| Operation ID | Description |
|---|
| Retrieve clusters by date range counts |
| Bucket clusters by kubernetes version |
| Bucket clusters by status |
| Retrieve cluster counts |
| Retrieve containers by date range counts |
| Retrieve top container image registries |
| Retrieve containers count affected by zero day vulnerabilities |
| Retrieve count of vulnerable images running on containers |
| Retrieve container counts |
| Retrieve containers by container_runtime_version |
| Group the containers by Managed |
| Retrieve count of image assessment detections on running containers over a period of time |
| Retrieve count of image states running on containers |
| Bucket containers by agent type and calculate sensor coverage |
| Retrieve container vulnerabilities by severity counts |
| Retrieve deployments by date range counts |
| Retrieve deployment counts |
| Retrieve cluster enrichment data |
| Retrieve node enrichment data |
| Retrieve count of distinct images running on containers |
| Bucket container by image-digest |
| Returns the count of Kubernetes IOMs by the date. by default it's for 7 days. |
| Returns the total count of Kubernetes IOMs over the past seven days |
| Bucket nodes by cloud providers |
| Bucket nodes by their container engine version |
| Retrieve nodes by date range counts |
| Retrieve node counts |
| Retrieve pods by date range counts |
| Retrieve pod counts |
| Retrieve kubernetes clusters identified by the provided filter criteria |
| Retrieve images on running containers |
| Retrieve containers identified by the provided filter criteria |
| Retrieve kubernetes deployments identified by the provided filter criteria |
| Search Kubernetes IOM by the provided search criteria |
| Retrieve kubernetes nodes identified by the provided filter criteria |
| Retrieve kubernetes pods identified by the provided filter criteria |
| Retrieve Kubernetes IOM entities identified by the provided IDs |
| Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query |
| Provides a list of AWS accounts. |
| Creates a new AWS account in our system for a customer and generates the installation script. |
| Delete AWS accounts. |
| Updates the AWS account per the query parameters provided. |
| Provides the azure subscriptions registered to Kubernetes Protection. |
| Create Azure Subscriptions. |
| Delete Azure Subscriptions. |
| Provides the cloud locations acknowledged by the Kubernetes Protection service. |
| Returns a combined list of provisioned cloud accounts and known kubernetes clusters. |
| Returns the Azure tenant config. |
| Gets static bash scripts that are used during registration. |
| Provides all the azure subscriptions and tenants. |
| Provides the script to run for a given tenant id and subscription IDs. |
| Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart. |
| Regenerate API key for docker registry integrations. |
| Provides the clusters acknowledged by the Kubernetes Protection service. |
| Triggers a dry run or a full scan of a customer's kubernetes footprint. |
| Adds the client ID for the given tenant ID to our system. |
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Retrieve clusters by date range counts
read_clusters_by_date_range
| Method | Route |
|---|
 | /container-security/aggregates/clusters/count-by-date/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_date_range()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByDateRangeCount()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByDateRangeCount")
print(response)
Bucket clusters by kubernetes version
read_clusters_by_version
| Method | Route |
|---|
| /container-security/aggregates/clusters/count-by-kubernetes-version/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_version(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByKubernetesVersionCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByKubernetesVersionCount", filter="string")
print(response)
Bucket clusters by status
read_clusters_by_status
| Method | Route |
|---|
| /container-security/aggregates/clusters/count-by-status/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_status(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByStatusCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByStatusCount", filter="string")
print(response)
Retrieve cluster counts
read_cluster_count
| Method | Route |
|---|
| /container-security/aggregates/clusters/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_cluster_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCount", filter="string")
print(response)
Retrieve containers by date range counts
read_containers_by_date_range
| Method | Route |
|---|
| /container-security/aggregates/containers/count-by-date/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Get container counts using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_by_date_range(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainersByDateRangeCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainersByDateRangeCount", filter="string")
print(response)
Retrieve top container image registries
read_containers_by_registry
| Method | Route |
|---|
| /container-security/aggregates/containers/count-by-registry/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| under_assessment | ![]()
![]() | ![]()
![]() | query | boolean | (true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_by_registry(under_assessment=boolean, limit=integer)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCountByRegistry(under_assessment=boolean, limit=integer)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCountByRegistry", under_assessment=boolean, limit=integer)
print(response)
Retrieve containers count affected by zero day vulnerabilities
read_zero_day_affected_counts
| Method | Route |
|---|
| /container-security/aggregates/containers/count-by-zero-day/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_zero_day_affected_counts()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.FindContainersCountAffectedByZeroDayVulnerabilities()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("FindContainersCountAffectedByZeroDayVulnerabilities")
print(response)
Retrieve count of vulnerable images running on containers
read_vulnerable_container_count
| Method | Route |
|---|
| /container-security/aggregates/containers/count-vulnerable-images/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerable_container_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerableContainerImageCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerableContainerImageCount", filter="string")
print(response)
Retrieve container counts
read_container_counts
| Method | Route |
|---|
| /container-security/aggregates/containers/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_container_counts(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCount", filter="string")
print(response)
Retrieve containers by container_runtime_version
find_containers_by_runtime_version
| Method | Route |
|---|
| /container-security/aggregates/containers/find-by-runtimeversion/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of container records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | It is used to get the offset |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.find_containers_by_runtime_version(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.FindContainersByContainerRunTimeVersion(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("FindContainersByContainerRunTimeVersion",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Group the containers by Managed
group_managed_containers
| Method | Route |
|---|
| /container-security/aggregates/containers/group-by-managed/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.group_managed_containers(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GroupContainersByManaged(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GroupContainersByManaged", filter="string")
print(response)
Retrieve count of image assessment detections on running containers over a period of time
read_detections_count_by_date
| Method | Route |
|---|
| /container-security/aggregates/containers/image-detections-count-by-date/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_detections_count_by_date(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImageDetectionsCountByDate(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImageDetectionsCountByDate", filter="string")
print(response)
Retrieve count of image states running on containers
read_images_by_state
| Method | Route |
|---|
| /container-security/aggregates/containers/images-by-state/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Filter using a query in Falcon Query Language (FQL). Supported filters: cid |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_images_by_state(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImagesByState(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImagesByState", filter="string")
print(response)
Bucket containers by agent type and calculate sensor coverage
read_sensor_coverage
| Method | Route |
|---|
| /container-security/aggregates/containers/sensor-coverage/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_sensor_coverage(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainersSensorCoverage(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainersSensorCoverage", filter="string")
print(response)
Retrieve container vulnerabilities by severity counts
read_vulnerability_counts_by_severity
| Method | Route |
|---|
| /container-security/aggregates/containers/vulnerability-count-by-severity/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Get vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_severity(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerVulnerabilitiesBySeverityCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerVulnerabilitiesBySeverityCount", filter="string")
print(response)
Retrieve deployments by date range counts
read_deployment_counts_by_date_range
| Method | Route |
|---|
| /container-security/aggregates/deployments/count-by-date/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployment_counts_by_date_range()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsByDateRangeCount()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsByDateRangeCount")
print(response)
Retrieve deployment counts
read_deployment_count
| Method | Route |
|---|
| /container-security/aggregates/deployments/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployment_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentCount", filter="string")
print(response)
Retrieve cluster enrichment data
read_cluster_enrichment
| Method | Route |
|---|
| /container-security/aggregates/enrichment/clusters/entities/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| cluster_id | ![]()
![]() | ![]()
![]() | query | string or list of strings | One or more cluster ids for which to retrieve enrichment info |
| filter | ![]()
![]() | ![]()
![]() | query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadClusterEnrichment(cluster_id=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadClusterEnrichment", cluster_id=id_list, filter="string")
print(response)
Retrieve node enrichment data
read_node_enrichment
| Method | Route |
|---|
| /container-security/aggregates/enrichment/nodes/entities/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| node_name | ![]()
![]() | ![]()
![]() | query | string or list of strings | One or more node names for which to retrieve enrichment info |
| filter | ![]()
![]() | ![]()
![]() | query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_node_enrichment(node_name=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadNodeEnrichment(node_name=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadNodeEnrichment", node_name=id_list, filter="string")
print(response)
Retrieve count of distinct images running on containers
read_distinct_image_count
| Method | Route |
|---|
| /container-security/aggregates/images/count-by-distinct/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_distinct_image_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDistinctContainerImageCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDistinctContainerImageCount", filter="string")
print(response)
Bucket container by image-digest
read_images_by_most_used
| Method | Route |
|---|
| /container-security/aggregates/images/most-used/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_images_by_most_used(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImagesByMostUsed(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImagesByMostUsed", filter="string")
print(response)
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.
