client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Filter using a query in Falcon Query Language (FQL). Supported filters: cid,registry,repository
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_assessment_history(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageAssessmentHistory(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageAssessmentHistory", filter="string")
print(response)
AggregateImageCountByBaseOS
Aggregate count of images grouped by Base OS distribution
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_count_by_base_os(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageCountByBaseOS(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageCountByBaseOS", filter="string")
print(response)
Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen,registry,repository
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_count_by_state(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageCountByState(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageCountByState", filter="string")
print(response)
AggregateImageCount
Aggregate count of images
PEP8 method name
aggregate_count
Endpoint
Method
Route
/container-security/aggregates/images/count/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,include_base_image_vuln,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageCount", filter="string")
print(response)
CombinedBaseImages
Retrieve base images identified by the provided filter criteria
PEP8 method name
get_combined_base_images
Endpoint
Method
Route
/container-security/combined/base-images/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: image_digest, image_id, registry, repository, tag
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_detail(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageDetail(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageDetail", filter="string")
print(response)
GetCombinedImages
Get image assessment results by providing an FQL filter and paging details
Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity
limit
query
integer
The upper-bound on the number of records to retrieve [1-100]
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository source tag]
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetCombinedImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetCombinedImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
CombinedImageByVulnerabilityCount
Retrieve top x images with the most vulnerabilities
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_images_by_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageByVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageByVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
CombinedImageDetail
Retrieve image entities identified by the provided filter criteria
PEP8 method name
get_combined_detail
Endpoint
Method
Route
/container-security/combined/images/detail/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag
with_config
query
boolean
(true/false) include image config, default is false
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_detail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageDetail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageDetail",
filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadCombinedImagesExport
Retrieve images with an option to expand aggregated vulnerabilities/detections
PEP8 method name
read_combined_export
Endpoint
Method
Route
/container-security/combined/images/export/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,include_base_image_vuln,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
expand_vulnerabilities
query
boolean
expand vulnerabilities
expand_detections
query
boolean
expand detections
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_cps_current_rating highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository source tag vulnerabilities]
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_combined_export(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadCombinedImagesExport(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadCombinedImagesExport",
filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
CombinedImageIssuesSummary
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
Flag indicating if base image vulnerabilities should be included.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
registry
query
string
registry name
repository
query
string
repository name
tag
query
string
tag name
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_issues_summary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageIssuesSummary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageIssuesSummary",
cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
CombinedImageVulnerabilitySummary
aggregates information about vulnerabilities for an image
Flag indicating if base image vulnerabilities should be included.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
registry
query
string
registry name
repository
query
string
repository name
tag
query
string
tag name
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_vulnerabilities_summary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageVulnerabilitySummary(cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageVulnerabilitySummary",
cid="string",
include_base_image_vuln=boolean,
registry="string",
repository="string",
tag="string"
)
print(response)
CreateBaseImagesEntities
Creates base images using the provided details
PEP8 method name
create_base_images
Endpoint
Method
Route
/container-security/entities/base-images/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
body
body
dictionary
Full body payload in JSON format.
image_digest
body
string
Image digest.
image_id
body
string
Image ID.
registry
body
string
Registry.
repository
body
string
Image repository.
tag
body
string
Image tag.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_vulnerabilities_summary(image_digest="string",
image_id="string",
registry="string",
repository="string",
tag="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageVulnerabilitySummary(image_digest="string",
image_id="string",
registry="string",
repository="string",
tag="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload= {
"base_images": [
{
"image_digest": "string",
"image_id": "string",
"registry": "string",
"repository": "string",
"tag": "string"
}
]
}
response=falcon.command("CreateBaseImagesEntities", body=body_payload)
print(response)
DeleteBaseImages
Delete base images by base image UUID
PEP8 method name
delete_base_images
Endpoint
Method
Route
/container-security/entities/base-images/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
ids
query
string or list of strings
Base Image ID(s).
parameters
query
dictionary
Full query string parameters payload in JSON format.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.get_combined_vulnerabilities_summary(ids=id_list)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.CombinedImageVulnerabilitySummary(ids=id_list)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list='ID1,ID2,ID3'# Can also pass a list here: ['ID1', 'ID2', 'ID3']response=falcon.command("DeleteBaseImages", ids=id_list)
print(response)