aggregates information about vulnerabilities for an image
Passing credentials
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Filter using a query in Falcon Query Language (FQL). Supported filters: cid,registry,repository
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_assessment_history(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageAssessmentHistory(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageAssessmentHistory", filter="string")
print(response)
AggregateImageCountByBaseOS
Aggregate count of images grouped by Base OS distribution
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_count_by_base_os(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageCountByBaseOS(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageCountByBaseOS", filter="string")
print(response)
Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen,registry,repository
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_count_by_state(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageCountByState(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageCountByState", filter="string")
print(response)
AggregateImageCount
Aggregate count of images
PEP8 method name
aggregate_count
Endpoint
Method
Route
/container-security/aggregates/images/count/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.aggregate_count(filter="string")
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.AggregateImageCount(filter="string")
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("AggregateImageCount", filter="string")
print(response)
GetCombinedImages
Get image assessment results by providing an FQL filter and paging details
Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity
limit
query
integer
The upper-bound on the number of records to retrieve [1-100]
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository tag]
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.GetCombinedImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("GetCombinedImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
CombinedImageByVulnerabilityCount
Retrieve top x images with the most vulnerabilities
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_images_by_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageByVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageByVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
CombinedImageDetail
Retrieve image entities identified by the provided filter criteria
PEP8 method name
get_combined_detail
Endpoint
Method
Route
/container-security/combined/images/detail/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag
with_config
query
boolean
(true/false) include image config, default is false
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_detail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageDetail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageDetail",
filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
ReadCombinedImagesExport
Retrieve images with an option to expand aggregated vulnerabilities/detections
PEP8 method name
read_combined_export
Endpoint
Method
Route
/container-security/combined/images/export/v1
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
expand_vulnerabilities
query
boolean
expand vulnerabilities
expand_detections
query
boolean
expand detections
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_cps_current_rating highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository tag vulnerabilities]
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_combined_export(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadCombinedImagesExport(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadCombinedImagesExport",
filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
CombinedImageIssuesSummary
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
Full query string parameters payload in JSON format. Not required if using other keywords.
registry
query
string
registry name
repository
query
string
repository name
tag
query
string
tag name
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_issues_summary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageIssuesSummary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageIssuesSummary",
cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
CombinedImageVulnerabilitySummary
aggregates information about vulnerabilities for an image
Full query string parameters payload in JSON format. Not required if using other keywords.
registry
query
string
registry name
repository
query
string
repository name
tag
query
string
tag name
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.get_combined_vulnerabilities_summary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerImages# Do not hardcode API credentials!falcon=ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.CombinedImageVulnerabilitySummary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("CombinedImageVulnerabilitySummary",
cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
