Using the Container Packages service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadPackagesByImageCount

Retrieves the N most frequently used packages across images.

PEP8 method name

read_packages_by_image_count

Endpoint

Method	Route
	/container-security/aggregates/packages/by-image-count/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter	query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filter fields: ai_related, cveid, running_images, severity, type, and vulnerability_count
limit	query	integer	Maximum number of package results to return. Default value: 5
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_packages_by_image_count(filter="string", limit=integer)

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByImageCount(filter="string", limit=integer)

print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByImageCount", filter="string", limit=integer)

print(response)

ReadPackagesCountByZeroDay

Retrieve packages count affected by zero day vulnerabilities.

PEP8 method name

read_zero_day_counts

Endpoint

Method	Route
	/container-security/aggregates/packages/count-by-zero-day/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_zero_day_counts(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCountByZeroDay(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCountByZeroDay", filter="string")

print(response)

ReadPackagesByFixableVulnCount

Retrieve top x app packages with the most fixable vulnerabilities.

PEP8 method name

read_fixable_vuln_count

Endpoint

Method	Route
	/container-security/combined/packages/app-by-fixable-vulnerability-count/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_fixable_vuln_count(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByFixableVulnCount(filter="string",
                                                 limit=integer,
                                                 offset=integer
                                                 )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByFixableVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesByVulnCount

Retrieve top x packages with the most vulnerabilities.

PEP8 method name

read_vuln_count

Endpoint

Method	Route
	/container-security/combined/packages/by-vulnerability-count/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_vuln_count(filter="string",
                                  limit=integer,
                                  offset=integer
                                  )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByVulnCount(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesCombinedExport

Retrieve packages identified by the provided filter criteria for the purpose of export.

PEP8 method name

read_combined_export

Endpoint

Method	Route
	/container-security/combined/packages/export/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected			query	boolean	(true/false) load zero day affected packages, default is false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined_export(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombinedExport(filter="string",
                                             only_zero_day_affected=boolean,
                                             limit=integer,
                                             offset=integer,
                                             sort="string"
                                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombinedExport",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPackagesCombined

Retrieve packages identified by the provided filter criteria.

PEP8 method name

read_combined

Endpoint

Method	Route
	/container-security/combined/packages/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: ai_related, cid, container_id, cveid, fix_status, image_digest, license, package_name_version, severity, type, and vulnerability_count
only_zero_day_affected			query	boolean	Load zero day affected packages. Default: false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: license, package_name_version, and type

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined(filter="string",
                                only_zero_day_affected=boolean,
                                limit=integer,
                                offset=integer,
                                sort="string"
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

# Do not hardcode API credentials!
falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombined(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombined",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPackagesCombinedV2

Retrieve packages identified by the provided filter criteria.

PEP8 method name

read_packages

Endpoint

Method	Route
	/container-security/combined/packages/v2

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter packages using a query in Falcon Query Language (FQL). Supported filters: ai_related, cid, container_id, cveid, fix_status, image_digest, license, package_name_version, severity, type, and vulnerability_count
only_zero_day_affected			query	boolean	Load zero day affected packages. Default: false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: license, package_name_version, and type

Usage

Service class example (PEP8 syntax)

from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_packages(filter="string",
                                only_zero_day_affected=boolean,
                                sort="string",
                                limit=integer,
                                offset=integer
                                )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombinedV2(filter="string",
                                         only_zero_day_affected=boolean,
                                         sort="string",
                                         limit=integer,
                                         offset=integer
                                         )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombinedV2",
                          filter="string",
                          only_zero_day_affected=boolean,
                          sort="string",
                          limit=integer,
                          offset=integer
                          )
print(response)