Using the Container Vulnerabilities service collection
Table of Contents
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
ReadVulnerabilityCountByActivelyExploited
Aggregate count of vulnerabilities grouped by actively exploited
PEP8 method name
read_vulnerability_counts_by_active_exploited
Endpoint
| Method | Route |
|---|---|
 | /container-security/aggregates/vulnerabilities/count-by-actively-exploited/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_active_exploited(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByActivelyExploited",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCountByCPSRating
Aggregate count of vulnerabilities grouped by csp_rating
PEP8 method name
read_vulnerability_counts_by_cps_rating
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count-by-cps-rating/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_cps_rating(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByCPSRating(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByCPSRating",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCountByCVSSScore
Aggregate count of vulnerabilities grouped by cvss score
PEP8 method name
read_vulnerability_counts_by_cvss_score
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count-by-cvss-score/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_cvss_score(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByCVSSScore",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCountBySeverity
Aggregate count of vulnerabilities grouped by severity
PEP8 method name
read_vulnerability_counts_by_severity
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count-by-severity/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_severity(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountBySeverity(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountBySeverity",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCount
Aggregate count of vulnerabilities
PEP8 method name
read_vulnerability_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/vulnerabilities/count/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilitiesByImageCount
Retrieve top x vulnerabilities with the most impacted images
PEP8 method name
read_vulnerabilities_by_count
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/by-image-count/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerabilities_by_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilitiesByImageCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilitiesByImageCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilitiesPublicationDate
Retrieve top x vulnerabilities with the most recent publication date
PEP8 method name
read_vulnerabilities_by_pub_date
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/by-published-date/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerabilities_by_pub_date(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilitiesPublicationDate(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilitiesPublicationDate",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadCombinedVulnerabilitiesDetails
Retrieve vulnerability details related to an image
PEP8 method name
read_combined_vulnerability_detail
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/details/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Image UUID |
| filter | | | query | string | Filter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,is_zero_day,remediation_available,severity |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerability_detail(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilitiesDetails(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilitiesDetails",
id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadCombinedVulnerabilitiesInfo
Retrieve vulnerability and package related info for this customer
PEP8 method name
read_combined_vulnerabilities_info
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/info/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cve_id | | | query | string | Vulnerability CVE ID |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerabilities_info(cve_id="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilitiesInfo",
cve_id="string",
limit=integer,
offset=integer
)
print(response)
ReadCombinedVulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL
PEP8 method name
read_combined_vulnerabilities
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/vulnerabilities/v1 |
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | | | query | string | The fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity] |
Usage
Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)