Container Vulnerabilities - CrowdStrike/falconpy GitHub Wiki

CrowdStrike Falcon CrowdStrike Subreddit

Using the Container Vulnerabilities service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
ReadVulnerabilityCountByActivelyExploited
PEP8 read_vulnerability_counts_by_active_exploited
Aggregate count of vulnerabilities grouped by actively exploited
ReadVulnerabilityCountByCPSRating
PEP8 read_vulnerability_counts_by_cps_rating
Aggregate count of vulnerabilities grouped by csp_rating
ReadVulnerabilityCountByCVSSScore
PEP8 read_vulnerability_counts_by_cvss_score
Aggregate count of vulnerabilities grouped by cvss score
ReadVulnerabilityCountBySeverity
PEP8 read_vulnerability_counts_by_severity
Aggregate count of vulnerabilities grouped by severity
ReadVulnerabilityCount
PEP8 read_vulnerability_count
Aggregate count of vulnerabilities
ReadVulnerabilitiesByImageCount
PEP8 read_vulnerabilities_by_count
Retrieve top x vulnerabilities with the most impacted images
ReadVulnerabilitiesPublicationDate
PEP8 read_vulnerabilities_by_pub_date
Retrieve top x vulnerabilities with the most recent publication date
ReadCombinedVulnerabilitiesDetails
PEP8 read_combined_vulnerability_detail
Retrieve vulnerability details related to an image
ReadCombinedVulnerabilitiesInfo
PEP8 read_combined_vulnerabilities_info
Retrieve vulnerability and package related info for this customer
ReadCombinedVulnerabilities
PEP8 read_combined_vulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadVulnerabilityCountByActivelyExploited

Aggregate count of vulnerabilities grouped by actively exploited

PEP8 method name

read_vulnerability_counts_by_active_exploited

Endpoint

Method Route
GET /container-security/aggregates/vulnerabilities/count-by-actively-exploited/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_active_exploited(filter="string",
                                                                limit=integer,
                                                                offset=integer
                                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
                                                            limit=integer,
                                                            offset=integer
                                                            )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountByActivelyExploited",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountByCPSRating

Aggregate count of vulnerabilities grouped by csp_rating

PEP8 method name

read_vulnerability_counts_by_cps_rating

Endpoint

Method Route
GET /container-security/aggregates/vulnerabilities/count-by-cps-rating/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_cps_rating(filter="string",
                                                          limit=integer,
                                                          offset=integer
                                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByCPSRating(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountByCPSRating",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountByCVSSScore

Aggregate count of vulnerabilities grouped by cvss score

PEP8 method name

read_vulnerability_counts_by_cvss_score

Endpoint

Method Route
GET /container-security/aggregates/vulnerabilities/count-by-cvss-score/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_cvss_score(filter="string",
                                                          limit=integer,
                                                          offset=integer
                                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )


response = falcon.command("ReadVulnerabilityCountByCVSSScore",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCountBySeverity

Aggregate count of vulnerabilities grouped by severity

PEP8 method name

read_vulnerability_counts_by_severity

Endpoint

Method Route
GET /container-security/aggregates/vulnerabilities/count-by-severity/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_counts_by_severity(filter="string",
                                                        limit=integer,
                                                        offset=integer
                                                        )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCountBySeverity(filter="string",
                                                   limit=integer,
                                                   offset=integer
                                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCountBySeverity",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilityCount

Aggregate count of vulnerabilities

PEP8 method name

read_vulnerability_count

Endpoint

Method Route
GET /container-security/aggregates/vulnerabilities/count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerability_count(filter="string",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilityCount(filter="string",
                                         limit=integer,
                                         offset=integer
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilityCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilitiesByImageCount

Retrieve top x vulnerabilities with the most impacted images

PEP8 method name

read_vulnerabilities_by_count

Endpoint

Method Route
GET /container-security/combined/vulnerabilities/by-image-count/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerabilities_by_count(filter="string",
                                                limit=integer,
                                                offset=integer
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilitiesByImageCount(filter="string",
                                                  limit=integer,
                                                  offset=integer
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilitiesByImageCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadVulnerabilitiesPublicationDate

Retrieve top x vulnerabilities with the most recent publication date

PEP8 method name

read_vulnerabilities_by_pub_date

Endpoint

Method Route
GET /container-security/combined/vulnerabilities/by-published-date/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_vulnerabilities_by_pub_date(filter="string",
                                                   limit=integer,
                                                   offset=integer
                                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadVulnerabilitiesPublicationDate(filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerabilitiesPublicationDate",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilitiesDetails

Retrieve vulnerability details related to an image

PEP8 method name

read_combined_vulnerability_detail

Endpoint

Method Route
GET /container-security/combined/vulnerabilities/details/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Image UUID
filter
Service Class Support

Uber Class Support
query string Filter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,include_base_image_vuln,is_zero_day,remediation_available,severity
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerability_detail(id="string",
                                                     filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilitiesDetails(id="string",
                                                     filter="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilitiesDetails",
                          id="string",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilitiesInfo

Retrieve vulnerability and package related info for this customer

PEP8 method name

read_combined_vulnerabilities_info

Endpoint

Method Route
GET /container-security/combined/vulnerabilities/info/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cve_id
Service Class Support

Uber Class Support
query string Vulnerability CVE ID
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerabilities_info(cve_id="string",
                                                     limit=integer,
                                                     offset=integer
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
                                                  limit=integer,
                                                  offset=integer
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilitiesInfo",
                          cve_id="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadCombinedVulnerabilities

Retrieve vulnerability and aggregate data filtered by the provided FQL

PEP8 method name

read_combined_vulnerabilities

Endpoint

Method Route
GET /container-security/combined/vulnerabilities/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
parameters Service Class Support
Uber Class Support query dictionary Full query string parameters payload in JSON format. Not required if using other keywords.
sort
Service Class Support

Uber Class Support
query string The fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity]

Usage

Service class example (PEP8 syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.read_combined_vulnerabilities(filter="string",
                                                limit=integer,
                                                offset=integer,
                                                sort="string"
                                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerVulnerabilities

# Do not hardcode API credentials!
falcon = ContainerVulnerabilities(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )

response = falcon.ReadCombinedVulnerabilities(filter="string",
                                              limit=integer,
                                              offset=integer,
                                              sort="string"
                                              )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedVulnerabilities",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)
⚠️ **GitHub.com Fallback** ⚠️