Container Images

Using the Container Images service collection

Uber class support Service class support Documentation Version Page Updated

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCount(filter="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCount", filter="string")

print(response)

GetCombinedImages

Get image assessment results by providing an FQL filter and paging details

PEP8 method name

get_combined_images

Endpoint

Method	Route
	`/container-security/combined/image-assessment/images/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, registry, repository, tag, vulnerability_severity
limit	query	integer	The upper-bound on the number of records to retrieve [1-100]
offset	query	integer	The offset from where to begin.
sort	query	string	The fields to sort the records on. Supported columns: [first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id registry repository tag]

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_images(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCombinedImages(filter="string",
                                    limit=integer,
                                    offset=integer,
                                    sort="string"
                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedImages",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

CombinedImageByVulnerabilityCount

Retrieve top x images with the most vulnerabilities

PEP8 method name

get_combined_images_by_vulnerability_count

Endpoint

Method	Route
	`/container-security/combined/images/by-vulnerability-count/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,registry,repository,tag
limit	query	integer	The upper-bound on the number of records to retrieve.
offset	query	integer	This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets.

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_images_by_vulnerability_count(filter="string",
                                                             limit=integer,
                                                             offset=integer
                                                             )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageByVulnerabilityCount(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageByVulnerabilityCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

CombinedImageDetail

Retrieve image entities identified by the provided filter criteria

PEP8 method name

get_combined_detail

Endpoint

Method	Route
	`/container-security/combined/images/detail/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: registry,repository,tag
with_config	query	boolean	(true/false) include image config, default is false
limit	query	integer	The upper-bound on the number of records to retrieve.
offset	query	integer	The offset from where to begin.
sort	query	string	The fields to sort the records on.

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_detail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageDetail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageDetail",
                          filter="string",
                          with_config=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

ReadCombinedImagesExport

Retrieve images with an option to expand aggregated vulnerabilities/detections

PEP8 method name

read_combined_export

Endpoint

Method	Route
	`/container-security/combined/images/export/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
filter	query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch,base_os,cid,container_id,container_running_status,cps_rating,crowdstrike_user,cve_id,detection_count,detection_name,detection_severity,first_seen,image_digest,image_id,layer_digest,package_name_version,registry,repository,tag,vulnerability_count,vulnerability_severity
expand_vulnerabilities	query	boolean	expand vulnerabilities
expand_detections	query	boolean	expand detections
limit	query	integer	The upper-bound on the number of records to retrieve.
offset	query	integer	The offset from where to begin.
sort	query	string	The fields to sort the records on. Supported columns: [base_os cid containers detections firstScanned first_seen highest_detection_severity highest_vulnerability_severity image_digest image_id last_seen layers_with_vulnerabilities packages registry repository tag vulnerabilities]

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_combined_export(filter="string",
                                       expand_vulnerabilities=boolean,
                                       expand_detections=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadCombinedImagesExport(filter="string",
                                           expand_vulnerabilities=boolean,
                                           expand_detections=boolean,
                                           limit=integer,
                                           offset=integer,
                                           sort="string"
                                           )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedImagesExport",
                          filter="string",
                          expand_vulnerabilities=boolean,
                          expand_detections=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

CombinedImageIssuesSummary

Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities

PEP8 method name

get_combined_issues_summary

Endpoint

Method	Route
	`/container-security/combined/images/issues-summary/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
cid	query	string	CID
registry	query	string	registry name
repository	query	string	repository name
tag	query	string	tag name

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_issues_summary(cid="string",
                                              registry="string",
                                              repository="string",
                                              tag="string"
                                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageIssuesSummary(cid="string",
                                             registry="string",
                                             repository="string",
                                             tag="string"
                                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageIssuesSummary",
                          cid="string",
                          registry="string",
                          repository="string",
                          tag="string"
                          )
print(response)

CombinedImageVulnerabilitySummary

aggregates information about vulnerabilities for an image

PEP8 method name

get_combined_vulnerabilities_summary

Endpoint

Method	Route
	`/container-security/combined/images/vulnerabilities-summary/v1`

Content-Type

Produces: application/json

Keyword Arguments

Name	Type	Data type	Description
cid	query	string	CID
registry	query	string	registry name
repository	query	string	repository name
tag	query	string	tag name

Usage

Service class example (PEP8 syntax)

from falconpy.container_images import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_vulnerabilities_summary(cid="string",
                                                       registry="string",
                                                       repository="string",
                                                       tag="string"
                                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageVulnerabilitySummary(cid="string",
                                                    registry="string",
                                                    repository="string",
                                                    tag="string"
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageVulnerabilitySummary",
                          cid="string",
                          registry="string",
                          repository="string",
                          tag="string"
                          )
print(response)

Home
Discussions Board
Glossary of Terms
Installation, Upgrades and Removal
Samples Collection
Using FalconPy
API Operations
Service Collections
Documentation Support
- Report broken link
- Report documentation error
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust

CrowdStrike Falcon

Container Images

Using the Container Images service collection

Table of Contents

AggregateImageAssessmentHistory

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

AggregateImageCountByBaseOS

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

AggregateImageCountByState

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

AggregateImageCount

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

GetCombinedImages

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

CombinedImageByVulnerabilityCount

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

CombinedImageDetail

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

ReadCombinedImagesExport

PEP8 method name

Endpoint

Content-Type

Keyword Arguments

Usage

Service class example (PEP8 syntax)

Service class example (Operation ID syntax)

Uber class example

CombinedImageIssuesSummary

PEP8 method name

Endpoint

Content-Type

Keyword Arguments