Skip to content

Kubernetes Protection

Joshua Hiller edited this page Apr 3, 2024 · 20 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Kubernetes Protection service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
ReadClustersByDateRangeCount
PEP8 read_clusters_by_date_range
Retrieve clusters by date range counts
ReadClustersByKubernetesVersionCount
PEP8 read_clusters_by_version
Bucket clusters by kubernetes version
ReadClustersByStatusCount
PEP8 read_clusters_by_status
Bucket clusters by status
ReadClusterCount
PEP8 read_cluster_count
Retrieve cluster counts
ReadContainersByDateRangeCount
PEP8 read_containers_by_date_range
Retrieve containers by date range counts
ReadContainerCountByRegistry
PEP8 read_containers_by_registry
Retrieve top container image registries
FindContainersCountAffectedByZeroDayVulnerabilities
PEP8 read_zero_day_affected_counts
Retrieve containers count affected by zero day vulnerabilities
ReadVulnerableContainerImageCount
PEP8 read_vulnerable_container_count
Retrieve count of vulnerable images running on containers
ReadContainerCount
PEP8 read_container_counts
Retrieve container counts
FindContainersByContainerRunTimeVersion
PEP8 find_containers_by_runtime_version
Retrieve containers by container_runtime_version
GroupContainersByManaged
PEP8 group_managed_containers
Group the containers by Managed
ReadContainerImageDetectionsCountByDate
PEP8 read_detections_count_by_date
Retrieve count of image assessment detections on running containers over a period of time
ReadContainerImagesByState
PEP8 read_images_by_state
Retrieve count of image states running on containers
ReadContainersSensorCoverage
PEP8 read_sensor_coverage
Bucket containers by agent type and calculate sensor coverage
ReadContainerVulnerabilitiesBySeverityCount
PEP8 read_vulnerability_counts_by_severity
Retrieve container vulnerabilities by severity counts
ReadDeploymentsByDateRangeCount
PEP8 read_deployment_counts_by_date_range
Retrieve deployments by date range counts
ReadDeploymentCount
PEP8 read_deployment_count
Retrieve deployment counts
ReadClusterEnrichment
PEP8 read_cluster_enrichment
Retrieve cluster enrichment data
ReadContainerEnrichment
PEP8 read_container_enrichment
Retrieve container enrichment data
ReadDeploymentEnrichment
PEP8 read_deployment_enrichment
Retrieve deployment enrichment data
ReadNodeEnrichment
PEP8 read_node_enrichment
Retrieve node enrichment data
ReadPodEnrichment
PEP8 read_pod_enrichment
Retrieve pod enrichment data
ReadDistinctContainerImageCount
PEP8 read_distinct_image_count
Retrieve count of distinct images running on containers
ReadContainerImagesByMostUsed
PEP8 read_images_by_most_used
Bucket container by image-digest
ReadKubernetesIomByDateRange
PEP8 read_iom_count_by_date_range
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.
ReadKubernetesIomCount
PEP8 read_iom_count
Returns the total count of Kubernetes IOMs over the past seven days
ReadNodesByCloudCount
PEP8 read_node_counts_by_cloud
Bucket nodes by cloud providers
ReadNodesByContainerEngineVersionCount
PEP8 read_nodes_by_container_engine_version
Bucket nodes by their container engine version
ReadNodesByDateRangeCount
PEP8 read_node_counts_by_date_range
Retrieve nodes by date range counts
ReadNodeCount
PEP8 read_node_counts
Retrieve node counts
ReadPodsByDateRangeCount
PEP8 read_pod_counts_by_date_range
Retrieve pods by date range counts
ReadPodCount
PEP8 read_pod_counts
Retrieve pod counts
ReadClusterCombined
PEP8 read_clusters_combined
Retrieve kubernetes clusters identified by the provided filter criteria
ReadRunningContainerImages
PEP8 read_running_images
Retrieve images on running containers
ReadContainerCombined
PEP8 read_containers_combined
Retrieve containers identified by the provided filter criteria
ReadDeploymentCombined
PEP8 read_deployments_combined
Retrieve kubernetes deployments identified by the provided filter criteria
SearchAndReadKubernetesIomEntities
PEP8 search_and_read_ioms
Search Kubernetes IOM by the provided search criteria
ReadNodeCombined
PEP8 read_nodes_combined
Retrieve kubernetes nodes identified by the provided filter criteria
ReadPodCombined
PEP8 read_pods_combined
Retrieve kubernetes pods identified by the provided filter criteria
ReadKubernetesIomEntities
PEP8 read_iom_entities
Retrieve Kubernetes IOM entities identified by the provided IDs
SearchKubernetesIoms
PEP8 search_ioms
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
GetAWSAccountsMixin0
PEP 8 get_aws_accounts
Provides a list of AWS accounts.
CreateAWSAccount
PEP 8 create_aws_account
Creates a new AWS account in our system for a customer and generates the installation script.
DeleteAWSAccountsMixin0
PEP 8 delete_aws_accounts
Delete AWS accounts.
UpdateAWSAccount
PEP 8 update_aws_account
Updates the AWS account per the query parameters provided.
ListAzureAccounts
PEP 8 list_azure_accounts
Provides the azure subscriptions registered to Kubernetes Protection.
CreateAzureSubscription
PEP 8 create_azure_subscription
Create Azure Subscriptions.
DeleteAzureSubscription
PEP 8 delete_azure_subscription
Delete Azure Subscriptions.
GetLocations
PEP 8 get_locations
Provides the cloud locations acknowledged by the Kubernetes Protection service.
GetCombinedCloudClusters
PEP 8 get_cloud_clusters
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
GetAzureTenantConfig
PEP 8 get_azure_tenant_config
Returns the Azure tenant config.
GetStaticScripts
PEP 8 get_static_scripts
Gets static bash scripts that are used during registration.
GetAzureTenantIDs
PEP 8 get_azure_tenant_ids
Provides all the azure subscriptions and tenants.
GetAzureInstallScript
PEP 8 get_azure_install_script
Provides the script to run for a given tenant id and subscription IDs.
GetHelmValuesYaml
PEP 8 get_helm_values_yaml
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart.
RegenerateAPIKey
PEP 8 regenerate
Regenerate API key for docker registry integrations.
GetClusters
PEP 8 get_clusters
Provides the clusters acknowledged by the Kubernetes Protection service.
TriggerScan
PEP 8 trigger_scan
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PatchAzureServicePrincipal
PEP 8 update_azure_service_principal
Adds the client ID for the given tenant ID to our system.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadClustersByDateRangeCount

