Cloud Snapshots - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Search for snapshot jobs identified by the provided filter. | ||||
|
Register a cloud account for snapshot scanning. | ||||
|
Retrieve snapshot jobs identified by the provided IDs. | ||||
|
Launch a snapshot scan for a given cloud asset. | ||||
|
Gets the registry credentials. | ||||
|
Retrieve the scan report for an instance. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for snapshot jobs identified by the provided filter.
search_scan_jobs
| Method | Route |
|---|---|
 |
/snapshots/combined/deployments/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  |
|
query | string | Search snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,asset_identifier,cloud_provider,region,status |
| limit | |
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset | |
|
query | integer | The offset from where to begin. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort | |
|
query | string | The fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider instance_type last_updated_timestamp region status] |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_scan_jobs(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Register a cloud account for snapshot scanning.
register_account
| Method | Route |
|---|---|
 |
/snapshots/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |
 |
body | list of dictionaries | Full body payload in JSON format. |
| aws_accounts | |
 |
body | list of dictionaries | Complete list of AWS accounts to register. |
| account_number | |
|
body | string | AWS account number. Overriden if aws_accounts keyword is provided. |
| batch_regions | |
|
body | string | Region the batch is executed within. Overriden if aws_accounts keyword is provided. |
| iam_external_id | |
|
body | string | The external ID of the IAM account used. Overriden if aws_accounts keyword is provided. |
| iam_role_arn | |
|
body | string | The AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided. |
| kms_alias | |
|
body | string | The KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided. |
| processing_account | |
|
body | string | The ID of the processing account. Overriden if aws_accounts keyword is provided. |
from falconpy import CLoudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.register_account(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegisterCspmSnapshotAccount(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aws_accounts": [
{
"account_number": "string",
"batch_regions": [
{
"job_definition_name": "string",
"job_queue": "string",
"region": "string"
}
],
"iam_external_id": "string",
"iam_role_arn": "string",
"kms_alias": "string",
"processing_account": "string"
}
]
}
response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)
print(response)Retrieve snapshot jobs identified by the provided IDs.
get_scan_jobs
| Method | Route |
|---|---|
|
/snapshots/entities/deployments/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | Search snapshot jobs by ids - The maximum amount is 100 IDs |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_jobs(ids=id_list)
print(response)from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDeploymentsEntities(ids=id_list)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDeploymentsEntities", ids=id_list)
print(response)Launch a snapshot scan for a given cloud asset.
launch_scan_job
| Method | Route |
|---|---|
 |
/snapshots/entities/deployments/v1 |
- Consumes: application/json
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| account_id | |
|
body | string | Cloud provider account ID. |
| asset_id | |
|
body | string | Asset ID. |
| body | |
|
body | list of dictionaries | Full body payload in JSON format. |
| cloud_provider | |
|
body | string | Cloud provider. |
| region | |
|
body | string | Cloud provider region. |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.launch_scan_job(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDeploymentEntity(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"account_id": "string",
"asset_identifier": "string",
"cloud_provider": "string",
"region": "string"
}
]
}
response = falcon.command("CreateDeploymentEntity", body=body_payload)
print(response)Gets the registry credentials
get_credentials
| Method | Route |
|---|---|
|
/snapshots/entities/image-registry-credentials/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentialsMixin0()
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsMixin0")
print(response)retrieve the scan report for an instance
get_scan_reports
| Method | Route |
|---|---|
|
/snapshots/entities/scanreports/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | |
|
query | string or list of strings | the instance identifiers to fetch the report for. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_reports(ids=id_list)
print(response)from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetScanReport(ids=id_list)
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetScanReport", ids=id_list)
print(response)