Skip to content

Container Packages

Jump to bottom
Joshua Hiller edited this page Jan 17, 2024 · 3 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Container Packages service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
ReadPackagesCountByZeroDay
PEP8 read_zero_day_counts
Retrieve packages count affected by zero day vulnerabilities
ReadPackagesByFixableVulnCount
PEP8 read_fixable_vuln_count
Retrieve top x app packages with the most fixable vulnerabilities
ReadPackagesByVulnCount
PEP8 read_vuln_count
Retrieve top x packages with the most vulnerabilities
ReadPackagesCombinedExport
PEP8 read_combined_export
Retrieve packages identified by the provided filter criteria for the purpose of export
ReadPackagesCombined
PEP8 read_combined
Retrieve packages identified by the provided filter criteria

ReadPackagesCountByZeroDay

Retrieve packages count affected by zero day vulnerabilities

PEP8 method name

read_zero_day_counts

Endpoint

Method Route
GET /container-security/aggregates/packages/count-by-zero-day/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid

Usage

Service class example (PEP8 syntax)
from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_zero_day_counts(filter="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCountByZeroDay(filter="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCountByZeroDay", filter="string")

print(response)

ReadPackagesByFixableVulnCount

Retrieve top x app packages with the most fixable vulnerabilities

PEP8 method name

read_fixable_vuln_count

Endpoint

Method Route
GET /container-security/combined/packages/app-by-fixable-vulnerability-count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit
Service Class Support
Uber Class Support
 query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support
Uber Class Support
 query integer The offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_fixable_vuln_count(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByFixableVulnCount(filter="string",
                                                 limit=integer,
                                                 offset=integer
                                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByFixableVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesByVulnCount

Retrieve top x packages with the most vulnerabilities

PEP8 method name

read_vuln_count

Endpoint

Method Route
GET /container-security/combined/packages/by-vulnerability-count/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
limit
Service Class Support
Uber Class Support
 query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support
Uber Class Support
 query integer The offset from where to begin.

Usage

Service class example (PEP8 syntax)
from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_vuln_count(filter="string",
                                  limit=integer,
                                  offset=integer
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesByVulnCount(filter="string",
                                          limit=integer,
                                          offset=integer
                                          )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesByVulnCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

ReadPackagesCombinedExport

Retrieve packages identified by the provided filter criteria for the purpose of export

PEP8 method name

read_combined_export

Endpoint

Method Route
GET /container-security/combined/packages/export/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected
Service Class Support
Uber Class Support
 query boolean (true/false) load zero day affected packages, default is false
limit
Service Class Support
Uber Class Support
 query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support
Uber Class Support
 query integer The offset from where to begin.
sort
Service Class Support
Uber Class Support
 query string The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)
from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined_export(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombinedExport(filter="string",
                                             only_zero_day_affected=boolean,
                                             limit=integer,
                                             offset=integer,
                                             sort="string"
                                             )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombinedExport",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadPackagesCombined

Retrieve packages identified by the provided filter criteria

PEP8 method name

read_combined

Endpoint

Method Route
GET /container-security/combined/packages/v1

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string Filter packages using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,cveid,fix_status,image_digest,license,package_name_version,severity,type,vulnerability_count
only_zero_day_affected
Service Class Support
Uber Class Support
 query boolean (true/false) load zero day affected packages, default is false
limit
Service Class Support
Uber Class Support
 query integer The upper-bound on the number of records to retrieve.
offset
Service Class Support
Uber Class Support
 query integer The offset from where to begin.
sort
Service Class Support
Uber Class Support
 query string The fields to sort the records on. Supported columns: [license package_name_version type]

Usage

Service class example (PEP8 syntax)
from falconpy.container_packages import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.read_combined(filter="string",
                                only_zero_day_affected=boolean,
                                limit=integer,
                                offset=integer,
                                sort="string"
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import ContainerPackages

falcon = ContainerPackages(client_id=CLIENT_ID,
                           client_secret=CLIENT_SECRET
                           )

response = falcon.ReadPackagesCombined(filter="string",
                                       only_zero_day_affected=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPackagesCombined",
                          filter="string",
                          only_zero_day_affected=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

CrowdStrike Falcon

Clone this wiki locally