Compliance Assessments - CrowdStrike/falconpy GitHub Wiki
Get the assessments for each cluster.
aggregate_cluster_assessments
| Method | Route |
|---|---|
 |
/container-compliance/aggregates/compliance-by-clusters/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| cloud_info.namespace | Kubernetes namespace |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_cluster_assessments(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateClusterAssessments(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateClusterAssessments", filter="string")
print(response)Back to Table of Contents
Get the assessments for each image.
aggregate_image_assessments
| Method | Route |
|---|---|
|
/container-compliance/aggregates/compliance-by-images/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after | |
|
query | string |
after value from the last response. Leave empty or do not specify for the first request. |
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| limit | |
|
query | string | number of images to return in the response after after key. Default when not specified: 10000
|
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| cloud_info.namespace | Kubernetes namespace |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_image_assessments(after="string", filter="string", limit="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateImageAssessments(after="string", filter="string", limit="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateImageAssessments",
after="string",
filter="string",
limit="string"
)
print(response)Back to Table of Contents
Get the assessments for each rule.
aggregate_rules_assessments
| Method | Route |
|---|---|
|
/container-compliance/aggregates/compliance-by-rules/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_rules_assessments(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateRulesAssessments(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateRulesAssessments", filter="string")
print(response)Back to Table of Contents
Get the containers grouped into rules on which they failed.
aggregate_failed_containers_by_rules
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-containers-by-rules/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| cloud_info.namespace | Kubernetes namespace |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_containers_by_rules(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedContainersByRulesPath(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedContainersByRulesPath", filter="string")
print(response)Back to Table of Contents
Get the failed containers count grouped into severity levels.
aggregate_failed_containers_count_by_severity
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-containers-count-by-severity/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| cloud_info.namespace | Kubernetes namespace |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_containers_count_by_severity(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedContainersCountBySeverity(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedContainersCountBySeverity", filter="string")
print(response)Back to Table of Contents
Get the images grouped into rules on which they failed.
aggregate_failed_images_by_rules
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-images-by-rules/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| cloud_info.namespace | Kubernetes namespace |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_images_by_rules(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedImagesByRulesPath(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedImagesByRulesPath", filter="string")
print(response)Back to Table of Contents
Get the failed images count grouped into severity levels.
aggregate_failed_images_count_by_severity
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-images-count-by-severity/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| cloud_info.namespace | Kubernetes namespace |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_images_count_by_severity(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedImagesCountBySeverity(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedImagesCountBySeverity", filter="string")
print(response)Back to Table of Contents
Get the failed rules for each cluster grouped into severity levels.
aggregate_failed_rules_by_clusters
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-rules-by-clusters/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_by_clusters(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedRulesByClusters(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedRulesByClusters", filter="string")
print(response)Back to Table of Contents
Get images with failed rules, rule count grouped by severity for each image.
aggregate_failed_rules_by_image
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-rules-by-images/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_by_image(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedRulesByImages(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedRulesByImages", filter="string")
print(response)Back to Table of Contents
Get the failed rules count grouped into severity levels.
aggregate_failed_rules_count_by_severity
| Method | Route |
|---|---|
|
/container-compliance/aggregates/failed-rules-count-by-severity/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_count_by_severity(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedRulesCountBySeverity(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedRulesCountBySeverity", filter="string")
print(response)Back to Table of Contents
Get the rules grouped by their statuses.
aggregate_rules_by_status
| Method | Route |
|---|---|
|
/container-compliance/aggregates/rules-by-status/v2 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | |
|
query | string | Filter results using a query in Falcon Query Language (FQL). |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
| Filter | Description |
|---|---|
| asset_type | asset type (container, image) |
| cid | Customer ID |
| cloud_info.cloud_account_id | Cloud account ID |
| cloud_info.cloud_provider | Cloud provider |
| cloud_info.cloud_region | Cloud region |
| cloud_info.cluster_name | Kubernetes cluster name |
| compliance_finding.framework | Compliance finding framework (available values: CIS) |
| compliance_finding.id | Compliance finding ID |
| compliance_finding.name | Compliance finding Name |
| compliance_finding.severity | Compliance finding |
| container_id | Container ID |
| container_name | Container name |
| image_digest | Image digest (sha256 digest) |
| image_id | Image ID |
| image_registry | Image registry |
| image_repository | Image repository |
| image_tag | Image tag |
| severity | Finding severity (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_rules_by_status(filter="string")
print(response)from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateRulesByStatus(filter="string")
print(response)from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateRulesByStatus", filter="string")
print(response)Back to Table of Contents
