CrowdStrike Falcon CrowdStrike Subreddit

Using the Container Vulnerabilities service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
ReadVulnerabilityCountByActivelyExploited
PEP8read_vulnerability_counts_by_active_exploited
Aggregate count of vulnerabilities grouped by actively exploited
ReadVulnerabilityCountByCPSRating
PEP8read_vulnerability_counts_by_cps_rating
Aggregate count of vulnerabilities grouped by csp_rating
ReadVulnerabilityCountByCVSSScore
PEP8read_vulnerability_counts_by_cvss_score
Aggregate count of vulnerabilities grouped by cvss score
ReadVulnerabilityCountBySeverity
PEP8read_vulnerability_counts_by_severity
Aggregate count of vulnerabilities grouped by severity
ReadVulnerabilityCount
PEP8read_vulnerability_count
Aggregate count of vulnerabilities
ReadVulnerabilitiesByImageCount
PEP8read_vulnerabilities_by_count
Retrieve top x vulnerabilities with the most impacted images
ReadVulnerabilitiesPublicationDate
PEP8read_vulnerabilities_by_pub_date
Retrieve top x vulnerabilities with the most recent publication date
ReadCombinedVulnerabilitiesDetails
PEP8read_combined_vulnerability_detail
Retrieve vulnerability details related to an image
ReadCombinedVulnerabilitiesInfo
PEP8read_combined_vulnerabilities_info
Retrieve vulnerability and package related info for this customer
ReadCombinedVulnerabilities
PEP8read_combined_vulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL

ReadVulnerabilityCountByActivelyExploited

Aggregate count of vulnerabilities grouped by actively exploited

PEP8 method name

read_vulnerability_counts_by_active_exploited

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-actively-exploited/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_active_exploited(filter="string",
                                                                limit=integer,
                                                                offset=integer
                                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
                                                            limit=integer,
                                                            offset=integer
                                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountByActivelyExploited",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountByCPSRating

Aggregate count of vulnerabilities grouped by csp_rating

PEP8 method name

read_vulnerability_counts_by_cps_rating

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-cps-rating/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_cps_rating(filter="string",
                                                          limit=integer,
                                                          offset=integer
                                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByCPSRating(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountByCPSRating",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountByCVSSScore

Aggregate count of vulnerabilities grouped by cvss score

PEP8 method name

read_vulnerability_counts_by_cvss_score

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-cvss-score/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_cvss_score(filter="string",
                                                          limit=integer,
                                                          offset=integer
                                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.command("ReadVulnerabilityCountByCVSSScore",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountBySeverity

Aggregate count of vulnerabilities grouped by severity

PEP8 method name

read_vulnerability_counts_by_severity

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count-by-severity/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_severity(filter="string",
                                                        limit=integer,
                                                        offset=integer
                                                        )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountBySeverity(filter="string",
                                                   limit=integer,
                                                   offset=integer
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountBySeverity",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCount

Aggregate count of vulnerabilities

PEP8 method name

read_vulnerability_count

Endpoint

MethodRoute
GET/container-security/aggregates/vulnerabilities/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_count(filter="string",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCount(filter="string",
                                         limit=integer,
                                         offset=integer
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilitiesByImageCount

Retrieve top x vulnerabilities with the most impacted images

PEP8 method name

read_vulnerabilities_by_count

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/by-image-count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerabilities_by_count(filter="string",
                                                limit=integer,
                                                offset=integer
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilitiesByImageCount(filter="string",
                                                  limit=integer,
                                                  offset=integer
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilitiesByImageCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilitiesPublicationDate

Retrieve top x vulnerabilities with the most recent publication date

PEP8 method name

read_vulnerabilities_by_pub_date

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/by-published-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerabilities_by_pub_date(filter="string",
                                                   limit=integer,
                                                   offset=integer
                                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilitiesPublicationDate(filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilitiesPublicationDate",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilitiesDetails

Retrieve vulnerability details related to an image

PEP8 method name

read_combined_vulnerability_detail

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/details/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringImage UUID
filter
Service Class Support

Uber Class Support
querystringFilter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,is_zero_day,remediation_available,severity
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerability_detail(id="string",
                                                     filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilitiesDetails(id="string",
                                                     filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilitiesDetails",
                          id="string",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilitiesInfo

Retrieve vulnerability and package related info for this customer

PEP8 method name

read_combined_vulnerabilities_info

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/info/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cve_id
Service Class Support

Uber Class Support
querystringVulnerability CVE ID
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerabilities_info(cve_id="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
                                                  limit=integer,
                                                  offset=integer
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilitiesInfo",
                          cve_id="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilities

Retrieve vulnerability and aggregate data filtered by the provided FQL

PEP8 method name

read_combined_vulnerabilities

Endpoint

MethodRoute
GET/container-security/combined/vulnerabilities/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filter
Service Class Support

Uber Class Support
querystringFilter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
queryintegerThe upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
queryintegerThe offset from where to begin.
sort
Service Class Support

Uber Class Support
querystringThe fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity]

Usage

Service class example (PEP8 syntax)
from falconpy.container_vulnerabilities import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerabilities(filter="string",
                                                limit=integer,
                                                offset=integer,
                                                sort="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilities(filter="string",
                                              limit=integer,
                                              offset=integer,
                                              sort="string"
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilities",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)