Operation ID | Description |
| Image assessment history |
| Aggregate count of images grouped by Base OS distribution |
| Aggregate count of images grouped by state |
| Aggregate count of images |
| Retrieve base images identified by the provided filter criteria |
| Get image assessment results by providing an FQL filter and paging details |
| Retrieve top x images with the most vulnerabilities |
| Retrieve image entities identified by the provided filter criteria |
| Retrieve images with an option to expand aggregated vulnerabilities/detections |
| Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities |
| aggregates information about vulnerabilities for an image |
| aggregates information about vulnerabilities for an image |
| Delete base images by base image UUID |
WARNING
client_id
and client_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Image assessment history
aggregate_assessment_history
Method | Route |
| /container-security/aggregates/images/assessment-history/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter using a query in Falcon Query Language (FQL). Supported filters: cid,registry,repository |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_assessment_history(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageAssessmentHistory(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageAssessmentHistory", filter="string")
print(response)
Aggregate count of images grouped by Base OS distribution
aggregate_count_by_base_os
Method | Route |
| /container-security/aggregates/images/count-by-os-distribution/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count_by_base_os(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCountByBaseOS(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCountByBaseOS", filter="string")
print(response)
Aggregate count of images grouped by state
aggregate_count_by_state
Method | Route |
| /container-security/aggregates/images/count-by-state/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen,registry,repository |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count_by_state(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCountByState(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCountByState", filter="string")
print(response)
Aggregate count of images
aggregate_count
Method | Route |
| /container-security/aggregates/images/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,include_base_image_vuln,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCount", filter="string")
print(response)
Retrieve base images identified by the provided filter criteria
get_combined_base_images
Method | Route |
| /container-security/combined/base-images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: image_digest, image_id, registry, repository, tag |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_detail(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageDetail(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageDetail", filter="string")
print(response)
Get image assessment results by providing an FQL filter and paging details
get_combined_images
Method | Route |
| /container-security/combined/image-assessment/images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve [1-100] |
offset |
|
| query | integer | The offset from where to begin. |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
sort |
|
| query | string | The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository source tag] |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCombinedImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCombinedImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve top x images with the most vulnerabilities
get_combined_images_by_vulnerability_count
Method | Route |
| /container-security/combined/images/by-vulnerability-count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
| query | integer | This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets. |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_images_by_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageByVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageByVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
Retrieve image entities identified by the provided filter criteria
get_combined_detail
Method | Route |
| /container-security/combined/images/detail/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag |
with_config |
|
| query | boolean | (true/false) include image config, default is false |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
| query | integer | The offset from where to begin. |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
sort |
|
| query | string | The fields to sort the records on. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_detail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageDetail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageDetail",
filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve images with an option to expand aggregated vulnerabilities/detections
read_combined_export
Method | Route |
| /container-security/combined/images/export/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
filter |
|
| query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,include_base_image_vuln,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity |
expand_vulnerabilities |
|
| query | boolean | expand vulnerabilities |
expand_detections |
|
| query | boolean | expand detections |
limit |
|
| query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
| query | integer | The offset from where to begin. |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
sort |
|
| query | string | The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_cps_current_rating highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository source tag vulnerabilities] |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_export(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedImagesExport(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedImagesExport",
filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
get_combined_issues_summary
Method | Route |
| /container-security/combined/images/issues-summary/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
cid |
|
| query | string | CID |
include_base_image_vuln |
|
| query | boolean | Flag indicating if base image vulnerabilities should be included. |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
registry |
|
| query | string | registry name |
repository |
|
| query | string | repository name |
tag |
|
| query | string | tag name |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_issues_summary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageIssuesSummary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageIssuesSummary",
cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
aggregates information about vulnerabilities for an image
get_combined_vulnerabilities_summary
Method | Route |
| /container-security/combined/images/vulnerabilities-summary/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
cid |
|
| query | string | CID |
include_base_image_vuln |
|
| query | boolean | Flag indicating if base image vulnerabilities should be included. |
parameters |
| | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
registry |
|
| query | string | registry name |
repository |
|
| query | string | repository name |
tag |
|
| query | string | tag name |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_vulnerabilities_summary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageVulnerabilitySummary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageVulnerabilitySummary",
cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
Creates base images using the provided details
create_base_images
Method | Route |
| /container-security/entities/base-images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
body |
|
| body | dictionary | Full body payload in JSON format. |
image_digest |
|
| body | string | Image digest. |
image_id |
|
| body | string | Image ID. |
registry |
|
| body | string | Registry. |
repository |
|
| body | string | Image repository. |
tag |
|
| body | string | Image tag. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_vulnerabilities_summary(image_digest="string",
image_id="string",
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageVulnerabilitySummary(image_digest="string",
image_id="string",
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"base_images": [
{
"image_digest": "string",
"image_id": "string",
"registry": "string",
"repository": "string",
"tag": "string"
}
]
}
response = falcon.command("CreateBaseImagesEntities", body=body_payload)
print(response)
Delete base images by base image UUID
delete_base_images
Method | Route |
| /container-security/entities/base-images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
ids |
|
| query | string or list of strings | Base Image ID(s). |
parameters |
|
| query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_combined_vulnerabilities_summary(ids=id_list)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.CombinedImageVulnerabilitySummary(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteBaseImages", ids=id_list)
print(response)