-
Notifications
You must be signed in to change notification settings - Fork 119
Kubernetes Protection
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Retrieve clusters by date range counts | ||||
|
Bucket clusters by kubernetes version | ||||
|
Bucket clusters by status | ||||
|
Retrieve cluster counts | ||||
|
Retrieve containers by date range counts | ||||
|
Retrieve top container image registries | ||||
|
Retrieve containers count affected by zero day vulnerabilities | ||||
|
Retrieve count of vulnerable images running on containers | ||||
|
Retrieve container counts | ||||
|
Retrieve containers by container_runtime_version | ||||
|
Group the containers by Managed | ||||
|
Retrieve count of image assessment detections on running containers over a period of time | ||||
|
Retrieve count of image states running on containers | ||||
|
Bucket containers by agent type and calculate sensor coverage | ||||
|
Retrieve container vulnerabilities by severity counts | ||||
|
Retrieve deployments by date range counts | ||||
|
Retrieve deployment counts | ||||
|
Retrieve cluster enrichment data | ||||
|
Retrieve container enrichment data | ||||
|
Retrieve deployment enrichment data | ||||
|
Retrieve node enrichment data | ||||
|
Retrieve pod enrichment data | ||||
|
Retrieve count of distinct images running on containers | ||||
|
Bucket container by image-digest | ||||
|
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days. | ||||
|
Returns the total count of Kubernetes IOMs over the past seven days | ||||
|
Bucket nodes by cloud providers | ||||
|
Bucket nodes by their container engine version | ||||
|
Retrieve nodes by date range counts | ||||
|
Retrieve node counts | ||||
|
Retrieve pods by date range counts | ||||
|
Retrieve pod counts | ||||
|
Retrieve kubernetes clusters identified by the provided filter criteria | ||||
|
Retrieve images on running containers | ||||
|
Retrieve containers identified by the provided filter criteria | ||||
|
Retrieve kubernetes deployments identified by the provided filter criteria | ||||
|
Search Kubernetes IOM by the provided search criteria | ||||
|
Retrieve kubernetes nodes identified by the provided filter criteria | ||||
|
Retrieve kubernetes pods identified by the provided filter criteria | ||||
|
Retrieve Kubernetes IOM entities identified by the provided IDs | ||||
|
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query | ||||
|
Provides a list of AWS accounts. | ||||
|
Creates a new AWS account in our system for a customer and generates the installation script. | ||||
|
Delete AWS accounts. | ||||
|
Updates the AWS account per the query parameters provided. | ||||
|
Provides the azure subscriptions registered to Kubernetes Protection. | ||||
|
Create Azure Subscriptions. | ||||
|
Delete Azure Subscriptions. | ||||
|
Provides the cloud locations acknowledged by the Kubernetes Protection service. | ||||
|
Returns a combined list of provisioned cloud accounts and known kubernetes clusters. | ||||
|
Returns the Azure tenant config. | ||||
|
Gets static bash scripts that are used during registration. | ||||
|
Provides all the azure subscriptions and tenants. | ||||
|
Provides the script to run for a given tenant id and subscription IDs. | ||||
|
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart. | ||||
|
Regenerate API key for docker registry integrations. | ||||
|
Provides the clusters acknowledged by the Kubernetes Protection service. | ||||
|
Triggers a dry run or a full scan of a customer's kubernetes footprint. | ||||
|
Adds the client ID for the given tenant ID to our system. |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Retrieve clusters by date range counts
read_clusters_by_date_range
Method | Route |
---|---|
/container-security/aggregates/clusters/count-by-date/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_date_range()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByDateRangeCount()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByDateRangeCount")
print(response)
Bucket clusters by kubernetes version
read_clusters_by_version
Method | Route |
---|---|
/container-security/aggregates/clusters/count-by-kubernetes-version/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_version(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByKubernetesVersionCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByKubernetesVersionCount", filter="string")
print(response)
Bucket clusters by status
read_clusters_by_status
Method | Route |
---|---|
/container-security/aggregates/clusters/count-by-status/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_status(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByStatusCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByStatusCount", filter="string")
print(response)
Retrieve cluster counts
read_cluster_count
Method | Route |
---|---|
/container-security/aggregates/clusters/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_cluster_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCount", filter="string")
print(response)
Retrieve containers by date range counts
read_containers_by_date_range
Method | Route |
---|---|
/container-security/aggregates/containers/count-by-date/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Get container counts using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_by_date_range(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainersByDateRangeCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainersByDateRangeCount", filter="string")
print(response)
Retrieve top container image registries
read_containers_by_registry
Method | Route |
---|---|
/container-security/aggregates/containers/count-by-registry/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
under_assessment |
|
|
query | boolean | (true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_by_registry(under_assessment=boolean, limit=integer)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCountByRegistry(under_assessment=boolean, limit=integer)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCountByRegistry", under_assessment=boolean, limit=integer)
print(response)
Retrieve containers count affected by zero day vulnerabilities
read_zero_day_affected_counts
Method | Route |
---|---|
/container-security/aggregates/containers/count-by-zero-day/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_zero_day_affected_counts()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.FindContainersCountAffectedByZeroDayVulnerabilities()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("FindContainersCountAffectedByZeroDayVulnerabilities")
print(response)
Retrieve count of vulnerable images running on containers
read_vulnerable_container_count
Method | Route |
---|---|
/container-security/aggregates/containers/count-vulnerable-images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerable_container_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerableContainerImageCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerableContainerImageCount", filter="string")
print(response)
Retrieve container counts
read_container_counts
Method | Route |
---|---|
/container-security/aggregates/containers/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_container_counts(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCount", filter="string")
print(response)
