Skip to content

Kubernetes Protection

Joshua Hiller edited this page Sep 16, 2023 · 20 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Kubernetes Protection service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
GetAWSAccountsMixin0
PEP 8 get_aws_accounts
Provides a list of AWS accounts.
CreateAWSAccount
PEP 8 create_aws_account
Creates a new AWS account in our system for a customer and generates the installation script.
DeleteAWSAccountsMixin0
PEP 8 delete_aws_accounts
Delete AWS accounts.
UpdateAWSAccount
PEP 8 update_aws_account
Updates the AWS account per the query parameters provided.
ListAzureAccounts
PEP 8 list_azure_accounts
Provides the azure subscriptions registered to Kubernetes Protection.
CreateAzureSubscription
PEP 8 create_azure_subscription
Create Azure Subscriptions.
DeleteAzureSubscription
PEP 8 delete_azure_subscription
Delete Azure Subscriptions.
GetLocations
PEP 8 get_locations
Provides the cloud locations acknowledged by the Kubernetes Protection service.
GetCombinedCloudClusters
PEP 8 get_cloud_clusters
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
GetAzureTenantConfig
PEP 8 get_azure_tenant_config
Returns the Azure tenant config.
GetStaticScripts
PEP 8 get_static_scripts
Gets static bash scripts that are used during registration.
GetAzureTenantIDs
PEP 8 get_azure_tenant_ids
Provides all the azure subscriptions and tenants.
GetAzureInstallScript
PEP 8 get_azure_install_script
Provides the script to run for a given tenant id and subscription IDs.
GetHelmValuesYaml
PEP 8 get_helm_values_yaml
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart.
RegenerateAPIKey
PEP 8 regenerate
Regenerate API key for docker registry integrations.
GetClusters
PEP 8 get_clusters
Provides the clusters acknowledged by the Kubernetes Protection service.
TriggerScan
PEP 8 trigger_scan
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PatchAzureServicePrincipal
PEP 8 update_azure_service_principal
Adds the client ID for the given tenant ID to our system.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetAWSAccountsMixin0

Provides a list of AWS accounts.

PEP8 method name

get_aws_accounts

Endpoint

Method Route
GET /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s).
is_horizon_account
Service Class Support

Uber Class Support
query string Filter by whether an account originates from Horizon or not. Allowed values: False or True
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
query string Filter by account status.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_aws_accounts(status="string",
                                   limit=integer,
                                   offset=integer,
                                   ids=id_list,
                                   is_horizon_account="string"
                                   )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAWSAccountsMixin0(status="string",
                                       limit=integer,
                                       offset=integer,
                                       ids=id_list,
                                       is_horizon_account="string"
                                       )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAWSAccountsMixin0",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          is_horizon_account="string"
                          )


print(response)

Back to Table of Contents

CreateAWSAccount

Creates a new AWS account in our system for a customer and generates the installation script

PEP8 method name

create_aws_account

Endpoint

Method Route
POST /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
account_id
Service Class Support

Uber Class Support
body string Account ID.
region
Service Class Support

Uber Class Support
body string Cloud region.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_aws_account(account_id="string", region="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAWSAccount(account_id="string", region="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "account_id": "string",
            "region": "string"
        }
    ]
}

response = falcon.command("CreateAWSAccount", body=BODY)

print(response)

Back to Table of Contents

DeleteAWSAccountsMixin0

Delete AWS accounts.

PEP8 method name

delete_aws_accounts

Endpoint

Method Route
DELETE /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s) to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_aws_accounts(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAWSAccountsMixin0(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)

print(response)

Back to Table of Contents

UpdateAWSAccount

Updates the AWS account per the query parameters provided

PEP8 method name

update_aws_account

Endpoint

Method Route
PATCH /kubernetes-protection/entities/accounts/aws/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings AWS Account ID(s) to update.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
region
Service Class Support

Uber Class Support
query string Default region for account automation.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_aws_account(region="string", ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.UpdateAWSAccount(region="string", ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)

print(response)

Back to Table of Contents

ListAzureAccounts

Provides the azure subscriptions registered to Kubernetes Protection.

PEP8 method name

list_azure_accounts

Endpoint

Method Route
GET /kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Azure Tenant ID(s).
subscription_id
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription ID(s).
is_horizon_account
Service Class Support

Uber Class Support
query boolean Flag indicating if we should filter by accounts originating from Horizon.
limit
Service Class Support

Uber Class Support
query integer Maximum number of records to return.
offset
Service Class Support

Uber Class Support
query integer Starting index of overall result set from which to return ids.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
status
Service Class Support

Uber Class Support
query string Filter by account status (operational or provisioned).

