CrowdStrike Falcon CrowdStrike Subreddit

Using the Serverless Vulnerabilities service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation IDDescription
GetCombinedVulnerabilitiesSARIF
PEP8get_vulnerabilities
Retrieve all lambda vulnerabilities that match the given query and return in the SARIF format.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCombinedVulnerabilitiesSARIF

Retrieve all lambda vulnerabilities that match the given query and return in the SARIF format.

PEP8 method name

get_vulnerabilities

Endpoint

MethodRoute
GET/lambdas/combined/vulnerabilities/sarif/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

NameServiceUberTypeData typeDescription
filterService Class SupportUber Class SupportquerystringFilter lambda vulnerabilities using a query in Falcon Query Language (FQL).Supported filters: application_name,application_name_version,cid,cloud_account_id,cloud_account_name,cloud_provider,cve_id,cvss_base_score,exprt_rating,first_seen_timestamp,function_name,function_resource_id,is_supported,is_valid_asset_id,layer,region,runtime,severity,timestamp,type
limitService Class SupportUber Class SupportqueryintegerThe upper-bound on the number of records to retrieve.
offsetService Class SupportUber Class SupportqueryintegerThe offset from where to begin.
parametersService Class SupportUber Class SupportquerydictionaryFull query string parameters payload in JSON format.
sortService Class SupportUber Class SupportquerystringThe fields to sort the records on. Supported columns: [application_name application_name_version cid cloud_account_id cloud_account_name cloud_provider cve_id cvss_base_score exprt_rating first_seen_timestamp function_resource_id is_supported layer region runtime severity timestamp type]

Usage

Service class example (PEP8 syntax)
from falconpy import ServerlessVulnerabilities

falcon = ServerlessVulnerabilities(client_id=CLIENT_ID,
                                   client_secret=CLIENT_SECRET
                                   )

response = falcon.get_vulnerabilities(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import ServerlessVulnerabilities

falcon = ServerlessVulnerabilities(client_id=CLIENT_ID,
                                   client_secret=CLIENT_SECRET
                                   )

response = falcon.GetCombinedVulnerabilitiesSARIF(filter="string",
                                                  limit=integer,
                                                  offset=integer,
                                                  sort="string"
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedVulnerabilitiesSARIF",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)