read_iom_count_by_date_range
| Method | Route |
|---|
| /container-security/aggregates/kubernetes-ioms/count-by-date/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_iom_count_by_date_range(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadKubernetesIomByDateRange(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadKubernetesIomByDateRange", filter="string")
print(response)
Returns the total count of Kubernetes IOMs over the past seven days
read_iom_count
| Method | Route |
|---|
| /container-security/aggregates/kubernetes-ioms/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_iom_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadKubernetesIomCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadKubernetesIomCount", filter="string")
print(response)
Bucket nodes by cloud providers
read_node_counts_by_cloud
| Method | Route |
|---|
| /container-security/aggregates/nodes/count-by-cloud/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts_by_cloud(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByCloudCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByCloudCount", filter="string")
print(response)
Bucket nodes by their container engine version
read_nodes_by_container_engine_version
| Method | Route |
|---|
| /container-security/aggregates/nodes/count-by-container-engine-version/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_nodes_by_container_engine_version(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByContainerEngineVersionCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByContainerEngineVersionCount", filter="string")
print(response)
Retrieve nodes by date range counts
read_node_counts_by_date_range
| Method | Route |
|---|
| /container-security/aggregates/nodes/count-by-date/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts_by_date_range(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByDateRangeCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByDateRangeCount", filter="string")
print(response)
Retrieve node counts
read_node_counts
| Method | Route |
|---|
| /container-security/aggregates/nodes/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodeCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodeCount", filter="string")
print(response)
Retrieve pods by date range counts
read_pod_counts_by_date_range
| Method | Route |
|---|
| /container-security/aggregates/pods/count-by-date/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pod_counts_by_date_range()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodsByDateRangeCount()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodsByDateRangeCount")
print(response)
Retrieve pod counts
read_pod_counts
| Method | Route |
|---|
| /container-security/aggregates/pods/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pod_counts(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodCount", filter="string")
print(response)
Retrieve kubernetes clusters identified by the provided filter criteria
read_clusters_combined
| Method | Route |
|---|
| /container-security/combined/clusters/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve images on running containers
read_running_images
| Method | Route |
|---|
| /container-security/combined/container-images/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Retrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,running_status |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_running_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadRunningContainerImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response = falcon.command("ReadRunningContainerImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve containers identified by the provided filter criteria
read_containers_combined
| Method | Route |
|---|
| /container-security/combined/containers/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve kubernetes deployments identified by the provided filter criteria
read_deployments_combined
| Method | Route |
|---|
| /container-security/combined/deployments/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployments_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Search Kubernetes IOM by the provided search criteria
search_and_read_ioms
| Method | Route |
|---|
| /container-security/combined/kubernetes-ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | The fields to sort the records on. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_and_read_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchAndReadKubernetesIomEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchAndReadKubernetesIomEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve kubernetes nodes identified by the provided filter criteria
read_nodes_combined
| Method | Route |
|---|
| /container-security/combined/nodes/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_nodes_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodeCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodeCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve kubernetes pods identified by the provided filter criteria
read_pods_combined
| Method | Route |
|---|
| /container-security/combined/pods/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pods_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve Kubernetes IOM entities identified by the provided IDs
read_iom_entities
| Method | Route |
|---|
| /container-security/entities/kubernetes-ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | array (string) | Search Kubernetes IOMs by ids - The maximum amount is 100 IDs |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.read_iom_entities(ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadKubernetesIomEntities(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadKubernetesIomEntities", ids=id_list)
print(response)
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
search_ioms
| Method | Route |
|---|
| /container-security/queries/kubernetes-ioms/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| filter | ![]()
![]() | ![]()
![]() | query | string | Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity |
| limit | ![]()
![]() | ![]()
![]() | query | integer | The upper-bound on the number of records to retrieve. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | The offset from where to begin. |
| sort | ![]()
![]() | ![]()
![]() | query | string | The fields to sort the records on. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchKubernetesIoms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response = falcon.command("SearchKubernetesIoms",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Provides a list of AWS accounts.
