CrowdStrike Falcon CrowdStrike Subreddit

Using the Kubernetes Protection service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
GetAWSAccountsMixin0
PEP 8get_aws_accounts
Provides a list of AWS accounts.
CreateAWSAccount
PEP 8create_aws_account
Creates a new AWS account in our system for a customer and generates the installation script.
DeleteAWSAccountsMixin0
PEP 8delete_aws_accounts
Delete AWS accounts.
UpdateAWSAccount
PEP 8update_aws_account
Updates the AWS account per the query parameters provided.
ListAzureAccounts
PEP 8list_azure_accounts
Provides the azure subscriptions registered to Kubernetes Protection.
CreateAzureSubscription
PEP 8create_azure_subscription
Create Azure Subscriptions.
DeleteAzureSubscription
PEP 8delete_azure_subscription
Delete Azure Subscriptions.
GetLocations
PEP 8get_locations
Provides the cloud locations acknowledged by the Kubernetes Protection service.
GetCombinedCloudClusters
PEP 8get_cloud_clusters
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
GetAzureTenantConfig
PEP 8get_azure_tenant_config
Returns the Azure tenant config.
GetStaticScripts
PEP 8get_static_scripts
Gets static bash scripts that are used during registration.
GetAzureTenantIDs
PEP 8get_azure_tenant_ids
Provides all the azure subscriptions and tenants.
GetAzureInstallScript
PEP 8get_azure_install_script
Provides the script to run for a given tenant id and subscription IDs.
GetHelmValuesYaml
PEP 8get_helm_values_yaml
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart.
RegenerateAPIKey
PEP 8regenerate
Regenerate API key for docker registry integrations.
GetClusters
PEP 8get_clusters
Provides the clusters acknowledged by the Kubernetes Protection service.
TriggerScan
PEP 8trigger_scan
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PatchAzureServicePrincipal
PEP 8update_azure_service_principal
Adds the client ID for the given tenant ID to our system.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetAWSAccountsMixin0

Provides a list of AWS accounts.

PEP8 method name

get_aws_accounts

Endpoint

MethodRoute
GET/kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s).
is_horizon_account
Service Class Support

Uber Class Support
querystringFilter by whether an account originates from Horizon or not. Allowed values: False or True
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of records to return.
offset
Service Class Support

Uber Class Support
queryintegerStarting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
querystringFilter by account status.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_accounts(status="string",
                                   limit=integer,
                                   offset=integer,
                                   ids=id_list,
                                   is_horizon_account="string"
                                   )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAWSAccountsMixin0(status="string",
                                       limit=integer,
                                       offset=integer,
                                       ids=id_list,
                                       is_horizon_account="string"
                                       )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAWSAccountsMixin0",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          is_horizon_account="string"
                          )


print(response)

Back to Table of Contents

CreateAWSAccount

Creates a new AWS account in our system for a customer and generates the installation script

PEP8 method name

create_aws_account

Endpoint

MethodRoute
POST/kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
account_id
Service Class Support

Uber Class Support
bodystringAccount ID.
region
Service Class Support

Uber Class Support
bodystringCloud region.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_aws_account(account_id="string", region="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAWSAccount(account_id="string", region="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "region": "string"
        }
    ]
}

response = falcon.command("CreateAWSAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteAWSAccountsMixin0

Delete AWS accounts.

PEP8 method name

delete_aws_accounts

Endpoint

MethodRoute
DELETE/kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s) to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_aws_accounts(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAWSAccountsMixin0(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)

print(response)

Back to Table of Contents

UpdateAWSAccount

Updates the AWS account per the query parameters provided

PEP8 method name

update_aws_account

Endpoint

MethodRoute
PATCH/kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAWS Account ID(s) to update.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
region
Service Class Support

Uber Class Support
querystringDefault region for account automation.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_aws_account(region="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.UpdateAWSAccount(region="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)

print(response)

Back to Table of Contents

ListAzureAccounts

Provides the azure subscriptions registered to Kubernetes Protection.

PEP8 method name

list_azure_accounts

Endpoint

MethodRoute
GET/kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAzure Tenant ID(s).
subscription_id
Service Class Support

Uber Class Support
querystring or list of stringsAzure Subscription ID(s).
is_horizon_account
Service Class Support

Uber Class Support
querybooleanFlag indicating if we should filter by accounts originating from Horizon.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of records to return.
offset
Service Class Support

Uber Class Support
queryintegerStarting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
querystringFilter by account status (operational or provisioned).