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.list_azure_accounts(status="string",
                                      limit=integer,
                                      offset=integer,
                                      ids=id_list,
                                      subscription_id=sub_list,
                                      is_horizon_account=boolean
                                      )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.ListAzureAccounts(status="string",
                                    limit=integer,
                                    offset=integer,
                                    ids=id_list,
                                    subscription_id=sub_list,
                                    is_horizon_account=boolean
                                    )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

sub_list = 'SUB1,SUB2,SUB3'  # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']

response = falcon.command("ListAzureAccounts",
                          status="string",
                          limit=integer,
                          offset=integer,
                          ids=id_list,
                          subscription_id=sub_list,
                          is_horizon_account=boolean
                          )

print(response)

Back to Table of Contents

CreateAzureSubscription

Creates a new Azure Subscription in our system

PEP8 method name

create_azure_subscription

Endpoint

Method Route
POST /kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body
Service Class Support

Uber Class Support
body dictionary Full body payload in JSON format.
subscription_id
Service Class Support

Uber Class Support
body string Azure Subscription ID.
tenant_id
Service Class Support

Uber Class Support
body string Azure Tenant ID.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

BODY = {
    "resources": [
        {
            "subscription_id": "string",
            "tenant_id": "string"
        }
    ]
}

response = falcon.command("CreateAzureSubscription", body=BODY)

print(response)

Back to Table of Contents

DeleteAzureSubscription

Delete an Azure Subscription from the system.

PEP8 method name

delete_azure_subscription

Endpoint

Method Route
DELETE /kubernetes-protection/entities/accounts/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription ID(s) to delete.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.delete_azure_subscription(ids=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.DeleteAzureSubscription(ids=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteAzureSubscription", ids=id_list)

print(response)

Back to Table of Contents

GetLocations

Provides the cloud locations acknowledged by the Kubernetes Protection service

PEP8 method name

get_locations

Endpoint

Method Route
GET /kubernetes-protection/entities/cloud-locations/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
clouds
Service Class Support

Uber Class Support
query string or list of strings Cloud provider.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.get_locations(clouds=id_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.GetLocations(clouds=id_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'aws,azure,gcp'  # Can also pass a list here: ['aws', 'azure', 'gcp']

response = falcon.command("GetLocations", clouds=id_list)

print(response)

Back to Table of Contents

GetCombinedCloudClusters

Returns a combined list of provisioned cloud accounts and known kubernetes clusters.

PEP8 method name

get_cloud_clusters

Endpoint

Method Route
GET /kubernetes-protection/entities/cloud_cluster/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cluster_service
Service Class Support

Uber Class Support
query string or list of strings Cluster Service.
cluster_status
Service Class Support

Uber Class Support
query string or list of strings Cluster Status.
ids
Service Class Support

Uber Class Support
query string or list of strings Cloud Account IDs.
locations
Service Class Support

Uber Class Support
query string or list of strings Cloud location.
limit
Service Class Support

Uber Class Support
query integer Limit returned results.
offset
Service Class Support

Uber Class Support
query integer Pagination offset.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
                                     cluster_status="string or list of strings",
                                     ids="string or list of strings",
                                     locations="string or list of strings",
                                     limit=integer,
                                     offset=integer
                                     )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
                                           cluster_status="string or list of strings",
                                           ids="string or list of strings",
                                           locations="string or list of strings",
                                           limit=integer,
                                           offset=integer
                                           )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters", 
                          cluster_service="string or list of strings",
                          cluster_status="string or list of strings",
                          ids="string or list of strings",
                          locations="string or list of strings",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureTenantConfig

Returns the Azure tenant config.

PEP8 method name

get_azure_tenant_config

Endpoint

Method Route
GET /kubernetes-protection/entities/config/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Cloud Account IDs.
limit
Service Class Support

Uber Class Support
query integer Limit returned results.
offset
Service Class Support

Uber Class Support
query integer Pagination offset.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_config(ids=id_list,
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantConfig(ids=id_list,
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantConfig", 
                          ids=id_list,
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetStaticScripts

Get static bash scripts that are used during registration.

PEP8 method name

get_static_scripts

Endpoint

Method Route
GET /kubernetes-protection/entities/gen/scripts/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_static_scripts()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetStaticScripts()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetStaticScripts")

print(response)

Back to Table of Contents

GetAzureTenantIDs

Provides all the azure subscriptions and tenants IDs.

PEP8 method name

get_azure_tenant_ids

Endpoint

Method Route
GET /kubernetes-protection/entities/tenants/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support

Uber Class Support
query string or list of strings Cloud Account IDs.
status
Service Class Support

Uber Class Support
query string Cluster status. (Not Installed, Running, Stopped)
limit
Service Class Support

Uber Class Support
query integer Limit returned results.
offset
Service Class Support

Uber Class Support
query integer Pagination offset.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_tenant_ids(ids=id_list,
                                       status="string",
                                       limit=integer,
                                       offset=integer
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureTenantIDs(ids=id_list,
                                    status="string",
                                    limit=integer,
                                    offset=integer
                                    )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureTenantIDs", 
                          ids=id_list,
                          status="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

GetAzureInstallScript

Provide the script to run for a given tenant id and subscription IDs.