Retrieve containers by container_runtime_version
find_containers_by_runtime_version
Method | Route |
---|---|
/container-security/aggregates/containers/find-by-runtimeversion/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
limit |
|
|
query | integer | The upper-bound on the number of container records to retrieve. |
offset |
|
|
query | integer | It is used to get the offset |
sort |
|
|
query | string | Field to sort results by |
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.find_containers_by_runtime_version(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.FindContainersByContainerRunTimeVersion(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("FindContainersByContainerRunTimeVersion",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Group the containers by Managed
group_managed_containers
Method | Route |
---|---|
/container-security/aggregates/containers/group-by-managed/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.group_managed_containers(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GroupContainersByManaged(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GroupContainersByManaged", filter="string")
print(response)
Retrieve count of image assessment detections on running containers over a period of time
read_detections_count_by_date
Method | Route |
---|---|
/container-security/aggregates/containers/image-detections-count-by-date/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_detections_count_by_date(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImageDetectionsCountByDate(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImageDetectionsCountByDate", filter="string")
print(response)
Retrieve count of image states running on containers
read_images_by_state
Method | Route |
---|---|
/container-security/aggregates/containers/images-by-state/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter using a query in Falcon Query Language (FQL). Supported filters: cid |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_images_by_state(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImagesByState(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImagesByState", filter="string")
print(response)
Bucket containers by agent type and calculate sensor coverage
read_sensor_coverage
Method | Route |
---|---|
/container-security/aggregates/containers/sensor-coverage/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_sensor_coverage(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainersSensorCoverage(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainersSensorCoverage", filter="string")
print(response)
Retrieve container vulnerabilities by severity counts
read_vulnerability_counts_by_severity
Method | Route |
---|---|
/container-security/aggregates/containers/vulnerability-count-by-severity/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Get vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_severity(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerVulnerabilitiesBySeverityCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerVulnerabilitiesBySeverityCount", filter="string")
print(response)
Retrieve deployments by date range counts
read_deployment_counts_by_date_range
Method | Route |
---|---|
/container-security/aggregates/deployments/count-by-date/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployment_counts_by_date_range()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsByDateRangeCount()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsByDateRangeCount")
print(response)
Retrieve deployment counts
read_deployment_count
Method | Route |
---|---|
/container-security/aggregates/deployments/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployment_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentCount", filter="string")
print(response)
Retrieve cluster enrichment data
read_cluster_enrichment
Method | Route |
---|---|
/container-security/aggregates/enrichment/clusters/entities/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cluster_id |
|
|
query | string or list of strings | One or more cluster ids for which to retrieve enrichment info |
filter |
|
|
query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadClusterEnrichment(cluster_id=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadClusterEnrichment", cluster_id=id_list, filter="string")
print(response)
Retrieve container enrichment data
read_container_enrichment
Method | Route |
---|---|
/container-security/aggregates/enrichment/containers/entities/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
container_id |
|
|
query | string or list of strings | One or more container ids for which to retrieve enrichment info |
filter |
|
|
query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_container_enrichment(container_id=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadContainerEnrichment(container_id=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadContainerEnrichment", container_id=id_list, filter="string")
print(response)
Retrieve deployment enrichment data
read_deployment_enrichment
Method | Route |
---|---|
/container-security/aggregates/enrichment/deployments/entities/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
deployment_id |
|
|
query | string or list of strings | One or more deployment ids for which to retrieve enrichment info |
filter |
|
|
query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_deployment_enrichment(deployment_id=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadDeploymentEnrichment(deployment_id=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadDeploymentEnrichment", deployment_id=id_list, filter="string")
print(response)
Retrieve node enrichment data
read_node_enrichment
Method | Route |
---|---|
/container-security/aggregates/enrichment/nodes/entities/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
node_name |
|
|
query | string or list of strings | One or more node names for which to retrieve enrichment info |
filter |
|
|
query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_node_enrichment(node_name=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadNodeEnrichment(node_name=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadNodeEnrichment", node_name=id_list, filter="string")
print(response)
Retrieve pod enrichment data
read_pod_enrichment
Method | Route |
---|---|
/container-security/aggregates/enrichment/pods/entities/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
pod_id |
|
|
query | string or list of strings | One or more pod ids for which to retrieve enrichment info |
filter |
|
|
query | string | Supported filters: last_seen |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_pod_enrichment(pod_id=id_list, filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadPodEnrichment(pod_id=id_list, filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadPodEnrichment", pod_id=id_list, filter="string")
print(response)
Retrieve count of distinct images running on containers
read_distinct_image_count
Method | Route |
---|---|
/container-security/aggregates/images/count-by-distinct/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_distinct_image_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDistinctContainerImageCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDistinctContainerImageCount", filter="string")
print(response)
