Cloud Security Assets - CrowdStrike/falconpy GitHub Wiki

CrowdStrike Falcon CrowdStrike Subreddit

Using the Cloud Security Assets service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
cloud_security_assets_combined_compliance_by_account
PEP8 get_combined_compliance_by_account
Gets combined compliance data aggregated by account and region. Results can be filtered and sorted.
cloud_security_assets_entities_get
PEP8 get_assets
Gets raw resources based on the provided IDs param. Maximum of 100 resources can be requested with this method. Use POST method with same path if more are required.
cloud_security_assets_queries
PEP8 query_assets
Gets a list of resource IDs for the given parameters, filters and sort criteria.

cloud_security_assets_combined_compliance_by_account

Gets combined compliance data aggregated by account and region. Results can be filtered and sorted.

PEP8 method name

get_combined_compliance_by_account

Endpoint

Method Route
GET /cloud-security-assets/combined/compliance-controls/by-account-region-and-resource-type/v1

Required Scope

cloud-security-assets:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter Service Class Support Uber Class Support query string FQL string to filter on asset contents. Filterable fields include: account_id, account_name, assessment_id, business_impact, cloud_group, cloud_label, cloud_label_id, cloud_provider, cloud_scope, compliant, control.benchmark.name, control.benchmark.version, control.framework, control.name, control.type, control.version, environment, last_evaluated, region, resource_provider, resource_type, resource_type_name, service, service_category, and severities.
sort Service Class Support Uber Class Support query string Sort expression in format: field
limit Service Class Support Uber Class Support query integer The maximum number of items to return. When not specified or 0, 20 is used. When larger than 10000, 10000 is used.
offset Service Class Support Uber Class Support query integer Offset returned controls. Use only one of 'offset' and 'after' parameter for paginating. 'offset' can only be used on offsets < 10,000. For paginating through the entire result set, use 'after' parameter
after Service Class Support Uber Class Support query string token-based pagination. use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating
include_failing_iom_severity_counts Service Class Support Uber Class Support query boolean Include counts of failing IOMs by severity level
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSecurityAssets

falcon = CloudSecurityAssets(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.get_combined_compliance_by_account(filter="string",
                                                     sort="string",
                                                     limit=integer,
                                                     offset=integer,
                                                     after="string",
                                                     include_failing_iom_severity_counts=boolean
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurityAssets

falcon = CloudSecurityAssets(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.cloud_security_assets_combined_compliance_by_account(filter="string",
                                                                       sort="string",
                                                                       limit=integer,
                                                                       offset=integer,
                                                                       after="string",
                                                                       include_failing_iom_severity_counts=boolean
                                                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("cloud_security_assets_combined_compliance_by_account",
                          filter="string",
                          sort="string",
                          limit=integer,
                          offset=integer,
                          after="string",
                          include_failing_iom_severity_counts=boolean
                          )
print(response)

cloud_security_assets_entities_get

Gets raw resources based on the provided IDs param. Maximum of 100 resources can be requested with this method.

PEP8 method name

get_assets

Endpoint

Method Route
GET /cloud-security-assets/entities/resources/v1

Required Scope

cloud-security-assets:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids Service Class Support Uber Class Support query string or list of strings List of assets to return (maximum 100 IDs allowed).
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSecurityAssets

falcon = CloudSecurityAssets(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_assets(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurityAssets

falcon = CloudSecurityAssets(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.cloud_security_assets_entities_get(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("cloud_security_assets_entities_get", ids=id_list)

print(response)

cloud_security_assets_queries

Gets a list of resource IDs for the given parameters, filters and sort criteria.

PEP8 method name

query_assets

Endpoint

Method Route
GET /cloud-security-assets/queries/resources/v1

Required Scope

cloud-security-assets:read

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
after Service Class Support Uber Class Support query string token-based pagination. use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating
filter Service Class Support Uber Class Support query string FQL string to filter on asset contents. Filterable fields include: account_id, account_name, active, azure.vm_id, business_impact, cloud_group, cloud_label, cloud_label_id, cloud_provider, cloud_scope, cluster_id, cluster_name, compartment_ocid, compliant.benchmark_name, compliant.benchmark_version, compliant.framework, compliant.policy_id, compliant.requirement, compliant.rule, compliant.section, configuration.id, creation_time, cve_ids, data_classifications.found, data_classifications.label, data_classifications.label_id, data_classifications.scanned, data_classifications.tag, data_classifications.tag_id, environment, exprt_ratings, first_seen, highest_severity, id, insights.boolean_value, insights.id, instance_id, instance_state, ioa_count, iom_count, legacy_resource_id, legacy_uuid, managed_by, non_compliant.benchmark_name, non_compliant.benchmark_version, non_compliant.framework, non_compliant.policy_id, non_compliant.requirement, non_compliant.rule, non_compliant.section, non_compliant.severity, organization_Id, os_version, platform_name, publicly_exposed, region, resource_id, resource_name, resource_type, resource_type_name, sensor_priority, service, service_category, severity, snapshot_detections, ssm_managed, status, tag_key, tag_value, tenant_id, updated_at, vmware.guest_os_id, vmware.guest_os_version, vmware.host_system_name, vmware.host_type, vmware.instance_uuid, vmware.vm_host_name, vmware.vm_tools_status, and zone
sort Service Class Support Uber Class Support query string The field to sort on. Sortable fields include: account_id, account_name, active, cloud_provider, cluster_id, cluster_name, creation_time, data_classifications.found, data_classifications.scanned, first_seen, id, instance_id, instance_state, ioa_count, iom_count, managed_by, organization_Id, os_version, platform_name, publicly_exposed, region, resource_id, resource_name, resource_type, resource_type_name, service, service_category, ssm_managed, status, tenant_id, updated_at, vmware.guest_os_id, vmware.guest_os_version, vmware.host_system_name, vmware.host_type, vmware.instance_uuid, vmware.vm_host_name, vmware.vm_tools_status, and zone.
limit Service Class Support Uber Class Support query integer The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used.
offset Service Class Support Uber Class Support query integer Offset returned assets. Use only one of 'offset' and 'after' parameter for paginating. 'offset' can only be used on offsets < 10,000. For paginating through the entire result set, use 'after' parameter
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import CloudSecurityAssets

falcon = CloudSecurityAssets(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.query_assets(after="string",
                               filter="string",
                               sort="string",
                               limit=integer,
                               offset=integer
                               )
print(response)
Service class example (Operation ID syntax)
from falconpy import CloudSecurityAssets

falcon = CloudSecurityAssets(client_id=CLIENT_ID,
                             client_secret=CLIENT_SECRET
                             )

response = falcon.cloud_security_assets_queries(after="string",
                                                filter="string",
                                                sort="string",
                                                limit=integer,
                                                offset=integer
                                                )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("cloud_security_assets_queries",
                          after="string",
                          filter="string",
                          sort="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

⚠️ **GitHub.com Fallback** ⚠️