PEP8 method name

get_azure_install_script

Endpoint

Method Route
GET /kubernetes-protection/entities/user-script/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/octet-stream

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Azure Tenant ID.
subscription_id
Service Class Support

Uber Class Support
query string or list of strings Azure Subscription IDs.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format. Not required when using other keywords.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_azure_install_script(id="string",
                                           subscription_id=id_list,
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.GetAzureInstallScript(id="string",
                                        subscription_id=id_list
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = "ID1,ID2,ID3"  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("GetAzureInstallScript", 
                          id="string",
                          subscription_id=id_list
                          )
print(response)

Back to Table of Contents

GetHelmValuesYaml

Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart

PEP8 method name

get_helm_values_yaml

Endpoint

Method Route
GET /kubernetes-protection/entities/integration/agent/v1

Content-Type

  • Consumes: application/json
  • Produces: application/yaml

Keyword Arguments

Name Service Uber Type Data type Description
cluster_name
Service Class Support

Uber Class Support
query string or list of strings Cluster name. For EKS this will be the cluster ARN.
is_self_managed_cluster
Service Class Support

Uber Class Support
query boolean Set to True if the cluster is not managed by a cloud provider, and False if it is.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetHelmValuesYaml",
                          cluster_name="string",
                          is_self_managed_cluster=boolean
                          )

print(response)

Back to Table of Contents

RegenerateAPIKey

Regenerate API key for docker registry integrations.

PEP8 method name

regenerate

Endpoint

Method Route
POST /kubernetes-protection/entities/integration/api-key/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

No keywords are arguments are required.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.regenerate()

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.RegenerateAPIKey()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("RegenerateAPIKey")

print(response)

Back to Table of Contents

GetClusters

Provides the clusters acknowledged by the Kubernetes Protection service

PEP8 method name

get_clusters

Endpoint

Method Route
GET /kubernetes-protection/entities/kubernetes/clusters/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
cluster_name
Service Class Support

Uber Class Support
query string or list of strings Cluster name. For EKS this will be the cluster ARN.
account_ids
Service Class Support

Uber Class Support
query string or list of strings Cluster account ID. For EKS this will be the AWS account ID.
locations
Service Class Support

Uber Class Support
query string or list of strings Cloud location.
cluster_service
Service Class Support

Uber Class Support
query string Cluster service.
limit
Service Class Support

Uber Class Support
query integer Maximum number of results to return.
offset
Service Class Support

Uber Class Support
query integer Starting offset to begin returning results.
status
Service Class Support

Uber Class Support
query string or list of strings Cluster status.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.get_clusters(cluster_names=clusters,
                               account_ids=accounts,
                               locations=locations,
                               cluster_service="string",
                               limit=integer,
                               offset=integer,
                               status=status_types
                               )

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.GetClusters(cluster_names=clusters,
                              account_ids=accounts,
                              locations=locations,
                              cluster_service="string",
                              limit=integer,
                              offset=integer,
                              status=status_types
                              )

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

clusters = 'CLID1,CLID2,CLID3'  # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']

accounts = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

locations = 'LOC1,LOC2,LOC3'  # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']

status_types = 'STAT1,STAT2,STAT3'  # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']

response = falcon.command("GetClusters",
                          cluster_names=clusters,
                          account_ids=accounts,
                          locations=locations,
                          cluster_service="string",
                          limit=integer,
                          offset=integer,
                          status=status_types
                          )

print(response)

Back to Table of Contents

TriggerScan

Triggers a dry run or a full scan of a customer's kubernetes footprint.

PEP8 method name

trigger_scan

Endpoint

Method Route
POST /kubernetes-protection/entities/scan/trigger/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
scan_type
Service Class Support

Uber Class Support
query string Type of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.trigger_scan(scan_type="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.TriggerScan(scan_type="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("TriggerScan", scan_type="string")

print(response)

Back to Table of Contents

PatchAzureServicePrincipal

Adds the client ID for the given tenant ID to our system.

PEP8 method name

update_azure_service_principal or patch_azure_service_principal

Endpoint

Method Route
PATCH /kubernetes-protection/entities/service-principal/azure/v1

Content-Type

  • Consumes: application/json
  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Azure Tenant ID.
client_id
Service Class Support

Uber Class Support
query string Azure Client ID.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.update_azure_service_principal(id="string", client_id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection

# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )

response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")

print(response)

Back to Table of Contents

CrowdStrike Falcon

Clone this wiki locally