Bucket container by image-digest
read_images_by_most_used
Method | Route |
---|---|
/container-security/aggregates/images/most-used/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_images_by_most_used(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImagesByMostUsed(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImagesByMostUsed", filter="string")
print(response)
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.
read_iom_count_by_date_range
Method | Route |
---|---|
/container-security/aggregates/kubernetes-ioms/count-by-date/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_iom_count_by_date_range(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadKubernetesIomByDateRange(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadKubernetesIomByDateRange", filter="string")
print(response)
Returns the total count of Kubernetes IOMs over the past seven days
read_iom_count
Method | Route |
---|---|
/container-security/aggregates/kubernetes-ioms/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_iom_count(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadKubernetesIomCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadKubernetesIomCount", filter="string")
print(response)
Bucket nodes by cloud providers
read_node_counts_by_cloud
Method | Route |
---|---|
/container-security/aggregates/nodes/count-by-cloud/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts_by_cloud(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByCloudCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByCloudCount", filter="string")
print(response)
Bucket nodes by their container engine version
read_nodes_by_container_engine_version
Method | Route |
---|---|
/container-security/aggregates/nodes/count-by-container-engine-version/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_nodes_by_container_engine_version(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByContainerEngineVersionCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByContainerEngineVersionCount", filter="string")
print(response)
Retrieve nodes by date range counts
read_node_counts_by_date_range
Method | Route |
---|---|
/container-security/aggregates/nodes/count-by-date/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts_by_date_range(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByDateRangeCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByDateRangeCount", filter="string")
print(response)
Retrieve node counts
read_node_counts
Method | Route |
---|---|
/container-security/aggregates/nodes/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodeCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodeCount", filter="string")
print(response)
Retrieve pods by date range counts
read_pod_counts_by_date_range
Method | Route |
---|---|
/container-security/aggregates/pods/count-by-date/v1 |
- Produces: application/json
No parameters
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pod_counts_by_date_range()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodsByDateRangeCount()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodsByDateRangeCount")
print(response)
Retrieve pod counts
read_pod_counts
Method | Route |
---|---|
/container-security/aggregates/pods/count/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pod_counts(filter="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodCount(filter="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodCount", filter="string")
print(response)
Retrieve kubernetes clusters identified by the provided filter criteria
read_clusters_combined
Method | Route |
---|---|
/container-security/combined/clusters/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,kubernetes_version,last_seen,management_status,node_count,pod_count,tags |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve images on running containers
read_running_images
Method | Route |
---|---|
/container-security/combined/container-images/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Retrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,running_status |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_running_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadRunningContainerImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response = falcon.command("ReadRunningContainerImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve containers identified by the provided filter criteria
read_containers_combined
Method | Route |
---|---|
/container-security/combined/containers/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve kubernetes deployments identified by the provided filter criteria
read_deployments_combined
Method | Route |
---|---|
/container-security/combined/deployments/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployments_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Search Kubernetes IOM by the provided search criteria
search_and_read_ioms
Method | Route |
---|---|
/container-security/combined/kubernetes-ioms/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | The fields to sort the records on. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_and_read_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchAndReadKubernetesIomEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchAndReadKubernetesIomEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve kubernetes nodes identified by the provided filter criteria
read_nodes_combined
Method | Route |
---|---|
/container-security/combined/nodes/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,pod_count |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_nodes_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodeCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodeCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve kubernetes pods identified by the provided filter criteria
read_pods_combined
Method | Route |
---|---|
/container-security/combined/pods/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | Field to sort results by |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pods_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Retrieve Kubernetes IOM entities identified by the provided IDs
read_iom_entities
Method | Route |
---|---|
/container-security/entities/kubernetes-ioms/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | array (string) | Search Kubernetes IOMs by ids - The maximum amount is 100 IDs |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.read_iom_entities(ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadKubernetesIomEntities(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadKubernetesIomEntities", ids=id_list)
print(response)
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
search_ioms
Method | Route |
---|---|
/container-security/queries/kubernetes-ioms/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter |
|
|
query | string | Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity |
limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
offset |
|
|
query | integer | The offset from where to begin. |
sort |
|
|
query | string | The fields to sort the records on. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchKubernetesIoms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response = falcon.command("SearchKubernetesIoms",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Provides a list of AWS accounts.