get_aws_accounts
| Method | Route |
|---|
| /kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | AWS Account ID(s). |
| is_horizon_account | ![]()
![]() | ![]()
![]() | query | string | Filter by whether an account originates from Horizon or not. Allowed values: False or True |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
| status | ![]()
![]() | ![]()
![]() | query | string | Filter by account status. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccountsMixin0(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccountsMixin0",
status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
Back to Table of Contents
Creates a new AWS account in our system for a customer and generates the installation script
create_aws_account
| Method | Route |
|---|
 | /kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| account_id | ![]()
![]() | ![]()
![]() | body | string | Account ID. |
| region | ![]()
![]() | ![]()
![]() | body | string | Cloud region. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string", region="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAWSAccount(account_id="string", region="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"region": "string"
}
]
}
response = falcon.command("CreateAWSAccount", body=BODY)
print(response)
Back to Table of Contents
Delete AWS accounts.
delete_aws_accounts
| Method | Route |
|---|
 | /kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | AWS Account ID(s) to delete. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccountsMixin0(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)
print(response)
Back to Table of Contents
Updates the AWS account per the query parameters provided
update_aws_account
| Method | Route |
|---|
 | /kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | AWS Account ID(s) to update. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
| region | ![]()
![]() | ![]()
![]() | query | string | Default region for account automation. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_aws_account(region="string", ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateAWSAccount(region="string", ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)
print(response)
Back to Table of Contents
Provides the azure subscriptions registered to Kubernetes Protection.
list_azure_accounts
| Method | Route |
|---|
| /kubernetes-protection/entities/accounts/azure/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Azure Tenant ID(s). |
| subscription_id | ![]()
![]() | ![]()
![]() | query | string or list of strings | Azure Subscription ID(s). |
| is_horizon_account | ![]()
![]() | ![]()
![]() | query | boolean | Flag indicating if we should filter by accounts originating from Horizon. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of records to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting index of overall result set from which to return ids. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
| status | ![]()
![]() | ![]()
![]() | query | string | Filter by account status (operational or provisioned). |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.list_azure_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.ListAzureAccounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.command("ListAzureAccounts",
status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Back to Table of Contents
Creates a new Azure Subscription in our system
create_azure_subscription
| Method | Route |
|---|
| /kubernetes-protection/entities/accounts/azure/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| body | ![]()
![]() | ![]()
![]() | body | dictionary | Full body payload in JSON format. |
| subscription_id | ![]()
![]() | ![]()
![]() | body | string | Azure Subscription ID. |
| tenant_id | ![]()
![]() | ![]()
![]() | body | string | Azure Tenant ID. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response = falcon.command("CreateAzureSubscription", body=BODY)
print(response)
Back to Table of Contents
Delete an Azure Subscription from the system.
delete_azure_subscription
| Method | Route |
|---|
| /kubernetes-protection/entities/accounts/azure/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Azure Subscription ID(s) to delete. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_subscription(ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAzureSubscription(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAzureSubscription", ids=id_list)
print(response)
Back to Table of Contents
Provides the cloud locations acknowledged by the Kubernetes Protection service
get_locations
| Method | Route |
|---|
| /kubernetes-protection/entities/cloud-locations/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| clouds | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cloud provider. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.get_locations(clouds=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.GetLocations(clouds=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.command("GetLocations", clouds=id_list)
print(response)
Back to Table of Contents
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
get_cloud_clusters
| Method | Route |
|---|
| /kubernetes-protection/entities/cloud_cluster/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| cluster_service | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cluster Service. |
| cluster_status | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cluster Status. |
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cloud Account IDs. |
| locations | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cloud location. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Limit returned results. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Pagination offset. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters",
cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Returns the Azure tenant config.
get_azure_tenant_config
| Method | Route |
|---|
| /kubernetes-protection/entities/config/azure/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cloud Account IDs. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Limit returned results. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Pagination offset. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_tenant_config(ids=id_list,
limit=integer,
offset=integer
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureTenantConfig(ids=id_list,
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureTenantConfig",
ids=id_list,
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Get static bash scripts that are used during registration.
get_static_scripts
| Method | Route |
|---|
| /kubernetes-protection/entities/gen/scripts/v1 |
- Consumes: application/json
- Produces: application/octet-stream
No keywords or arguments accepted.
