Using the Container Images service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

AggregateImageAssessmentHistory

Image assessment history

PEP8 method name

aggregate_assessment_history

Endpoint

Method	Route
	/container-security/aggregates/images/assessment-history/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter using a query in Falcon Query Language (FQL). Supported filters: cid,registry,repository
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_assessment_history(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageAssessmentHistory(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageAssessmentHistory", filter="string")

print(response)

AggregateImageCountByBaseOS

Aggregate count of images grouped by Base OS distribution

PEP8 method name

aggregate_count_by_base_os

Endpoint

Method	Route
	/container-security/aggregates/images/count-by-os-distribution/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count_by_base_os(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCountByBaseOS(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCountByBaseOS", filter="string")

print(response)

AggregateImageCountByState

Aggregate count of images grouped by state

PEP8 method name

aggregate_count_by_state

Endpoint

Method	Route
	/container-security/aggregates/images/count-by-state/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen,registry,repository
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count_by_state(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCountByState(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCountByState", filter="string")

print(response)

AggregateImageCount

Aggregate count of images

PEP8 method name

aggregate_count

Endpoint

Method	Route
	/container-security/aggregates/images/count/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCount(filter="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCount", filter="string")

print(response)

GetCombinedImages

Get image assessment results by providing an FQL filter and paging details

PEP8 method name

get_combined_images

Endpoint

Method	Route
	/container-security/combined/image-assessment/images/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity
limit			query	integer	The upper-bound on the number of records to retrieve [1-100]
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository tag]

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_images(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCombinedImages(filter="string",
                                    limit=integer,
                                    offset=integer,
                                    sort="string"
                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedImages",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

CombinedImageByVulnerabilityCount

Retrieve top x images with the most vulnerabilities

PEP8 method name

get_combined_images_by_vulnerability_count

Endpoint

Method	Route
	/container-security/combined/images/by-vulnerability-count/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_images_by_vulnerability_count(filter="string",
                                                             limit=integer,
                                                             offset=integer
                                                             )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageByVulnerabilityCount(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageByVulnerabilityCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

CombinedImageDetail

Retrieve image entities identified by the provided filter criteria

PEP8 method name

get_combined_detail

Endpoint

Method	Route
	/container-security/combined/images/detail/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag
with_config			query	boolean	(true/false) include image config, default is false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_detail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageDetail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageDetail",
                          filter="string",
                          with_config=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadCombinedImagesExport

Retrieve images with an option to expand aggregated vulnerabilities/detections

PEP8 method name

read_combined_export

Endpoint

Method	Route
	/container-security/combined/images/export/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
expand_vulnerabilities			query	boolean	expand vulnerabilities
expand_detections			query	boolean	expand detections
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_cps_current_rating highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository tag vulnerabilities]

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_combined_export(filter="string",
                                       expand_vulnerabilities=boolean,
                                       expand_detections=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadCombinedImagesExport(filter="string",
                                           expand_vulnerabilities=boolean,
                                           expand_detections=boolean,
                                           limit=integer,
                                           offset=integer,
                                           sort="string"
                                           )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedImagesExport",
                          filter="string",
                          expand_vulnerabilities=boolean,
                          expand_detections=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

CombinedImageIssuesSummary

Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities

PEP8 method name

get_combined_issues_summary

Endpoint

Method	Route
	/container-security/combined/images/issues-summary/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
cid			query	string	CID
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
registry			query	string	registry name
repository			query	string	repository name
tag			query	string	tag name

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_issues_summary(cid="string",
                                              registry="string",
                                              repository="string",
                                              tag="string"
                                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageIssuesSummary(cid="string",
                                             registry="string",
                                             repository="string",
                                             tag="string"
                                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageIssuesSummary",
                          cid="string",
                          registry="string",
                          repository="string",
                          tag="string"
                          )
print(response)

CombinedImageVulnerabilitySummary

aggregates information about vulnerabilities for an image

PEP8 method name

get_combined_vulnerabilities_summary

Endpoint

Method	Route
	/container-security/combined/images/vulnerabilities-summary/v1

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
cid			query	string	CID
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
registry			query	string	registry name
repository			query	string	repository name
tag			query	string	tag name

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_vulnerabilities_summary(cid="string",
                                                       registry="string",
                                                       repository="string",
                                                       tag="string"
                                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageVulnerabilitySummary(cid="string",
                                                    registry="string",
                                                    repository="string",
                                                    tag="string"
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageVulnerabilitySummary",
                          cid="string",
                          registry="string",
                          repository="string",
                          tag="string"
                          )
print(response)