get_aws_accounts
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS Account ID(s). |
is_horizon_account |
|
|
query | string | Filter by whether an account originates from Horizon or not. Allowed values: False or True |
limit |
|
|
query | integer | Maximum number of records to return. |
offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
status |
|
|
query | string | Filter by account status. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccountsMixin0(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccountsMixin0",
status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_account="string"
)
print(response)
Back to Table of Contents
Creates a new AWS account in our system for a customer and generates the installation script
create_aws_account
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
account_id |
|
|
body | string | Account ID. |
region |
|
|
body | string | Cloud region. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string", region="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAWSAccount(account_id="string", region="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"region": "string"
}
]
}
response = falcon.command("CreateAWSAccount", body=BODY)
print(response)
Back to Table of Contents
Delete AWS accounts.
delete_aws_accounts
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS Account ID(s) to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccountsMixin0(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)
print(response)
Back to Table of Contents
Updates the AWS account per the query parameters provided
update_aws_account
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/aws/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | AWS Account ID(s) to update. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
region |
|
|
query | string | Default region for account automation. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_aws_account(region="string", ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateAWSAccount(region="string", ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)
print(response)
Back to Table of Contents
Provides the azure subscriptions registered to Kubernetes Protection.
list_azure_accounts
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/azure/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Azure Tenant ID(s). |
subscription_id |
|
|
query | string or list of strings | Azure Subscription ID(s). |
is_horizon_account |
|
|
query | boolean | Flag indicating if we should filter by accounts originating from Horizon. |
limit |
|
|
query | integer | Maximum number of records to return. |
offset |
|
|
query | integer | Starting index of overall result set from which to return ids. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
status |
|
|
query | string | Filter by account status (operational or provisioned ). |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.list_azure_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.ListAzureAccounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.command("ListAzureAccounts",
status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_account=boolean
)
print(response)
Back to Table of Contents
Creates a new Azure Subscription in our system
create_azure_subscription
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/azure/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
|
body | dictionary | Full body payload in JSON format. |
subscription_id |
|
|
body | string | Azure Subscription ID. |
tenant_id |
|
|
body | string | Azure Tenant ID. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response = falcon.command("CreateAzureSubscription", body=BODY)
print(response)
Back to Table of Contents
Delete an Azure Subscription from the system.
delete_azure_subscription
Method | Route |
---|---|
/kubernetes-protection/entities/accounts/azure/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Azure Subscription ID(s) to delete. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_subscription(ids=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAzureSubscription(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAzureSubscription", ids=id_list)
print(response)
Back to Table of Contents
Provides the cloud locations acknowledged by the Kubernetes Protection service
get_locations
Method | Route |
---|---|
/kubernetes-protection/entities/cloud-locations/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
clouds |
|
|
query | string or list of strings | Cloud provider. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.get_locations(clouds=id_list)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.GetLocations(clouds=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.command("GetLocations", clouds=id_list)
print(response)
Back to Table of Contents
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
get_cloud_clusters
Method | Route |
---|---|
/kubernetes-protection/entities/cloud_cluster/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cluster_service |
|
|
query | string or list of strings | Cluster Service. |
cluster_status |
|
|
query | string or list of strings | Cluster Status. |
ids |
|
|
query | string or list of strings | Cloud Account IDs. |
locations |
|
|
query | string or list of strings | Cloud location. |
limit |
|
|
query | integer | Limit returned results. |
offset |
|
|
query | integer | Pagination offset. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters",
cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Returns the Azure tenant config.