Retrieve clusters by date range counts

PEP8 method name

read_clusters_by_date_range

Endpoint

Method Route
GET /container-security/aggregates/clusters/count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_by_date_range()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClustersByDateRangeCount()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClustersByDateRangeCount")

print(response)

ReadClustersByKubernetesVersionCount

Bucket clusters by kubernetes version

PEP8 method name

read_clusters_by_version

Endpoint

Method Route
GET /container-security/aggregates/clusters/count-by-kubernetes-version/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_by_version(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClustersByKubernetesVersionCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClustersByKubernetesVersionCount", filter="string")

print(response)

ReadClustersByStatusCount

Bucket clusters by status

PEP8 method name

read_clusters_by_status

Endpoint

Method Route
GET /container-security/aggregates/clusters/count-by-status/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_by_status(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClustersByStatusCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClustersByStatusCount", filter="string")

print(response)

ReadClusterCount

Retrieve cluster counts

PEP8 method name

read_cluster_count

Endpoint

Method Route
GET /container-security/aggregates/clusters/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_cluster_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClusterCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClusterCount", filter="string")

print(response)

ReadContainersByDateRangeCount

Retrieve containers by date range counts

PEP8 method name

read_containers_by_date_range

Endpoint

Method Route
GET /container-security/aggregates/containers/count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Get container counts using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_containers_by_date_range(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainersByDateRangeCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainersByDateRangeCount", filter="string")

print(response)

ReadContainerCountByRegistry

Retrieve top container image registries

PEP8 method name

read_containers_by_registry

Endpoint

Method Route
GET /container-security/aggregates/containers/count-by-registry/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
under_assessment
Service Class Support