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.list_azure_accounts(status="string",
                                      limit=integer,
                                      offset=integer,
                                      ids=id_list,
                                      subscription_id=sub_list,
                                      is_horizon_account=boolean
                                      )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.ListAzureAccounts(status="string",
                                    limit=integer,
                                    offset=integer,
                                    ids=id_list,
                                    subscription_id=sub_list,
                                    is_horizon_account=boolean
                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.command("ListAzureAccounts",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          subscription_id=sub_list,
                          is_horizon_account=boolean
                          )

print(response)

Back to Table of Contents

CreateAzureSubscription

Creates a new Azure Subscription in our system

PEP8 method name

create_azure_subscription

Endpoint

MethodRoute
POST/kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
body
Service Class Support

Uber Class Support
bodydictionaryFull body payload in JSON format.
subscription_id
Service Class Support

Uber Class Support
bodystringAzure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
bodystringAzure Tenant ID.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "subscription_id": "string",
            "tenant_id": "string"
        }
    ]
}

response = falcon.command("CreateAzureSubscription", body=BODY)

print(response)

Back to Table of Contents

DeleteAzureSubscription

Delete an Azure Subscription from the system.

PEP8 method name

delete_azure_subscription

Endpoint

MethodRoute
DELETE/kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsAzure Subscription ID(s) to delete.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_azure_subscription(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAzureSubscription(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAzureSubscription", ids=id_list)

print(response)

Back to Table of Contents

GetLocations

Provides the cloud locations acknowledged by the Kubernetes Protection service

PEP8 method name

get_locations

Endpoint

MethodRoute
GET/kubernetes-protection/entities/cloud-locations/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
clouds
Service Class Support

Uber Class Support
querystring or list of stringsCloud provider.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.get_locations(clouds=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.GetLocations(clouds=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.command("GetLocations", clouds=id_list)

print(response)

Back to Table of Contents

GetCombinedCloudClusters

Returns a combined list of provisioned cloud accounts and known kubernetes clusters.

PEP8 method name

get_cloud_clusters

Endpoint

MethodRoute
GET/kubernetes-protection/entities/cloud_cluster/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_service
Service Class Support

Uber Class Support
querystring or list of stringsCluster Service.
cluster_status
Service Class Support

Uber Class Support
querystring or list of stringsCluster Status.
ids
Service Class Support

Uber Class Support
querystring or list of stringsCloud Account IDs.
locations
Service Class Support

Uber Class Support
querystring or list of stringsCloud location.
limit
Service Class Support

Uber Class Support
queryintegerLimit returned results.
offset
Service Class Support

Uber Class Support
queryintegerPagination offset.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
                                     cluster_status="string or list of strings",
                                     ids="string or list of strings",
                                     locations="string or list of strings",
                                     limit=integer,
                                     offset=integer
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
                                           cluster_status="string or list of strings",
                                           ids="string or list of strings",
                                           locations="string or list of strings",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters", 
                          cluster_service="string or list of strings",
                          cluster_status="string or list of strings",
                          ids="string or list of strings",
                          locations="string or list of strings",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureTenantConfig

Returns the Azure tenant config.

PEP8 method name

get_azure_tenant_config

Endpoint

MethodRoute
GET/kubernetes-protection/entities/config/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsCloud Account IDs.
limit
Service Class Support

Uber Class Support
queryintegerLimit returned results.
offset
Service Class Support

Uber Class Support
queryintegerPagination offset.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_config(ids=id_list,
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantConfig(ids=id_list,
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantConfig", 
                          ids=id_list,
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetStaticScripts

Get static bash scripts that are used during registration.

PEP8 method name

get_static_scripts

Endpoint

MethodRoute
GET/kubernetes-protection/entities/gen/scripts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_static_scripts()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetStaticScripts()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetStaticScripts")

print(response)

Back to Table of Contents

GetAzureTenantIDs

Provides all the azure subscriptions and tenants IDs.

PEP8 method name

get_azure_tenant_ids

Endpoint

MethodRoute
GET/kubernetes-protection/entities/tenants/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
ids
Service Class Support

Uber Class Support
querystring or list of stringsCloud Account IDs.
status
Service Class Support

Uber Class Support
querystringCluster status. (Not Installed, Running, Stopped)
limit
Service Class Support

Uber Class Support
queryintegerLimit returned results.
offset
Service Class Support

Uber Class Support
queryintegerPagination offset.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_ids(ids=id_list,
                                       status="string",
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantIDs(ids=id_list,
                                    status="string",
                                    limit=integer,
                                    offset=integer
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantIDs", 
                          ids=id_list,
                          status="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureInstallScript

Provide the script to run for a given tenant id and subscription IDs.

