Container Vulnerabilities - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Aggregate count of vulnerabilities grouped by actively exploited | ||||
|
Aggregate count of vulnerabilities grouped by csp_rating | ||||
|
Aggregate count of vulnerabilities grouped by cvss score | ||||
|
Aggregate count of vulnerabilities grouped by severity | ||||
|
Aggregate count of vulnerabilities | ||||
|
Retrieve top x vulnerabilities with the most impacted images | ||||
|
Retrieve top x vulnerabilities with the most recent publication date | ||||
|
Retrieve vulnerability details related to an image | ||||
|
Retrieve vulnerability and package related info for this customer | ||||
|
Retrieve vulnerability and aggregate data filtered by the provided FQL | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Aggregate count of vulnerabilities grouped by actively exploited
read_vulnerability_counts_by_active_exploited
| Method | Route |
|---|---|
 |
/container-security/aggregates/vulnerabilities/count-by-actively-exploited/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
 |
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_active_exploited(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByActivelyExploited",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Aggregate count of vulnerabilities grouped by csp_rating
read_vulnerability_counts_by_cps_rating
| Method | Route |
|---|---|
|
/container-security/aggregates/vulnerabilities/count-by-cps-rating/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_cps_rating(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByCPSRating(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByCPSRating",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Aggregate count of vulnerabilities grouped by cvss score
read_vulnerability_counts_by_cvss_score
| Method | Route |
|---|---|
|
/container-security/aggregates/vulnerabilities/count-by-cvss-score/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_cvss_score(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountByCVSSScore",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Aggregate count of vulnerabilities grouped by severity
read_vulnerability_counts_by_severity
| Method | Route |
|---|---|
|
/container-security/aggregates/vulnerabilities/count-by-severity/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_severity(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCountBySeverity(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCountBySeverity",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Aggregate count of vulnerabilities
read_vulnerability_count
| Method | Route |
|---|---|
|
/container-security/aggregates/vulnerabilities/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Retrieve top x vulnerabilities with the most impacted images
read_vulnerabilities_by_count
| Method | Route |
|---|---|
|
/container-security/combined/vulnerabilities/by-image-count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerabilities_by_count(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilitiesByImageCount(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilitiesByImageCount",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Retrieve top x vulnerabilities with the most recent publication date
read_vulnerabilities_by_pub_date
| Method | Route |
|---|---|
|
/container-security/combined/vulnerabilities/by-published-date/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerabilities_by_pub_date(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerabilitiesPublicationDate(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerabilitiesPublicationDate",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Retrieve vulnerability details related to an image
read_combined_vulnerability_detail
| Method | Route |
|---|---|
|
/container-security/combined/vulnerabilities/details/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id |
|
|
query | string | Image UUID |
| filter |
|
|
query | string | Filter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,include_base_image_vuln,is_zero_day,remediation_available,severity |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. Default: 5000
|
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerability_detail(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilitiesDetails(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilitiesDetails",
id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Retrieve vulnerability and package related info for this customer
read_combined_vulnerabilities_info
| Method | Route |
|---|---|
|
/container-security/combined/vulnerabilities/info/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cve_id |
|
|
query | string | Vulnerability CVE ID |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerabilities_info(cve_id="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilitiesInfo",
cve_id="string",
limit=integer,
offset=integer
)
print(response)Back to Table of Contents
Retrieve vulnerability and aggregate data filtered by the provided FQL
read_combined_vulnerabilities
| Method | Route |
|---|---|
|
/container-security/combined/vulnerabilities/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: ai_related,base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,index_digest,package_name_version,registry,repository,severity,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort |
|
|
query | string | The fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity] |
from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_vulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import ContainerVulnerabilities
# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedVulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedVulnerabilities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Back to Table of Contents
