Operation ID Description
Gets combined compliance data aggregated by account and region. Results can be filtered and sorted. Gets raw resources based on the provided IDs param. Maximum of 100 resources can be requested with this method. Use POST method with same path if more are required. Gets a list of resource IDs for the given parameters, filters and sort criteria.
Gets combined compliance data aggregated by account and region. Results can be filtered and sorted.
get_combined_compliance_by_account
Method Route
/cloud-security-assets/combined/compliance-controls/by-account-region-and-resource-type/v1
Consumes: application/json
Produces: application/json
Name Service Uber Type Data type Description
filter query string FQL string to filter on asset contents. Filterable fields include: account_id, account_name, assessment_id, business_impact, cloud_group, cloud_label, cloud_label_id, cloud_provider, cloud_scope, compliant, control.benchmark.name, control.benchmark.version, control.framework, control.name, control.type, control.version, environment, last_evaluated, region, resource_provider, resource_type, resource_type_name, service, service_category, and severities. sort query string Sort expression in format: field limit query integer The maximum number of items to return. When not specified or 0, 20 is used. When larger than 10000, 10000 is used. offset query integer Offset returned controls. Use only one of 'offset' and 'after' parameter for paginating. 'offset' can only be used on offsets < 10,000. For paginating through the entire result set, use 'after' parameter after query string token-based pagination. use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating include_failing_iom_severity_counts query boolean Include counts of failing IOMs by severity level parameters query dictionary Full query string parameters payload in JSON format.
from falconpy import CloudSecurityAssets
falcon = CloudSecurityAssets(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_compliance_by_account(filter="string",
sort="string",
limit=integer,
offset=integer,
after="string",
include_failing_iom_severity_counts=boolean
)
print(response)
from falconpy import CloudSecurityAssets
falcon = CloudSecurityAssets(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cloud_security_assets_combined_compliance_by_account(filter="string",
sort="string",
limit=integer,
offset=integer,
after="string",
include_failing_iom_severity_counts=boolean
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cloud_security_assets_combined_compliance_by_account",
filter="string",
sort="string",
limit=integer,
offset=integer,
after="string",
include_failing_iom_severity_counts=boolean
)
print(response)
Gets raw resources based on the provided IDs param. Maximum of 100 resources can be requested with this method.
get_assets
Method Route
/cloud-security-assets/entities/resources/v1
Consumes: application/json
Produces: application/json
Name Service Uber Type Data type Description
ids query string or list of strings List of assets to return (maximum 100 IDs allowed). parameters query dictionary Full query string parameters payload in JSON format.
from falconpy import CloudSecurityAssets
falcon = CloudSecurityAssets(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_assets(ids=id_list)
print(response)
from falconpy import CloudSecurityAssets
falcon = CloudSecurityAssets(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.cloud_security_assets_entities_get(ids=id_list)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("cloud_security_assets_entities_get", ids=id_list)
print(response)
Gets a list of resource IDs for the given parameters, filters and sort criteria.
query_assets
Method Route
/cloud-security-assets/queries/resources/v1
Consumes: application/json
Produces: application/json
Name Service Uber Type Data type Description
after query string token-based pagination. use for paginating through an entire result set. Use only one of 'offset' and 'after' parameters for paginating filter query string FQL string to filter on asset contents. Filterable fields include: account_id, account_name, active, azure.vm_id, business_impact, cloud_group, cloud_label, cloud_label_id, cloud_provider, cloud_scope, cluster_id, cluster_name, compartment_ocid, compliant.benchmark_name, compliant.benchmark_version, compliant.framework, compliant.policy_id, compliant.requirement, compliant.rule, compliant.section, configuration.id, creation_time, cve_ids, data_classifications.found, data_classifications.label, data_classifications.label_id, data_classifications.scanned, data_classifications.tag, data_classifications.tag_id, environment, exprt_ratings, first_seen, highest_severity, id, insights.boolean_value, insights.id, instance_id, instance_state, ioa_count, iom_count, legacy_resource_id, legacy_uuid, managed_by, non_compliant.benchmark_name, non_compliant.benchmark_version, non_compliant.framework, non_compliant.policy_id, non_compliant.requirement, non_compliant.rule, non_compliant.section, non_compliant.severity, organization_Id, os_version, platform_name, publicly_exposed, region, resource_id, resource_name, resource_type, resource_type_name, sensor_priority, service, service_category, severity, snapshot_detections, ssm_managed, status, tag_key, tag_value, tenant_id, updated_at, vmware.guest_os_id, vmware.guest_os_version, vmware.host_system_name, vmware.host_type, vmware.instance_uuid, vmware.vm_host_name, vmware.vm_tools_status, and zone sort query string The field to sort on. Sortable fields include: account_id, account_name, active, cloud_provider, cluster_id, cluster_name, creation_time, data_classifications.found, data_classifications.scanned, first_seen, id, instance_id, instance_state, ioa_count, iom_count, managed_by, organization_Id, os_version, platform_name, publicly_exposed, region, resource_id, resource_name, resource_type, resource_type_name, service, service_category, ssm_managed, status, tenant_id, updated_at, vmware.guest_os_id, vmware.guest_os_version, vmware.host_system_name, vmware.host_type, vmware.instance_uuid, vmware.vm_host_name, vmware.vm_tools_status, and zone. limit query integer The maximum number of items to return. When not specified or 0, 500 is used. When larger than 1000, 1000 is used. offset query integer Offset returned assets. Use only one of 'offset' and 'after' parameter for paginating. 'offset' can only be used on offsets < 10,000. For paginating through the entire result set, use 'after' parameter parameters query dictionary Full query string parameters payload in JSON format.
from falconpy import CloudSecurityAssets
falcon = CloudSecurityAssets(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.query_assets(after="string",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import CloudSecurityAssets
falcon = CloudSecurityAssets(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.cloud_security_assets_queries(after="string",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("cloud_security_assets_queries",
after="string",
filter="string",
sort="string",
limit=integer,
offset=integer
)
print(response)