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_static_scripts()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetStaticScripts()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetStaticScripts")
print(response)
Back to Table of Contents
Provides all the azure subscriptions and tenants IDs.
get_azure_tenant_ids
| Method | Route |
|---|
| /kubernetes-protection/entities/tenants/azure/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cloud Account IDs. |
| status | ![]()
![]() | ![]()
![]() | query | string | Cluster status. (Not Installed, Running, Stopped) |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Limit returned results. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Pagination offset. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_tenant_ids(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureTenantIDs(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureTenantIDs",
ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Provide the script to run for a given tenant id and subscription IDs.
get_azure_install_script
| Method | Route |
|---|
| /kubernetes-protection/entities/user-script/azure/v1 |
- Consumes: application/json
- Produces: application/octet-stream
| Name | Service | Uber | Type | Data type | Description |
|---|
| id | ![]()
![]() | ![]()
![]() | query | string | Azure Tenant ID. |
| subscription_id | ![]()
![]() | ![]()
![]() | query | string or list of strings | Azure Subscription IDs. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_install_script(id="string",
subscription_id=id_list,
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureInstallScript(id="string",
subscription_id=id_list
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureInstallScript",
id="string",
subscription_id=id_list
)
print(response)
Back to Table of Contents
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
get_helm_values_yaml
| Method | Route |
|---|
| /kubernetes-protection/entities/integration/agent/v1 |
- Consumes: application/json
- Produces: application/yaml
| Name | Service | Uber | Type | Data type | Description |
|---|
| cluster_name | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. |
| is_self_managed_cluster | ![]()
![]() | ![]()
![]() | query | boolean | Set to True if the cluster is not managed by a cloud provider, and False if it is. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHelmValuesYaml",
cluster_name="string",
is_self_managed_cluster=boolean
)
print(response)
Back to Table of Contents
Regenerate API key for docker registry integrations.
regenerate
| Method | Route |
|---|
| /kubernetes-protection/entities/integration/api-key/v1 |
- Consumes: application/json
- Produces: application/json
No keywords are arguments are required.
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.regenerate()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegenerateAPIKey()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RegenerateAPIKey")
print(response)
Back to Table of Contents
Provides the clusters acknowledged by the Kubernetes Protection service
get_clusters
| Method | Route |
|---|
| /kubernetes-protection/entities/kubernetes/clusters/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| cluster_name | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. |
| account_ids | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cluster account ID. For EKS this will be the AWS account ID. |
| locations | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cloud location. |
| cluster_service | ![]()
![]() | ![]()
![]() | query | string | Cluster service. |
| limit | ![]()
![]() | ![]()
![]() | query | integer | Maximum number of results to return. |
| offset | ![]()
![]() | ![]()
![]() | query | integer | Starting offset to begin returning results. |
| status | ![]()
![]() | ![]()
![]() | query | string or list of strings | Cluster status. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.get_clusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.GetClusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.command("GetClusters",
cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Back to Table of Contents
Triggers a dry run or a full scan of a customer's kubernetes footprint.
trigger_scan
| Method | Route |
|---|
| /kubernetes-protection/entities/scan/trigger/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| scan_type | ![]()
![]() | ![]()
![]() | query | string | Type of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.trigger_scan(scan_type="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.TriggerScan(scan_type="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("TriggerScan", scan_type="string")
print(response)
Back to Table of Contents
Adds the client ID for the given tenant ID to our system.
update_azure_service_principal or patch_azure_service_principal
| Method | Route |
|---|
 | /kubernetes-protection/entities/service-principal/azure/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|
| id | ![]()
![]() | ![]()
![]() | query | string | Azure Tenant ID. |
| client_id | ![]()
![]() | ![]()
![]() | query | string | Azure Client ID. |
| parameters | ![]()
![]() | ![]()
![]() | query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_service_principal(id="string", client_id="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")
print(response)
Back to Table of Contents