get_azure_tenant_config
Method | Route |
---|---|
/kubernetes-protection/entities/config/azure/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Cloud Account IDs. |
limit |
|
|
query | integer | Limit returned results. |
offset |
|
|
query | integer | Pagination offset. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_tenant_config(ids=id_list,
limit=integer,
offset=integer
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureTenantConfig(ids=id_list,
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureTenantConfig",
ids=id_list,
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Get static bash scripts that are used during registration.
get_static_scripts
Method | Route |
---|---|
/kubernetes-protection/entities/gen/scripts/v1 |
- Consumes: application/json
- Produces: application/octet-stream
No keywords or arguments accepted.
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_static_scripts()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetStaticScripts()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetStaticScripts")
print(response)
Back to Table of Contents
Provides all the azure subscriptions and tenants IDs.
get_azure_tenant_ids
Method | Route |
---|---|
/kubernetes-protection/entities/tenants/azure/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids |
|
|
query | string or list of strings | Cloud Account IDs. |
status |
|
|
query | string | Cluster status. (Not Installed , Running , Stopped ) |
limit |
|
|
query | integer | Limit returned results. |
offset |
|
|
query | integer | Pagination offset. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_tenant_ids(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureTenantIDs(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureTenantIDs",
ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
Provide the script to run for a given tenant id and subscription IDs.
get_azure_install_script
Method | Route |
---|---|
/kubernetes-protection/entities/user-script/azure/v1 |
- Consumes: application/json
- Produces: application/octet-stream
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Azure Tenant ID. |
subscription_id |
|
|
query | string or list of strings | Azure Subscription IDs. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_install_script(id="string",
subscription_id=id_list,
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureInstallScript(id="string",
subscription_id=id_list
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureInstallScript",
id="string",
subscription_id=id_list
)
print(response)
Back to Table of Contents
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
get_helm_values_yaml
Method | Route |
---|---|
/kubernetes-protection/entities/integration/agent/v1 |
- Consumes: application/json
- Produces: application/yaml
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cluster_name |
|
|
query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. |
is_self_managed_cluster |
|
|
query | boolean | Set to True if the cluster is not managed by a cloud provider, and False if it is. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHelmValuesYaml",
cluster_name="string",
is_self_managed_cluster=boolean
)
print(response)
Back to Table of Contents
Regenerate API key for docker registry integrations.
regenerate
Method | Route |
---|---|
/kubernetes-protection/entities/integration/api-key/v1 |
- Consumes: application/json
- Produces: application/json
No keywords are arguments are required.
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.regenerate()
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegenerateAPIKey()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RegenerateAPIKey")
print(response)
Back to Table of Contents
Provides the clusters acknowledged by the Kubernetes Protection service
get_clusters
Method | Route |
---|---|
/kubernetes-protection/entities/kubernetes/clusters/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
cluster_name |
|
|
query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. |
account_ids |
|
|
query | string or list of strings | Cluster account ID. For EKS this will be the AWS account ID. |
locations |
|
|
query | string or list of strings | Cloud location. |
cluster_service |
|
|
query | string | Cluster service. |
limit |
|
|
query | integer | Maximum number of results to return. |
offset |
|
|
query | integer | Starting offset to begin returning results. |
status |
|
|
query | string or list of strings | Cluster status. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.get_clusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.GetClusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.command("GetClusters",
cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Back to Table of Contents
Triggers a dry run or a full scan of a customer's kubernetes footprint.
trigger_scan
Method | Route |
---|---|
/kubernetes-protection/entities/scan/trigger/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
scan_type |
|
|
query | string | Type of scan to perform, cluster-refresh , dry-run or full . Defaults to dry-run . |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.trigger_scan(scan_type="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.TriggerScan(scan_type="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("TriggerScan", scan_type="string")
print(response)
Back to Table of Contents
Adds the client ID for the given tenant ID to our system.
update_azure_service_principal or patch_azure_service_principal
Method | Route |
---|---|
/kubernetes-protection/entities/service-principal/azure/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Azure Tenant ID. |
client_id |
|
|
query | string | Azure Client ID. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_service_principal(id="string", client_id="string")
print(response)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")
print(response)
Back to Table of Contents
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust