Container Images
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Image assessment history | ||||
|
Aggregate count of images grouped by Base OS distribution | ||||
|
Aggregate count of images grouped by state | ||||
|
Aggregate count of images | ||||
|
Get image assessment results by providing an FQL filter and paging details | ||||
|
Retrieve top x images with the most vulnerabilities | ||||
|
Retrieve image entities identified by the provided filter criteria | ||||
|
Retrieve images with an option to expand aggregated vulnerabilities/detections | ||||
|
Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities | ||||
|
aggregates information about vulnerabilities for an image | ||||
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Image assessment history
aggregate_assessment_history
| Method | Route |
|---|---|
 |
/container-security/aggregates/images/assessment-history/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
 |
|
query | string | Filter using a query in Falcon Query Language (FQL). Supported filters: cid,registry,repository |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_assessment_history(filter="string")
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageAssessmentHistory(filter="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageAssessmentHistory", filter="string")
print(response)Aggregate count of images grouped by Base OS distribution
aggregate_count_by_base_os
| Method | Route |
|---|---|
|
/container-security/aggregates/images/count-by-os-distribution/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count_by_base_os(filter="string")
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCountByBaseOS(filter="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCountByBaseOS", filter="string")
print(response)Aggregate count of images grouped by state
aggregate_count_by_state
| Method | Route |
|---|---|
|
/container-security/aggregates/images/count-by-state/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen,registry,repository |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count_by_state(filter="string")
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCountByState(filter="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCountByState", filter="string")
print(response)Aggregate count of images
aggregate_count
| Method | Route |
|---|---|
|
/container-security/aggregates/images/count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_count(filter="string")
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.AggregateImageCount(filter="string")
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("AggregateImageCount", filter="string")
print(response)Get image assessment results by providing an FQL filter and paging details
get_combined_images
| Method | Route |
|---|---|
|
/container-security/combined/image-assessment/images/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve [1-100] |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort |
|
|
query | string | The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository tag] |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCombinedImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCombinedImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)Retrieve top x images with the most vulnerabilities
get_combined_images_by_vulnerability_count
| Method | Route |
|---|---|
|
/container-security/combined/images/by-vulnerability-count/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_images_by_vulnerability_count(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageByVulnerabilityCount(filter="string",
limit=integer,
offset=integer
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageByVulnerabilityCount",
filter="string",
limit=integer,
offset=integer
)
print(response)Retrieve image entities identified by the provided filter criteria
get_combined_detail
| Method | Route |
|---|---|
|
/container-security/combined/images/detail/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag |
| with_config |
|
|
query | boolean | (true/false) include image config, default is false |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort |
|
|
query | string | The fields to sort the records on. |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_detail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageDetail(filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageDetail",
filter="string",
with_config=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)Retrieve images with an option to expand aggregated vulnerabilities/detections
read_combined_export
| Method | Route |
|---|---|
|
/container-security/combined/images/export/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |
|
|
query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity |
| expand_vulnerabilities |
|
|
query | boolean | expand vulnerabilities |
| expand_detections |
|
|
query | boolean | expand detections |
| limit |
|
|
query | integer | The upper-bound on the number of records to retrieve. |
| offset |
|
|
query | integer | The offset from where to begin. |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| sort |
|
|
query | string | The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_cps_current_rating highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository tag vulnerabilities] |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_combined_export(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadCombinedImagesExport(filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadCombinedImagesExport",
filter="string",
expand_vulnerabilities=boolean,
expand_detections=boolean,
limit=integer,
offset=integer,
sort="string"
)
print(response)Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities
get_combined_issues_summary
| Method | Route |
|---|---|
|
/container-security/combined/images/issues-summary/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cid |
|
|
query | string | CID |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| registry |
|
|
query | string | registry name |
| repository |
|
|
query | string | repository name |
| tag |
|
|
query | string | tag name |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_issues_summary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageIssuesSummary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageIssuesSummary",
cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)aggregates information about vulnerabilities for an image
get_combined_vulnerabilities_summary
| Method | Route |
|---|---|
|
/container-security/combined/images/vulnerabilities-summary/v1 |
- Produces: application/json
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cid |
|
|
query | string | CID |
| parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
| registry |
|
|
query | string | registry name |
| repository |
|
|
query | string | repository name |
| tag |
|
|
query | string | tag name |
from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_combined_vulnerabilities_summary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)from falconpy import ContainerImages
# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CombinedImageVulnerabilitySummary(cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("CombinedImageVulnerabilitySummary",
cid="string",
registry="string",
repository="string",
tag="string"
)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
