Retrieve vulnerability and aggregate data filtered by the provided FQL
Passing credentials
WARNING
client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)
CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
ReadVulnerabilityCountByActivelyExploited
Aggregate count of vulnerabilities grouped by actively exploited
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerability_counts_by_active_exploited(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilityCountByActivelyExploited(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilityCountByActivelyExploited",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCountByCPSRating
Aggregate count of vulnerabilities grouped by csp_rating
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerability_counts_by_cps_rating(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilityCountByCPSRating(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilityCountByCPSRating",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCountByCVSSScore
Aggregate count of vulnerabilities grouped by cvss score
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerability_counts_by_cvss_score(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilityCountByCVSSScore(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilityCountByCVSSScore",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilityCountBySeverity
Aggregate count of vulnerabilities grouped by severity
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerability_counts_by_severity(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilityCountBySeverity(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilityCountBySeverity",
filter="string",
limit=integer,
offset=integer
)
print(response)
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilitiesByImageCount
Retrieve top x vulnerabilities with the most impacted images
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerabilities_by_count(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilitiesByImageCount(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilitiesByImageCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadVulnerabilitiesPublicationDate
Retrieve top x vulnerabilities with the most recent publication date
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: cid,cve_id,registry,repository,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_vulnerabilities_by_pub_date(filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadVulnerabilitiesPublicationDate(filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadVulnerabilitiesPublicationDate",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadCombinedVulnerabilitiesDetails
Retrieve vulnerability details related to an image
Filter the vulnerabilities using a query in Falcon Query Language (FQL). Supported vulnerability filters: cid,cps_rating,cve_id,cvss_score,exploited_status,exploited_status_name,include_base_image_vuln,is_zero_day,remediation_available,severity
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_combined_vulnerability_detail(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadCombinedVulnerabilitiesDetails(id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadCombinedVulnerabilitiesDetails",
id="string",
filter="string",
limit=integer,
offset=integer
)
print(response)
ReadCombinedVulnerabilitiesInfo
Retrieve vulnerability and package related info for this customer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_combined_vulnerabilities_info(cve_id="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadCombinedVulnerabilitiesInfo(cve_id="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadCombinedVulnerabilitiesInfo",
cve_id="string",
limit=integer,
offset=integer
)
print(response)
ReadCombinedVulnerabilities
Retrieve vulnerability and aggregate data filtered by the provided FQL
PEP8 method name
read_combined_vulnerabilities
Endpoint
Method
Route
/container-security/combined/vulnerabilities/v1
Required Scope
Content-Type
Produces: application/json
Keyword Arguments
Name
Service
Uber
Type
Data type
Description
filter
query
string
Filter vulnerabilities using a query in Falcon Query Language (FQL). Supported filters: base_os,cid,container_id,container_running_status,containers_impacted_range,cps_rating,cve_id,cvss_score,description,exploited_status,exploited_status_name,fix_status,image_digest,image_id,images_impacted_range,include_base_image_vuln,package_name_version,registry,repository,severity,tag
limit
query
integer
The upper-bound on the number of records to retrieve.
offset
query
integer
The offset from where to begin.
parameters
query
dictionary
Full query string parameters payload in JSON format. Not required if using other keywords.
sort
query
string
The fields to sort the records on. Supported columns: [cps_current_rating cve_id cvss_score description images_impacted packages_impacted severity]
Usage
Service class example (PEP8 syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.read_combined_vulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
fromfalconpyimportContainerVulnerabilities# Do not hardcode API credentials!falcon=ContainerVulnerabilities(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.ReadCombinedVulnerabilities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
fromfalconpyimportAPIHarnessV2# Do not hardcode API credentials!falcon=APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response=falcon.command("ReadCombinedVulnerabilities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)