CrowdStrike Falcon Twitter URL

Using the Falcon Container service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
GetCredentials
PEP 8get_credentials
Gets the registry credentials.
GetImageAssessmentReport
PEP 8get_assessment
Retrieve an assessment report for an image by specifying repository and tag.
DeleteImageDetails
PEP 8delete_image_details
Delete image details from the CrowdStrike registry.
ImageMatchesPolicy
PEP 8image_matches_policy
Check if an image matches a policy by specifying repository and tag.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCredentials

Gets the registry credentials

PEP8 method name

get_credentials

Endpoint

MethodRoute
GET/container-security/entities/image-registry-credentials/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_credentials()
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCredentials()
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("GetCredentials")
print(response)

Back to Table of Contents

GetImageAssessmentReport

Retrieve an assessment report for an image by specifying repository and tag.

PEP8 method name

get_assessment

Endpoint

MethodRoute
GET/reports

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
repository
Service Class Support

Uber Class Support
querystringRepository where the image resides.
tag
Service Class Support

Uber Class Support
querystringTag used for the image assessed.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_assessment(repository="string", tag="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetImageAssessmentReport(repository="string", tag="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("GetImageAssessmentReport", repository="string", tag="string")
print(response)

Back to Table of Contents

DeleteImageDetails

Delete image details from the CrowdStrike registry.

PEP8 method name

delete_image_details

Endpoint

MethodRoute
DELETE/images/{}

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
image_id
Service Class Support

Uber Class Support
pathstringID of the image to delete details for.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.delete_image_details(image_id="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.DeleteImageDetails(image_id="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("DeleteImageDetails", image_id="string")
print(response)

Back to Table of Contents

ImageMatchesPolicy

Check if an image matches a policy by specifying repository and tag.

PEP8 method name

image_matches_policy

Endpoint

MethodRoute
GET/policy-checks

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
repository
Service Class Support

Uber Class Support
querystringRepository where the image resides.
tag
Service Class Support

Uber Class Support
querystringTag used for the image assessed.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.image_matches_policy(repository="string", tag="string")
print(response)

Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ImageMatchesPolicy(repository="string", tag="string")
print(response)

Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

response = falcon.command("ImageMatchesPolicy", repository="string", tag="string")
print(response)

Back to Table of Contents

ReadImageVulnerabilities

Check if an image matches a policy by specifying repository and tag.

PEP8 method name

read_image_vulnerabilities

Endpoint

MethodRoute
POST/image-assessment/combined/vulnerability-lookups/v1

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format, not required if using other keywords.
osversion
Service Class Support

Uber Class Support
bodystringOperating system version for the image to be read.
packages
Service Class Support

Uber Class Support
bodylist of dictionariesList of packages to review.

Usage

Service class example (PEP8 syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

package_list = [
    {
        "LayerHash": "string",
        "LayerIndex": integer,
        "MajorVersion": "string",
        "PackageHash": "string",
        "PackageProvider": "string",
        "PackageSource": "string",
        "Product": "string",
        "SoftwareArchitecture": "string",
        "Status": "string",
        "Vendor": "string"
    }
]

response = falcon.read_image_vulnerabilities(osversion="string", packages=package_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import FalconContainer

# Do not hardcode API credentials!
falcon = FalconContainer(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

package_list = [
    {
        "LayerHash": "string",
        "LayerIndex": integer,
        "MajorVersion": "string",
        "PackageHash": "string",
        "PackageProvider": "string",
        "PackageSource": "string",
        "Product": "string",
        "SoftwareArchitecture": "string",
        "Status": "string",
        "Vendor": "string"
    }
]

response = falcon.ReadImageVulnerabilities(osversion="string", packages=package_list)

print(response)
Uber class example
from falconpy import APIHarness

# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

BODY = {
    "osversion": "string",
    "packages": [
        {
            "LayerHash": "string",
            "LayerIndex": integer,
            "MajorVersion": "string",
            "PackageHash": "string",
            "PackageProvider": "string",
            "PackageSource": "string",
            "Product": "string",
            "SoftwareArchitecture": "string",
            "Status": "string",
            "Vendor": "string"
        }
    ]
}

response = falcon.command("ReadImageVulnerabilities", body=BODY)

print(response)

Back to Table of Contents