Uber Class Support
query boolean (true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_containers_by_registry(under_assessment=boolean, limit=integer)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerCountByRegistry(under_assessment=boolean, limit=integer)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerCountByRegistry", under_assessment=boolean, limit=integer)

print(response)

FindContainersCountAffectedByZeroDayVulnerabilities

Retrieve containers count affected by zero day vulnerabilities

PEP8 method name

read_zero_day_affected_counts

Endpoint

Method Route
GET /container-security/aggregates/containers/count-by-zero-day/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_zero_day_affected_counts()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.FindContainersCountAffectedByZeroDayVulnerabilities()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("FindContainersCountAffectedByZeroDayVulnerabilities")

print(response)

ReadVulnerableContainerImageCount

Retrieve count of vulnerable images running on containers

PEP8 method name

read_vulnerable_container_count

Endpoint

Method Route
GET /container-security/aggregates/containers/count-vulnerable-images/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_vulnerable_container_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadVulnerableContainerImageCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadVulnerableContainerImageCount", filter="string")

print(response)

ReadContainerCount

Retrieve container counts

PEP8 method name

read_container_counts

Endpoint

Method Route
GET /container-security/aggregates/containers/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_container_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerCount", filter="string")

print(response)

FindContainersByContainerRunTimeVersion

Retrieve containers by container_runtime_version

PEP8 method name

find_containers_by_runtime_version

Endpoint

Method Route
GET /container-security/aggregates/containers/find-by-runtimeversion/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of container records to retrieve.
offset
Service Class Support

Uber Class Support
query integer It is used to get the offset
sort
Service Class Support

Uber Class Support
query string Field to sort results by
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.find_containers_by_runtime_version(limit=integer,
                                                     offset=integer,
                                                     sort="string",
                                                     filter="string"
                                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.FindContainersByContainerRunTimeVersion(limit=integer,
                                                          offset=integer,
                                                          sort="string",
                                                          filter="string"
                                                          )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("FindContainersByContainerRunTimeVersion",
                          limit=integer,
                          offset=integer,
                          sort="string",
                          filter="string"
                          )
print(response)

GroupContainersByManaged

Group the containers by Managed

PEP8 method name

group_managed_containers

Endpoint

Method Route
GET /container-security/aggregates/containers/group-by-managed/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.group_managed_containers(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GroupContainersByManaged(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GroupContainersByManaged", filter="string")

print(response)

ReadContainerImageDetectionsCountByDate

Retrieve count of image assessment detections on running containers over a period of time

PEP8 method name

read_detections_count_by_date

Endpoint

Method Route
GET /container-security/aggregates/containers/image-detections-count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_detections_count_by_date(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerImageDetectionsCountByDate(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerImageDetectionsCountByDate", filter="string")

print(response)

ReadContainerImagesByState

Retrieve count of image states running on containers

PEP8 method name

read_images_by_state

Endpoint

Method Route
GET /container-security/aggregates/containers/images-by-state/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter using a query in Falcon Query Language (FQL). Supported filters: cid

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_images_by_state(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerImagesByState(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerImagesByState", filter="string")

print(response)

ReadContainersSensorCoverage

Bucket containers by agent type and calculate sensor coverage

PEP8 method name

read_sensor_coverage

Endpoint

Method Route
GET /container-security/aggregates/containers/sensor-coverage/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_sensor_coverage(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainersSensorCoverage(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainersSensorCoverage", filter="string")

print(response)

ReadContainerVulnerabilitiesBySeverityCount

Retrieve container vulnerabilities by severity counts

PEP8 method name

read_vulnerability_counts_by_severity

Endpoint

Method Route
GET /container-security/aggregates/containers/vulnerability-count-by-severity/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Get vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_vulnerability_counts_by_severity(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerVulnerabilitiesBySeverityCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerVulnerabilitiesBySeverityCount", filter="string")

print(response)

