Container Images
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Image assessment history | ||||
|
Aggregate count of images grouped by Base OS distribution | ||||
|
Aggregate count of images grouped by state | ||||
|
Aggregate count of images | ||||
|
Get image assessment results by providing an FQL filter and paging details | ||||
|
Retrieve top x images with the most vulnerabilities | ||||
|
Retrieve image entities identified by the provided filter criteria | ||||
|
Retrieve images with an option to expand aggregated vulnerabilities/detections | ||||
|
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities | ||||
|
aggregates information about vulnerabilities for an image |
Image assessment history
aggregate_assessment_history
Method | Route |
---|---|
/container-security/aggregates/images/assessment-history/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter using a query in Falcon Query Language (FQL). Supported filters: cid,registry,repository |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_assessment_history(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageAssessmentHistory(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageAssessmentHistory", filter="string")
print(response)
Aggregate count of images grouped by Base OS distribution
aggregate_count_by_base_os
Method | Route |
---|---|
/container-security/aggregates/images/count-by-os-distribution/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count_by_base_os(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCountByBaseOS(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCountByBaseOS", filter="string")
print(response)
Aggregate count of images grouped by state
aggregate_count_by_state
Method | Route |
---|---|
/container-security/aggregates/images/count-by-state/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen,registry,repository |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count_by_state(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCountByState(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCountByState", filter="string")
print(response)
Aggregate count of images
aggregate_count
Method | Route |
---|---|
/container-security/aggregates/images/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count(filter="string")
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCount", filter="string")
print(response)
Get image assessment results by providing an FQL filter and paging details
get_combined_images
Method | Route |
---|---|
/container-security/combined/image-assessment/images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve [1-100] |
offset |
|
|
query | integer | The offset from where to begin. |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. | |
sort |
|
|
query | string | The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository tag] |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCombinedImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCombinedImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve top x images with the most vulnerabilities
get_combined_images_by_vulnerability_count
Method | Route |
---|---|
/container-security/combined/images/by-vulnerability-count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets. |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_images_by_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageByVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageByVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)
Retrieve image entities identified by the provided filter criteria
get_combined_detail
Method | Route |
---|---|
/container-security/combined/images/detail/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag |
with_config |
|
|
query | boolean | (true/false) include image config, default is false |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. | |
sort |
|
|
query | string | The fields to sort the records on. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_detail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageDetail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageDetail",
filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve images with an option to expand aggregated vulnerabilities/detections
read_combined_export
Method | Route |
---|---|
/container-security/combined/images/export/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity |
expand_vulnerabilities |
|
|
query | boolean | expand vulnerabilities |
expand_detections |
|
|
query | boolean | expand detections |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. | |
sort |
|
|
query | string | The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_cps_current_rating highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository tag vulnerabilities] |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_export(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedImagesExport(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedImagesExport",
filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
get_combined_issues_summary
Method | Route |
---|---|
/container-security/combined/images/issues-summary/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cid |
|
|
query | string | CID |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. | |
registry |
|
|
query | string | registry name |
repository |
|
|
query | string | repository name |
tag |
|
|
query | string | tag name |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_issues_summary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageIssuesSummary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageIssuesSummary",
cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
aggregates information about vulnerabilities for an image
get_combined_vulnerabilities_summary
Method | Route |
---|---|
/container-security/combined/images/vulnerabilities-summary/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cid |
|
|
query | string | CID |
parameters |
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. | |
registry |
|
|
query | string | registry name |
repository |
|
|
query | string | repository name |
tag |
|
|
query | string | tag name |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_vulnerabilities_summary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageVulnerabilitySummary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageVulnerabilitySummary",
cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust