for the application. Overriden if results or applications keywords are specified. | ||
type | body | string | Application type. Overriden if results or applications keywords are specified. | ||
vendor | body | string | Application vendor. Overriden if results or applications keywords are specified. | ||
job_metadata | body | dictionary | Complete job metadata. |
Usage
Service class example (PEP8 syntax)
from falconpy.filevantage import FileVantage
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_inventory(cloud_provider="string",
instance_id="string",
job_end_time="string",
job_id="string",
job_start_time="string",
message="string",
scanner_version="string",
status="string",
os_version="string",
major_version="string",
package_hash="string",
package_provider="string",
path="string",
product="string",
software_architecture="string",
type="string",
vendor="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateInventory(cloud_provider="string",
instance_id="string",
job_end_time="string",
job_id="string",
job_start_time="string",
message="string",
scanner_version="string",
status="string",
os_version="string",
major_version="string",
package_hash="string",
package_provider="string",
path="string",
product="string",
software_architecture="string",
type="string",
vendor="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"job_metadata": {
"cloud_provider": "string",
"instance_id": "string",
"job_end_time": "string",
"job_id": "string",
"job_start_time": "string",
"message": "string",
"scanner_version": "string",
"status": "string"
},
"results": {
"applications": [
{
"major_version": "string",
"package_hash": "string",
"package_provider": "string",
"package_source": "string",
"path": "string",
"product": "string",
"software_architecture": "string",
"type": "string",
"vendor": "string"
}
],
"os_version": "string"
}
}
response = falcon.command("updateScheduledExclusions", body=body_payload)
print(response)
RegisterCspmSnapshotAccount
Register a cloud account for snapshot scanning.
PEP8 method name
register_account
Endpoint
Method | Route |
---|---|
/snapshots/entities/accounts/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | list of dictionaries | Full body payload in JSON format. | ||
aws_accounts | body | list of dictionaries | Complete list of AWS accounts to register. | ||
account_number | body | string | AWS account number. Overriden if aws_accounts keyword is provided. | ||
batch_regions | body | string | Region the batch is executed within. Overriden if aws_accounts keyword is provided. | ||
iam_external_id | body | string | The external ID of the IAM account used. Overriden if aws_accounts keyword is provided. | ||
iam_role_arn | body | string | The AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided. | ||
kms_alias | body | string | The KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided. | ||
processing_account | body | string | The ID of the processing account. Overriden if aws_accounts keyword is provided. |
Usage
Service class example (PEP8 syntax)
from falconpy.filevantage import FileVantage
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.register_account(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import FileVantage
falcon = FileVantage(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegisterCspmSnapshotAccount(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aws_accounts": [
{
"account_number": "string",
"batch_regions": [
{
"job_definition_name": "string",
"job_queue": "string",
"region": "string"
}
],
"iam_external_id": "string",
"iam_role_arn": "string",
"kms_alias": "string",
"processing_account": "string"
}
]
}
response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)
print(response)