ReadDeploymentsByDateRangeCount

Retrieve deployments by date range counts

PEP8 method name

read_deployment_counts_by_date_range

Endpoint

Method Route
GET /container-security/aggregates/deployments/count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_deployment_counts_by_date_range()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDeploymentsByDateRangeCount()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentsByDateRangeCount")

print(response)

ReadDeploymentCount

Retrieve deployment counts

PEP8 method name

read_deployment_count

Endpoint

Method Route
GET /container-security/aggregates/deployments/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_deployment_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDeploymentCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentCount", filter="string")

print(response)

ReadClusterEnrichment

Retrieve cluster enrichment data

PEP8 method name

read_cluster_enrichment

Endpoint

Method Route
GET /container-security/aggregates/enrichment/clusters/entities/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cluster_id
Service Class Support

Uber Class Support
query string or list of strings One or more cluster ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
query string Supported filters: last_seen

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadClusterEnrichment(cluster_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadClusterEnrichment", cluster_id=id_list, filter="string")

print(response)

ReadContainerEnrichment

Retrieve container enrichment data

PEP8 method name

read_container_enrichment

Endpoint

Method Route
GET /container-security/aggregates/enrichment/containers/entities/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
container_id
Service Class Support

Uber Class Support
query string or list of strings One or more container ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
query string Supported filters: last_seen

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_container_enrichment(container_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadContainerEnrichment(container_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadContainerEnrichment", container_id=id_list, filter="string")

print(response)

ReadDeploymentEnrichment

Retrieve deployment enrichment data

PEP8 method name

read_deployment_enrichment

Endpoint

Method Route
GET /container-security/aggregates/enrichment/deployments/entities/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
deployment_id
Service Class Support

Uber Class Support
query string or list of strings One or more deployment ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
query string Supported filters: last_seen

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_deployment_enrichment(deployment_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadDeploymentEnrichment(deployment_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadDeploymentEnrichment", deployment_id=id_list, filter="string")

print(response)

ReadNodeEnrichment

Retrieve node enrichment data

PEP8 method name

read_node_enrichment

Endpoint

Method Route
GET /container-security/aggregates/enrichment/nodes/entities/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
node_name
Service Class Support

Uber Class Support
query string or list of strings One or more node names for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
query string Supported filters: last_seen

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_node_enrichment(node_name=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadNodeEnrichment(node_name=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadNodeEnrichment", node_name=id_list, filter="string")

print(response)

ReadPodEnrichment

Retrieve pod enrichment data

PEP8 method name

read_pod_enrichment

Endpoint

Method Route
GET /container-security/aggregates/enrichment/pods/entities/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
pod_id
Service Class Support

Uber Class Support
query string or list of strings One or more pod ids for which to retrieve enrichment info
filter
Service Class Support

Uber Class Support
query string Supported filters: last_seen

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.read_pod_enrichment(pod_id=id_list, filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.ReadPodEnrichment(pod_id=id_list, filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]

response = falcon.command("ReadPodEnrichment", pod_id=id_list, filter="string")

print(response)

ReadDistinctContainerImageCount

Retrieve count of distinct images running on containers

PEP8 method name

read_distinct_image_count

Endpoint

Method Route
GET /container-security/aggregates/images/count-by-distinct/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_distinct_image_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDistinctContainerImageCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDistinctContainerImageCount", filter="string")

print(response)

ReadContainerImagesByMostUsed

Bucket container by image-digest

PEP8 method name

read_images_by_most_used

Endpoint

Method Route
GET /container-security/aggregates/images/most-used/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_images_by_most_used(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerImagesByMostUsed(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerImagesByMostUsed", filter="string")

print(response)

ReadKubernetesIomByDateRange

Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.

PEP8 method name

read_iom_count_by_date_range

Endpoint

Method Route
GET /container-security/aggregates/kubernetes-ioms/count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_iom_count_by_date_range(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadKubernetesIomByDateRange(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadKubernetesIomByDateRange", filter="string")

print(response)

ReadKubernetesIomCount

Returns the total count of Kubernetes IOMs over the past seven days

PEP8 method name

read_iom_count

Endpoint

Method Route
GET /container-security/aggregates/kubernetes-ioms/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_iom_count(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadKubernetesIomCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadKubernetesIomCount", filter="string")

print(response)

ReadNodesByCloudCount

Bucket nodes by cloud providers

PEP8 method name

read_node_counts_by_cloud

Endpoint

Method Route
GET /container-security/aggregates/nodes/count-by-cloud/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_node_counts_by_cloud(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodesByCloudCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodesByCloudCount", filter="string")

print(response)

ReadNodesByContainerEngineVersionCount

Bucket nodes by their container engine version

PEP8 method name

read_nodes_by_container_engine_version

Endpoint

Method Route
GET /container-security/aggregates/nodes/count-by-container-engine-version/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_nodes_by_container_engine_version(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodesByContainerEngineVersionCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodesByContainerEngineVersionCount", filter="string")

print(response)

ReadNodesByDateRangeCount

Retrieve nodes by date range counts

PEP8 method name

read_node_counts_by_date_range

Endpoint

Method Route
GET /container-security/aggregates/nodes/count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_node_counts_by_date_range(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodesByDateRangeCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodesByDateRangeCount", filter="string")

print(response)

ReadNodeCount

Retrieve node counts

PEP8 method name

read_node_counts

Endpoint

Method Route
GET /container-security/aggregates/nodes/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_node_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodeCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodeCount", filter="string")

print(response)

ReadPodsByDateRangeCount

Retrieve pods by date range counts

PEP8 method name

read_pod_counts_by_date_range

Endpoint

Method Route
GET /container-security/aggregates/pods/count-by-date/v1

Content-Type

  • Produces: application/json

Keyword Arguments

No parameters

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_pod_counts_by_date_range()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadPodsByDateRangeCount()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPodsByDateRangeCount")

print(response)

ReadPodCount

Retrieve pod counts

PEP8 method name

read_pod_counts

Endpoint

Method Route
GET /container-security/aggregates/pods/count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_pod_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadPodCount(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPodCount", filter="string")

print(response)

ReadClusterCombined

Retrieve kubernetes clusters identified by the provided filter criteria

PEP8 method name

read_clusters_combined

Endpoint

Method Route
GET /container-security/combined/clusters/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string Field to sort results by

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_clusters_combined(filter="string",
                                         limit=integer,
                                         offset=integer,
                                         sort="string"
                                         )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadClusterCombined(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadClusterCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadRunningContainerImages

Retrieve images on running containers

PEP8 method name

read_running_images

Endpoint

Method Route
GET /container-security/combined/container-images/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Retrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,running_status
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string Field to sort results by

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_running_images(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadRunningContainerImages(filter="string",
                                             limit=integer,
                                             offset=integer,
                                             sort="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "filter": "string",
    "limit": integer,
    "offset": integer,
    "sort": "string"
}

response = falcon.command("ReadRunningContainerImages",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadContainerCombined

Retrieve containers identified by the provided filter criteria

PEP8 method name

read_containers_combined

Endpoint

Method Route
GET /container-security/combined/containers/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string Field to sort results by

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_containers_combined(filter="string",
                                           limit=integer,
                                           offset=integer,
                                           sort="string"
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadContainerCombined(filter="string",
                                        limit=integer,
                                        offset=integer,
                                        sort="string"
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadDeploymentCombined

Retrieve kubernetes deployments identified by the provided filter criteria

PEP8 method name

read_deployments_combined

Endpoint

Method Route
GET /container-security/combined/deployments/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string Field to sort results by

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_deployments_combined(filter="string",
                                            limit=integer,
                                            offset=integer,
                                            sort="string"
                                            )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadDeploymentCombined(filter="string",
                                         limit=integer,
                                         offset=integer,
                                         sort="string"
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadDeploymentCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

SearchAndReadKubernetesIomEntities

Search Kubernetes IOM by the provided search criteria

PEP8 method name

search_and_read_ioms

Endpoint

Method Route
GET /container-security/combined/kubernetes-ioms/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string The fields to sort the records on.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.search_and_read_ioms(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.SearchAndReadKubernetesIomEntities(filter="string",
                                                     limit=integer,
                                                     offset=integer,
                                                     sort="string"
                                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("SearchAndReadKubernetesIomEntities",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadNodeCombined

Retrieve kubernetes nodes identified by the provided filter criteria

PEP8 method name

read_nodes_combined

Endpoint

Method Route
GET /container-security/combined/nodes/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string Field to sort results by

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_nodes_combined(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadNodeCombined(filter="string",
                                   limit=integer,
                                   offset=integer,
                                   sort="string"
                                   )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadNodeCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPodCombined

Retrieve kubernetes pods identified by the provided filter criteria

PEP8 method name

read_pods_combined

Endpoint

Method Route
GET /container-security/combined/pods/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string Field to sort results by

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.read_pods_combined(filter="string",
                                     limit=integer,
                                     offset=integer,
                                     sort="string"
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.ReadPodCombined(filter="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string"
                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPodCombined",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadKubernetesIomEntities

Retrieve Kubernetes IOM entities identified by the provided IDs

PEP8 method name

read_iom_entities

Endpoint

Method Route
GET /container-security/entities/kubernetes-ioms/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query array (string) Search Kubernetes IOMs by ids - The maximum amount is 100 IDs

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.read_iom_entities(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.ReadKubernetesIomEntities(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("ReadKubernetesIomEntities", ids=id_list)

print(response)

SearchKubernetesIoms

Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query

PEP8 method name

search_ioms

Endpoint

Method Route
GET /container-security/queries/kubernetes-ioms/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support

Uber Class Support
query string Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limit
Service Class Support

Uber Class Support
query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support

Uber Class Support
query integer The offset from where to begin.
sort
Service Class Support

Uber Class Support
query string The fields to sort the records on.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.search_ioms(filter="string",
                              limit=integer,
                              offset=integer,
                              sort="string"
                              )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.SearchKubernetesIoms(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

PARAMS = {
    "filter": "string",
    "limit": integer,
    "offset": integer,
    "sort": "string"
}

response = falcon.command("SearchKubernetesIoms",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

GetAWSAccountsMixin0

Provides a list of AWS accounts.

PEP8 method name

get_aws_accounts

Endpoint

Method Route
GET /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s).
is_horizon_account
Service Class Support

Uber Class Support
query string Filter by whether an account originates from Horizon or not. Allowed values: False or True
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
query string Filter by account status.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_accounts(status="string",
                                   limit=integer,
                                   offset=integer,
                                   ids=id_list,
                                   is_horizon_account="string"
                                   )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAWSAccountsMixin0(status="string",
                                       limit=integer,
                                       offset=integer,
                                       ids=id_list,
                                       is_horizon_account="string"
                                       )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAWSAccountsMixin0",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          is_horizon_account="string"
                          )


print(response)

Back to Table of Contents

CreateAWSAccount

Creates a new AWS account in our system for a customer and generates the installation script

PEP8 method name

create_aws_account

Endpoint

Method Route
POST /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
account_id
Service Class Support

Uber Class Support
body string Account ID.
region
Service Class Support

Uber Class Support
body string Cloud region.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_aws_account(account_id="string", region="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAWSAccount(account_id="string", region="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "region": "string"
        }
    ]
}

response = falcon.command("CreateAWSAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteAWSAccountsMixin0

Delete AWS accounts.

PEP8 method name

delete_aws_accounts

Endpoint

Method Route
DELETE /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s) to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_aws_accounts(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAWSAccountsMixin0(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)

print(response)

Back to Table of Contents

UpdateAWSAccount

Updates the AWS account per the query parameters provided

PEP8 method name

update_aws_account

Endpoint

Method Route
PATCH /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s) to update.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
region
Service Class Support

Uber Class Support
query string Default region for account automation.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_aws_account(region="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.UpdateAWSAccount(region="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)

print(response)

Back to Table of Contents

ListAzureAccounts

Provides the azure subscriptions registered to Kubernetes Protection.

PEP8 method name

list_azure_accounts

Endpoint

Method Route
GET /kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Azure Tenant ID(s).
subscription_id
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription ID(s).
is_horizon_account
Service Class Support

Uber Class Support
query boolean Flag indicating if we should filter by accounts originating from Horizon.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
query string Filter by account status (operational or provisioned).

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.list_azure_accounts(status="string",
                                      limit=integer,
                                      offset=integer,
                                      ids=id_list,
                                      subscription_id=sub_list,
                                      is_horizon_account=boolean
                                      )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.ListAzureAccounts(status="string",
                                    limit=integer,
                                    offset=integer,
                                    ids=id_list,
                                    subscription_id=sub_list,
                                    is_horizon_account=boolean
                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.command("ListAzureAccounts",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          subscription_id=sub_list,
                          is_horizon_account=boolean
                          )

print(response)

Back to Table of Contents

CreateAzureSubscription

Creates a new Azure Subscription in our system

PEP8 method name

create_azure_subscription

Endpoint

Method Route
POST /kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
subscription_id
Service Class Support

Uber Class Support
body string Azure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
body string Azure Tenant ID.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "subscription_id": "string",
            "tenant_id": "string"
        }
    ]
}

response = falcon.command("CreateAzureSubscription", body=BODY)

print(response)

Back to Table of Contents

DeleteAzureSubscription

Delete an Azure Subscription from the system.

PEP8 method name

delete_azure_subscription

Endpoint

Method Route
DELETE /kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription ID(s) to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_azure_subscription(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAzureSubscription(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAzureSubscription", ids=id_list)

print(response)

Back to Table of Contents

GetLocations

Provides the cloud locations acknowledged by the Kubernetes Protection service

PEP8 method name

get_locations

Endpoint

Method Route
GET /kubernetes-protection/entities/cloud-locations/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
clouds
Service Class Support

Uber Class Support
query string or list of strings Cloud provider.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.get_locations(clouds=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.GetLocations(clouds=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.command("GetLocations", clouds=id_list)

print(response)

Back to Table of Contents

GetCombinedCloudClusters

Returns a combined list of provisioned cloud accounts and known kubernetes clusters.

PEP8 method name

get_cloud_clusters

Endpoint

Method Route
GET /kubernetes-protection/entities/cloud_cluster/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cluster_service
Service Class Support

Uber Class Support
query string or list of strings Cluster Service.
cluster_status
Service Class Support

Uber Class Support
query string or list of strings Cluster Status.
ids
Service Class Support

Uber Class Support
query string or list of strings Cloud Account IDs.
locations
Service Class Support

Uber Class Support
query string or list of strings Cloud location.
limit
Service Class Support

Uber Class Support
query integer Limit returned results.
offset
Service Class Support

Uber Class Support
query integer Pagination offset.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
                                     cluster_status="string or list of strings",
                                     ids="string or list of strings",
                                     locations="string or list of strings",
                                     limit=integer,
                                     offset=integer
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
                                           cluster_status="string or list of strings",
                                           ids="string or list of strings",
                                           locations="string or list of strings",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters", 
                          cluster_service="string or list of strings",
                          cluster_status="string or list of strings",
                          ids="string or list of strings",
                          locations="string or list of strings",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureTenantConfig

Returns the Azure tenant config.

PEP8 method name

get_azure_tenant_config

Endpoint

Method Route
GET /kubernetes-protection/entities/config/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Cloud Account IDs.
limit
Service Class Support

Uber Class Support
query integer Limit returned results.
offset
Service Class Support

Uber Class Support
query integer Pagination offset.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_config(ids=id_list,
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantConfig(ids=id_list,
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantConfig", 
                          ids=id_list,
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetStaticScripts

Get static bash scripts that are used during registration.

PEP8 method name

get_static_scripts

Endpoint

Method Route
GET /kubernetes-protection/entities/gen/scripts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_static_scripts()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetStaticScripts()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetStaticScripts")

print(response)

Back to Table of Contents

GetAzureTenantIDs

Provides all the azure subscriptions and tenants IDs.

PEP8 method name

get_azure_tenant_ids

Endpoint

Method Route
GET /kubernetes-protection/entities/tenants/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Cloud Account IDs.
status
Service Class Support

Uber Class Support
query string Cluster status. (Not Installed, Running, Stopped)
limit
Service Class Support

Uber Class Support
query integer Limit returned results.
offset
Service Class Support

Uber Class Support
query integer Pagination offset.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_ids(ids=id_list,
                                       status="string",
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantIDs(ids=id_list,
                                    status="string",
                                    limit=integer,
                                    offset=integer
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantIDs", 
                          ids=id_list,
                          status="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureInstallScript

Provide the script to run for a given tenant id and subscription IDs.

PEP8 method name

get_azure_install_script

Endpoint

Method Route
GET /kubernetes-protection/entities/user-script/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Azure Tenant ID.
subscription_id
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_install_script(id="string",
                                           subscription_id=id_list,
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureInstallScript(id="string",
                                        subscription_id=id_list
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureInstallScript", 
                          id="string",
                          subscription_id=id_list
                          )
print(response)

Back to Table of Contents

GetHelmValuesYaml

Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart

PEP8 method name

get_helm_values_yaml

Endpoint

Method Route
GET /kubernetes-protection/entities/integration/agent/v1

Content-Type

  • Consumes: application/json
  • Produces: application/yaml

Keyword Arguments

Name Service Uber Type Data type Description
cluster_name
Service Class Support

Uber Class Support
query string or list of strings Cluster name. For EKS this will be the cluster ARN.
is_self_managed_cluster
Service Class Support

Uber Class Support
query boolean Set to True if the cluster is not managed by a cloud provider, and False if it is.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetHelmValuesYaml",
                          cluster_name="string",
                          is_self_managed_cluster=boolean
                          )

print(response)

Back to Table of Contents

RegenerateAPIKey

Regenerate API key for docker registry integrations.

PEP8 method name

regenerate

Endpoint

Method Route
POST /kubernetes-protection/entities/integration/api-key/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords are arguments are required.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.regenerate()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.RegenerateAPIKey()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("RegenerateAPIKey")

print(response)

Back to Table of Contents

GetClusters

Provides the clusters acknowledged by the Kubernetes Protection service

PEP8 method name

get_clusters

Endpoint

Method Route
GET /kubernetes-protection/entities/kubernetes/clusters/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cluster_name
Service Class Support

Uber Class Support
query string or list of strings Cluster name. For EKS this will be the cluster ARN.
account_ids
Service Class Support

Uber Class Support
query string or list of strings Cluster account ID. For EKS this will be the AWS account ID.
locations
Service Class Support

Uber Class Support
query string or list of strings Cloud location.
cluster_service
Service Class Support

Uber Class Support
query string Cluster service.
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return.
offset
Service Class Support

Uber Class Support
query integer Starting offset to begin returning results.
status
Service Class Support

Uber Class Support
query string or list of strings Cluster status.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.get_clusters(cluster_names=clusters,
                               account_ids=accounts,
                               locations=locations,
                               cluster_service="string",
                               limit=integer,
                               offset=integer,
                               status=status_types
                               )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.GetClusters(cluster_names=clusters,
                              account_ids=accounts,
                              locations=locations,
                              cluster_service="string",
                              limit=integer,
                              offset=integer,
                              status=status_types
                              )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.command("GetClusters",
                          cluster_names=clusters,
                          account_ids=accounts,
                          locations=locations,
                          cluster_service="string",
                          limit=integer,
                          offset=integer,
                          status=status_types
                          )

print(response)

Back to Table of Contents

TriggerScan

Triggers a dry run or a full scan of a customer's kubernetes footprint.

PEP8 method name

trigger_scan

Endpoint

Method Route
POST /kubernetes-protection/entities/scan/trigger/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.trigger_scan(scan_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.TriggerScan(scan_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("TriggerScan", scan_type="string")

print(response)

Back to Table of Contents

PatchAzureServicePrincipal

Adds the client ID for the given tenant ID to our system.

PEP8 method name

update_azure_service_principal or patch_azure_service_principal

Endpoint

Method Route
PATCH /kubernetes-protection/entities/service-principal/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Azure Tenant ID.
client_id
Service Class Support

Uber Class Support
query string Azure Client ID.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.update_azure_service_principal(id="string", client_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")

print(response)

Back to Table of Contents

CrowdStrike Falcon

Clone this wiki locally