Kubernetes Protection
| Operation ID | Description | ||||
|---|---|---|---|---|---|
|
Provides a list of AWS accounts. | ||||
|
Creates a new AWS account in our system for a customer and generates the installation script | ||||
|
Delete AWS accounts. | ||||
|
Updates the AWS account per the query parameters provided | ||||
|
Provides the cloud locations acknowledged by the Kubernetes Protection service | ||||
|
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart | ||||
|
Regenerate API key for docker registry integrations | ||||
|
Provides the clusters acknowledged by the Kubernetes Protection service | ||||
|
Triggers a dry run or a full scan of a customer's kubernetes footprint | ||||
Provides a list of AWS accounts.
get_aws_accounts
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ids | query | array (string) | AWS Account IDs | |
| status | query | string | Filter by account status | |
| limit | query | integer | Limit returned accounts | |
| offset | query | integer | Offset returned accounts |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccountsMixin0(status="string",
limit=integer,
offset=integer,
ids=id_list
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"status": "string",
"limit": integer,
"offset": integer
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccountsMixin0", parameters=PARAMS, ids=id_list)
print(response)Creates a new AWS account in our system for a customer and generates the installation script
create_aws_account
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | body | body | string |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.create_aws_account(body=BODY)
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.CreateAWSAccount(body=BODY)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
BODY = {
"Body Payload": "See body description above"
}
response = falcon.command("CreateAWSAccount", body=BODY)
print(response)Delete AWS accounts.
delete_aws_accounts
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | AWS Account IDs |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccountsMixin0(ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)
print(response)Updates the AWS account per the query parameters provided
update_aws_account
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | ids | query | array (string) | AWS Account ID |
| region | query | string | Default Region for Account Automation |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_aws_account(region="string", ids=id_list)
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateAWSAccount(region="string", ids=id_list)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"region": "string"
}
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateAWSAccount", parameters=PARAMS, ids=id_list)
print(response)Provides the cloud locations acknowledged by the Kubernetes Protection service
get_locations
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| clouds | query | array (string) | Cloud Provider |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_locations(clouds=["string", "string"])
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetLocations(clouds=["string", "string"])
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"clouds": [
"string",
"string"
]
}
response = falcon.command("GetLocations", parameters=PARAMS)
print(response)Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
get_helm_values_yaml
- Consumes: application/json
- Produces: application/yaml
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | cluster_name | query | string | Cluster name. For EKS it will be cluster ARN. |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_helm_values_yaml(cluster_name="string")
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetHelmValuesYaml(cluster_name="string")
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"cluster_name": "string"
}
response = falcon.command("GetHelmValuesYaml", parameters=PARAMS)
print(response)Regenerate API key for docker registry integrations
regenerate
- Consumes: application/json
- Produces: application/json
No parameters
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.regenerate()
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.RegenerateAPIKey()
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.command("RegenerateAPIKey")
print(response)Provides the clusters acknowledged by the Kubernetes Protection service
get_clusters
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| cluster_names | query | array (string) | Cluster name. For EKS it will be cluster ARN. | |
| account_ids | query | array (string) | Cluster Account id. For EKS it will be AWS account ID. | |
| locations | query | array (string) | Cloud location | |
| cluster_service | query | string | Cluster Service | |
| limit | query | integer | Limit returned accounts | |
| offset | query | integer | Offset returned accounts |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.get_clusters(cluster_names=["string", "string"],
account_ids=["string", "string"],
locations=["string", "string"],
cluster_service="string",
limit=integer,
offset=integer
)
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.GetClusters(cluster_names=["string", "string"],
account_ids=["string", "string"],
locations=["string", "string"],
cluster_service="string",
limit=integer,
offset=integer
)
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"cluster_names": [
"string",
"string"
],
"account_ids": [
"string",
"string"
],
"locations": [
"string",
"string"
],
"cluster_service": "string",
"limit": integer,
"offset": integer
}
response = falcon.command("GetClusters", parameters=PARAMS)
print(response)Triggers a dry run or a full scan of a customer's kubernetes footprint
trigger_scan
- Consumes: application/json
- Produces: application/json
| Required | Name | Type | Datatype | Description |
|---|---|---|---|---|
| ✅ | scan_type | query | string | Scan Type to do |
from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.trigger_scan(scan_type="string")
print(response)from falconpy.kubernetes_protection import KubernetesProtection
falcon = KubernetesProtection(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
response = falcon.TriggerScan(scan_type="string")
print(response)from falconpy.api_complete import APIHarness
falcon = APIHarness(client_id="API_CLIENT_ID_HERE",
client_secret="API_CLIENT_SECRET_HERE"
)
PARAMS = {
"scan_type": "string"
}
response = falcon.command("TriggerScan", parameters=PARAMS)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- CAO Hunting
- Certificate Based Exclusions
- Cloud AWS Registration
- Cloud Azure Registration
- Cloud OCI Registration
- Cloud Connect AWS (deprecated)
- Cloud Security Assets
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Image Compliance
- Container Images
- Container Packages
- Container Vulnerabilities
- Content Update Policies
- Correlation Rules
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner (deprecated)
- Delivery Settings
- Deployments
- Detects
- Device Content
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- FaaS Execution
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- Intelligence Feeds
- Intelligence Indicator Graph
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- NGSIEM
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Serverless Vulnerabilities
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust
