Container Alerts - CrowdStrike/falconpy GitHub Wiki

CrowdStrike Falcon CrowdStrike Subreddit

Using the Container Alerts service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
ReadContainerAlertsCountBySeverity
PEP8 read_counts_by_severity
Get Container Alert counts by severity.
ReadContainerAlertsCount
PEP8 read_counts
Search Container Alerts by the provided search criteria.
SearchAndReadContainerAlerts
PEP8 search_and_read
Search Container Alerts by the provided search criteria.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadContainerAlertsCountBySeverity

Get Container Alert counts by severity.

PEP8 method name

read_counts_by_severity

Endpoint

Method Route
GET /container-security/aggregates/container-alerts/count-by-severity/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Search Container Alerts using a query in Falcon Query Language (FQL). Supported filters: cid, container_id, last_seen
parameters Service Class Support
 Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerAlerts

# Do not hardcode API credentials!
falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_counts_by_severity(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerAlerts

# Do not hardcode API credentials!
falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadContainerAlertsCountBySeverity(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerAlertsCountBySeverity", parameters=PARAMS)

print(response)

ReadContainerAlertsCount

Search Container Alerts by the provided search criteria

PEP8 method name

read_counts

Endpoint

Method Route
GET /container-security/aggregates/container-alerts/count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Search Container Alerts using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen
parameters Service Class Support
 Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerAlerts

# Do not hardcode API credentials!
falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerAlerts

# Do not hardcode API credentials!
falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadContainerAlertsCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerAlertsCount", parameters=PARAMS)

print(response)

SearchAndReadContainerAlerts

Search Container Alerts by the provided search criteria

PEP8 method name

search_and_read

Endpoint

Method Route
GET /container-security/combined/container-alerts/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Search Container Alerts using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,last_seen,name,severity
limit
Service Class Support
Uber Class Support
 query integer The upper-bound on the number of records to retrieve. (Default: 100)
offset
Service Class Support
Uber Class Support
 query integer The offset from where to begin.
parameters Service Class Support
 Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support
Uber Class Support
 query string The fields to sort the records on.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerAlerts

# Do not hardcode API credentials!
falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.search_and_read(filter="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string"
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerAlerts

# Do not hardcode API credentials!
falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.SearchAndReadContainerAlerts(filter="string",
                                               limit=integer,
                                               offset=integer,
                                               sort="string"
                                               )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("SearchAndReadContainerAlerts",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

⚠️ **GitHub.com Fallback** ⚠️