Spotlight Vulnerability Metadata - CrowdStrike/falconpy GitHub Wiki
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities. | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities.
get_cve_metadata
| Method | Route |
|---|---|
 |
/spotlight/combined/vulnerability-metadata-external/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after |  |
|
query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| filter | |
|
query | string | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that support exact match: id, provider, cve_ids, cwe_ids, impact.cvss_v2.base_metrics.vector, impact.cvss_v2.temporal_metrics.vector, impact.cvss_v3.base_metrics.integrity_impact, impact.cvss_v3.base_metrics.vector, impact.cvss_v3.temporal_metrics.vector. Available filter fields that support range comparisons (>, <, >=, <=): created_timestamp, impact.cvss_v2.base_metrics.base_score, impact.cvss_v3.base_metrics.base_score, impact.cvss_v2.temporal_metrics.temporal_score, impact.cvss_v3.temporal_metrics.temporal_score, source_created_timestamp, source_updated_timestamp, updated_timestamp. Required. |
| limit | |
|
query | integer | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. |
| offset | |
|
query | string | Starting index of overall result set from which to return ids. |
| risk_provider | |
|
query | string or list of strings | Zero or more risk providers. Zero means all. Supported values: S (for Falcon sensor). |
| sort | |
|
query | string | Sort vulnerabilities by their properties. Available sort options: created_timestamp|asc/desc, updated_timestamp|asc/desc. |
| parameters | |
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import SpotlightVulnerabilityMetadata
# Do not hardcode API credentials!
falcon = SpotlightVulnerabilityMetadata(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_cve_metadata(after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)from falconpy import SpotlightVulnerabilityMetadata
# Do not hardcode API credentials!
falcon = SpotlightVulnerabilityMetadata(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combineVulnMetadataExt(after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combineVulnMetadataExt",
after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)Back to Table of Contents
