Using the Kubernetes Protection service collection
Table of Contents
Operation ID | Description | ||||
---|---|---|---|---|---|
| Provides a list of AWS accounts. | ||||
| Creates a new AWS account in our system for a customer and generates the installation script. | ||||
| Delete AWS accounts. | ||||
| Updates the AWS account per the query parameters provided. | ||||
| Provides the azure subscriptions registered to Kubernetes Protection. | ||||
| Create Azure Subscriptions. | ||||
| Delete Azure Subscriptions. | ||||
| Provides the cloud locations acknowledged by the Kubernetes Protection service. | ||||
| Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart. | ||||
| Regenerate API key for docker registry integrations. | ||||
| Provides the clusters acknowledged by the Kubernetes Protection service. | ||||
| Triggers a dry run or a full scan of a customer's kubernetes footprint. | ||||
| Adds the client ID for the given tenant ID to our system. |
Passing credentials
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
GetAWSAccountsMixin0
Provides a list of AWS accounts.
PEP8 method name
get_aws_accounts
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | AWS Account ID(s). | ||
limit | query | integer | Maximum number of records to return. | ||
offset | query | integer | Starting index of overall result set from which to return ids. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
status | query | string | Filter by account status. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccountsMixin0(status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccountsMixin0",
status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)
Back to Table of Contents
CreateAWSAccount
Creates a new AWS account in our system for a customer and generates the installation script
PEP8 method name
create_aws_account
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
account_id | body | string | Account ID. | ||
region | body | string | Cloud region. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string", region="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAWSAccount(account_id="string", region="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"region": "string"
}
]
}
response = falcon.command("CreateAWSAccount", body=BODY)
print(response)
Back to Table of Contents
DeleteAWSAccountsMixin0
Delete AWS accounts.
PEP8 method name
delete_aws_accounts
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | AWS Account ID(s) to delete. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccountsMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)
print(response)
Back to Table of Contents
UpdateAWSAccount
Updates the AWS account per the query parameters provided
PEP8 method name
update_aws_account
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | AWS Account ID(s) to update. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
region | query | string | Default region for account automation. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_aws_account(region="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateAWSAccount(region="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)
print(response)
Back to Table of Contents
ListAzureAccounts
Provides the azure subscriptions registered to Kubernetes Protection.
PEP8 method name
list_azure_accounts
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/azure/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Azure Tenant ID(s). | ||
subscription_id | query | string or list of strings | Azure Subscription ID(s). | ||
is_horizon_account | query | boolean | Flag indicating if we should filter by accounts originating from Horizon. | ||
limit | query | integer | Maximum number of records to return. | ||
offset | query | integer | Starting index of overall result set from which to return ids. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
status | query | string | Filter by account status (operational or provisioned ). |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.list_azure_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.ListAzureAccounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.command("ListAzureAccounts",
status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Back to Table of Contents
CreateAzureSubscription
Creates a new Azure Subscription in our system
PEP8 method name
create_azure_subscription
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/azure/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
subscription_id | body | string | Azure Subscription ID. | ||
tenant_id | body | string | Azure Tenant ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response = falcon.command("CreateAzureSubscription", body=BODY)
print(response)
Back to Table of Contents
DeleteAzureSubscription
Delete an Azure Subscription from the system.
PEP8 method name
delete_azure_subscription
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/azure/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Azure Subscription ID(s) to delete. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_subscription(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAzureSubscription(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAzureSubscription", ids=id_list)
print(response)
Back to Table of Contents
GetLocations
Provides the cloud locations acknowledged by the Kubernetes Protection service
PEP8 method name
get_locations
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/cloud-locations/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
clouds | query | string or list of strings | Cloud provider. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.get_locations(clouds=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.GetLocations(clouds=id_list)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.command("GetLocations", clouds=id_list)
print(response)
Back to Table of Contents
GetHelmValuesYaml
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
PEP8 method name
get_helm_values_yaml
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/integration/agent/v1 |
Content-Type
- Consumes: application/json
- Produces: application/yaml
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cluster_name | query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_helm_values_yaml(cluster_name="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHelmValuesYaml(cluster_name="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHelmValuesYaml", cluster_name="string")
print(response)
Back to Table of Contents
RegenerateAPIKey
Regenerate API key for docker registry integrations.
PEP8 method name
regenerate
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/integration/api-key/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
No keywords are arguments are required.
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.regenerate()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegenerateAPIKey()
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RegenerateAPIKey")
print(response)
Back to Table of Contents
GetClusters
Provides the clusters acknowledged by the Kubernetes Protection service
PEP8 method name
get_clusters
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/kubernetes/clusters/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cluster_name | query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. | ||
account_ids | query | string or list of strings | Cluster account ID. For EKS this will be the AWS account ID. | ||
locations | query | string or list of strings | Cloud location. | ||
cluster_service | query | string | Cluster service. | ||
limit | query | integer | Maximum number of results to return. | ||
offset | query | integer | Starting offset to begin returning results. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
response = falcon.get_clusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
response = falcon.GetClusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
response = falcon.command("GetClusters",
cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
TriggerScan
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PEP8 method name
trigger_scan
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/scan/trigger/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
scan_type | query | string | Type of scan to perform, cluster-refresh , dry-run or full . Defaults to dry-run . | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.trigger_scan(scan_type="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.TriggerScan(scan_type="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("TriggerScan", scan_type="string")
print(response)
Back to Table of Contents
PatchAzureServicePrincipal
Adds the client ID for the given tenant ID to our system.
PEP8 method name
update_azure_service_principal or patch_azure_service_principal
Endpoint
Method | Route |
---|---|
/kubernetes-protection/entities/service-principal/azure/v1 |
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id | query | string | Azure Tenant ID. | ||
client_id | query | string | Azure Client ID. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_service_principal(id="string", client_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")
print(response)
Uber class example
from falconpy import APIHarness
# Do not hardcode API credentials!
falcon = APIHarness(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")
print(response)
Back to Table of Contents