PEP8 method name

get_azure_install_script

Endpoint

MethodRoute
GET/kubernetes-protection/entities/user-script/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringAzure Tenant ID.
subscription_id
Service Class Support

Uber Class Support
querystring or list of stringsAzure Subscription IDs.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_install_script(id="string",
                                           subscription_id=id_list,
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureInstallScript(id="string",
                                        subscription_id=id_list
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureInstallScript", 
                          id="string",
                          subscription_id=id_list
                          )
print(response)

Back to Table of Contents

GetHelmValuesYaml

Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart

PEP8 method name

get_helm_values_yaml

Endpoint

MethodRoute
GET/kubernetes-protection/entities/integration/agent/v1

Content-Type

  • Consumes: application/json
  • Produces: application/yaml

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_name
Service Class Support

Uber Class Support
querystring or list of stringsCluster name. For EKS this will be the cluster ARN.
is_self_managed_cluster
Service Class Support

Uber Class Support
querybooleanSet to True if the cluster is not managed by a cloud provider, and False if it is.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetHelmValuesYaml",
                          cluster_name="string",
                          is_self_managed_cluster=boolean
                          )

print(response)

Back to Table of Contents

RegenerateAPIKey

Regenerate API key for docker registry integrations.

PEP8 method name

regenerate

Endpoint

MethodRoute
POST/kubernetes-protection/entities/integration/api-key/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords are arguments are required.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.regenerate()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.RegenerateAPIKey()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("RegenerateAPIKey")

print(response)

Back to Table of Contents

GetClusters

Provides the clusters acknowledged by the Kubernetes Protection service

PEP8 method name

get_clusters

Endpoint

MethodRoute
GET/kubernetes-protection/entities/kubernetes/clusters/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
cluster_name
Service Class Support

Uber Class Support
querystring or list of stringsCluster name. For EKS this will be the cluster ARN.
account_ids
Service Class Support

Uber Class Support
querystring or list of stringsCluster account ID. For EKS this will be the AWS account ID.
locations
Service Class Support

Uber Class Support
querystring or list of stringsCloud location.
cluster_service
Service Class Support

Uber Class Support
querystringCluster service.
limit
Service Class Support

Uber Class Support
queryintegerMaximum number of results to return.
offset
Service Class Support

Uber Class Support
queryintegerStarting offset to begin returning results.
status
Service Class Support

Uber Class Support
querystring or list of stringsCluster status.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.get_clusters(cluster_names=clusters,
                               account_ids=accounts,
                               locations=locations,
                               cluster_service="string",
                               limit=integer,
                               offset=integer,
                               status=status_types
                               )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.GetClusters(cluster_names=clusters,
                              account_ids=accounts,
                              locations=locations,
                              cluster_service="string",
                              limit=integer,
                              offset=integer,
                              status=status_types
                              )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.command("GetClusters",
                          cluster_names=clusters,
                          account_ids=accounts,
                          locations=locations,
                          cluster_service="string",
                          limit=integer,
                          offset=integer,
                          status=status_types
                          )

print(response)

Back to Table of Contents

TriggerScan

Triggers a dry run or a full scan of a customer's kubernetes footprint.

PEP8 method name

trigger_scan

Endpoint

MethodRoute
POST/kubernetes-protection/entities/scan/trigger/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
scan_type
Service Class Support

Uber Class Support
querystringType of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.trigger_scan(scan_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.TriggerScan(scan_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("TriggerScan", scan_type="string")

print(response)

Back to Table of Contents

PatchAzureServicePrincipal

Adds the client ID for the given tenant ID to our system.

PEP8 method name

update_azure_service_principal or patch_azure_service_principal

Endpoint

MethodRoute
PATCH/kubernetes-protection/entities/service-principal/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
id
Service Class Support

Uber Class Support
querystringAzure Tenant ID.
client_id
Service Class Support

Uber Class Support
querystringAzure Client ID.
parameters
Service Class Support

Uber Class Support
querydictionaryFull query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.update_azure_service_principal(id="string", client_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")

print(response)

Back to Table of Contents