Using the Container Detections service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetRuntimeDetectionsCombinedV2

Retrieve image assessment detections identified by the provided filter criteria.

PEP8 method name

search_runtime_detections

Endpoint

Method	Route
	/container-security/combined/runtime-detections/v2

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter container runtime detections using a query in Falcon Query Language (FQL). Supported filters: action_taken, aid, cid, cloud, cluster_name, command_line, computer_name, container_id, detect_timestamp, detection_description, detection_id, file_name, file_path, host_id, host_type, image_id, name, namespace, pod_name, severity, tactic
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported fields: containers_impacted, detection_name, detection_severity, detection_type, images_impacted, last_detected

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.search_runtime_detections(filter="string",
                                            limit=integer,
                                            offset=integer,
                                            sort="string"
                                            )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.GetRuntimeDetectionsCombinedV2(filter="string",
                                                 limit=integer,
                                                 offset=integer,
                                                 sort="string"
                                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetRuntimeDetectionsCombinedV2",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadDetectionsCountBySeverity

Aggregate counts of detections by severity

PEP8 method name

read_detection_counts_by_severity

Endpoint

Method	Route
	/container-security/aggregates/detections/count-by-severity/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,detection_type,id,image_digest,image_id,image_registry,image_repository,image_tag,name,severity
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.read_detection_counts_by_severity(filter="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.ReadDetectionsCountBySeverity(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDetectionsCountBySeverity", filter="string")

print(response)

ReadDetectionsCountByType

Aggregate counts of detections by detection type

PEP8 method name

read_detections_count_by_type

Endpoint

Method	Route
	/container-security/aggregates/detections/count-by-type/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,detection_type,id,image_digest,image_id,image_registry,image_repository,image_tag,name,severity
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.read_detections_count_by_type(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.ReadDetectionsCountByType(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDetectionsCountByType", filter="string")

print(response)

ReadDetectionsCount

Aggregate count of detections

PEP8 method name

read_detections_count

Endpoint

Method	Route
	/container-security/aggregates/detections/count/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,detection_type,id,image_digest,image_id,image_registry,image_repository,image_tag,name,severity
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.read_detections_count(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.ReadDetectionsCount(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDetectionsCount", filter="string")

print(response)

ReadCombinedDetections

Retrieve image assessment detections identified by the provided filter criteria

PEP8 method name

read_combined_detections

Endpoint

Method	Route
	/container-security/combined/detections/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,detection_type,id,image_digest,image_id,image_registry,image_repository,image_tag,name,severity
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: [containers_impacted detection_name detection_severity detection_type images_impacted last_detected]

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.read_combined_detections(filter="string",
                                           limit=integer,
                                           offset=integer,
                                           sort="string"
                                           )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.ReadCombinedDetections(filter="string",
                                         limit=integer,
                                         offset=integer,
                                         sort="string"
                                         )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedDetections",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadDetections

Retrieve image assessment detection entities identified by the provided filter criteria

PEP8 method name

read_detections

Endpoint

Method	Route
	/container-security/entities/detections/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,detection_type,image_registry,image_repository,image_tag
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.read_detections(filter="string",
                                  limit=integer,
                                  offset=integer
                                  )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.ReadDetections(filter="string",
                                 limit=integer,
                                 offset=integer
                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDetections",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )

print(response)

SearchDetections

Retrieve image assessment detection entities identified by the provided filter criteria

PEP8 method name

search_detections

Endpoint

Method	Route
	/container-security/queries/detections/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,detection_type,id,image_digest,image_id,image_registry,image_repository,image_tag,name,severity
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.search_detections(filter="string",
                                    limit=integer,
                                    offset=integer
                                    )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerDetections

# Do not hardcode API credentials!
falcon = ContainerDetections(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.SearchDetections(filter="string",
                                   limit=integer,
                                   offset=integer
                                   )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("SearchDetections",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)