Container Packages - CrowdStrike/falconpy GitHub Wiki

CrowdStrike Falcon CrowdStrike Subreddit

Using the Container Packages service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
ReadPackagesCountByZeroDay
PEP8 read_zero_day_counts
Retrieve packages count affected by zero day vulnerabilities
ReadPackagesByFixableVulnCount
PEP8 read_fixable_vuln_count
Retrieve top x app packages with the most fixable vulnerabilities
ReadPackagesByVulnCount
PEP8 read_vuln_count
Retrieve top x packages with the most vulnerabilities
ReadPackagesCombinedExport
PEP8 read_combined_export
Retrieve packages identified by the provided filter criteria for the purpose of export
ReadPackagesCombined
PEP8 read_combined
Retrieve packages identified by the provided filter criteria

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadPackagesCountByZeroDay

Retrieve packages count affected by zero day vulnerabilities

PEP8 method name

read_zero_day_counts

Endpoint

Method Route
GET /container-security/aggregates/packages/count-by-zero-day/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_zero_day_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCountByZeroDay(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCountByZeroDay", filter="string")

print(response)

ReadPackagesByFixableVulnCount

Retrieve top x app packages with the most fixable vulnerabilities

PEP8 method name

read_fixable_vuln_count

Endpoint

Method Route
GET /container-security/combined/packages/app-by-fixable-vulnerability-count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_fixable_vuln_count(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByFixableVulnCount(filter="string",
                                                 limit=integer,
                                                 offset=integer
                                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByFixableVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesByVulnCount

Retrieve top x packages with the most vulnerabilities

PEP8 method name

read_vuln_count

Endpoint

Method Route
GET /container-security/combined/packages/by-vulnerability-count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_vuln_count(filter="string",
                                  limit=integer,
                                  offset=integer
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByVulnCount(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesCombinedExport

Retrieve packages identified by the provided filter criteria for the purpose of export

PEP8 method name

read_combined_export

Endpoint

Method Route
GET /container-security/combined/packages/export/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected
Service Class Support

Uber Class Support
query boolean (true/false) load zero day affected packages, default is false
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support

Uber Class Support
query string The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined_export(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombinedExport(filter="string",
                                             only_zero_day_affected=boolean,
                                             limit=integer,
                                             offset=integer,
                                             sort="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombinedExport",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPackagesCombined

Retrieve packages identified by the provided filter criteria

PEP8 method name

read_combined

Endpoint

Method Route
GET /container-security/combined/packages/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected
Service Class Support

Uber Class Support
query boolean (true/false) load zero day affected packages, default is false
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support

Uber Class Support
query string The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined(filter="string",
                                only_zero_day_affected=boolean,
                                limit=integer,
                                offset=integer,
                                sort="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombined(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombined",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)
⚠️ **GitHub.com Fallback** ⚠️