Using the Container Images service collection

Table of Contents

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

AggregateImageAssessmentHistory

Image assessment history

PEP8 method name

aggregate_assessment_history

Endpoint

Method	Route
	/container-security/aggregates/images/assessment-history/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter using a query in Falcon Query Language (FQL). Supported filters: cid, registry, and repository
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_assessment_history(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageAssessmentHistory(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageAssessmentHistory", filter="string")

print(response)

Back to Table of Contents

AggregateImageCountByBaseOS

Aggregate count of images grouped by Base OS distribution

PEP8 method name

aggregate_count_by_base_os

Endpoint

Method	Route
	/container-security/aggregates/images/count-by-os-distribution/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count_by_base_os(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCountByBaseOS(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCountByBaseOS", filter="string")

print(response)

Back to Table of Contents

AggregateImageCountByState

Aggregate count of images grouped by state

PEP8 method name

aggregate_count_by_state

Endpoint

Method	Route
	/container-security/aggregates/images/count-by-state/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count_by_state(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCountByState(filter="string")

print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCountByState", filter="string")

print(response)

Back to Table of Contents

AggregateImageCount

Aggregate count of images

PEP8 method name

aggregate_count

Endpoint

Method	Route
	/container-security/aggregates/images/count/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: ai_related, ai_vulnerability_count, arch, base_os, cid, container_id, container_running_status, cps_rating, crowdstrike_user, cve_id, detection_count, detection_name, detection_severity, first_seen, image_digest, image_id, include_base_image_vuln, index_digest, layer_digest, package_name_version, registry, repository, source, tag, vulnerability_count, and vulnerability_severity
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.aggregate_count(filter="string")

print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.AggregateImageCount(filter="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateImageCount", filter="string")

print(response)

Back to Table of Contents

CombinedBaseImages

Retrieve base images identified by the provided filter criteria

PEP8 method name

get_combined_base_images

Endpoint

Method	Route
	/container-security/combined/base-images/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: image_digest, image_id, registry, repository, and tag

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_base_images(filter="string")
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedBaseImages(filter="string")
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedBaseImages", filter="string")
print(response)

Back to Table of Contents

GetCombinedImages

Get image assessment results by providing an FQL filter and paging details

PEP8 method name

get_combined_images

Endpoint

Method	Route
	/container-security/combined/image-assessment/images/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: ai_related, container_id, container_running_status, cve_id, detection_name, detection_severity, first_seen, image_digest, image_id, index_digest, registry, repository, tag, and vulnerability_severity
limit			query	integer	The upper-bound on the number of records to retrieve [1-100]
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: first_seen, highest_detection_severity, highest_vulnerability_severity, image_digest, image_id, registry, repository, source, and tag

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_images(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.GetCombinedImages(filter="string",
                                    limit=integer,
                                    offset=integer,
                                    sort="string"
                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedImages",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

Back to Table of Contents

CombinedImageByVulnerabilityCount

Retrieve top x images with the most vulnerabilities

PEP8 method name

get_combined_images_by_vulnerability_count

Endpoint

Method	Route
	/container-security/combined/images/by-vulnerability-count/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	This is not used in the backend but is added here for compatibility purposes as some clients expects this i.e UI widgets.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_images_by_vulnerability_count(filter="string",
                                                             limit=integer,
                                                             offset=integer
                                                             )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageByVulnerabilityCount(filter="string",
                                                    limit=integer,
                                                    offset=integer
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageByVulnerabilityCount",
                          filter="string",
                          limit=integer,
                          offset=integer
                          )
print(response)

Back to Table of Contents

CombinedImageDetail

Retrieve image entities identified by the provided filter criteria

PEP8 method name

get_combined_detail

Endpoint

Method	Route
	/container-security/combined/images/detail/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: arch, base_os, cid, first_seen, image_digest, image_id, index_digest, registry, repository, source, and tag
with_config			query	boolean	(true/false) include image config, default is false
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_detail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageDetail(filter="string",
                                      with_config=boolean,
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageDetail",
                          filter="string",
                          with_config=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

Back to Table of Contents

ReadCombinedImagesExport

Retrieve images with an option to expand aggregated vulnerabilities/detections

PEP8 method name

read_combined_export

Endpoint

Method	Route
	/container-security/combined/images/export/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
filter			query	string	Filter images using a query in Falcon Query Language (FQL). Supported filters: ai_related, ai_vulnerability_count, arch, base_os, cid, container_id, container_running_status, cps_rating,crowdstrike_user, cve_id, detection_count, detection_name, detection_severity, first_seen, image_digest, image_id, include_base_image_vuln, index_digest, layer_digest, package_name_version, registry, repository, source, tag, vulnerability_count, vulnerability_severity
expand_vulnerabilities			query	boolean	expand vulnerabilities
expand_detections			query	boolean	expand detections
limit			query	integer	The upper-bound on the number of records to retrieve.
offset			query	integer	The offset from where to begin.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort			query	string	The fields to sort the records on. Supported columns: ai_vulnerabilities, base_os, cid, detections, firstScanned, first_seen, highest_detection_severity, highest_cps_current_rating, highest_vulnerability_severity, image_digest, image_id, last_seen, layers_with_vulnerabilities, packages, registry, repository, source, tag, and vulnerabilities

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_combined_export(filter="string",
                                       expand_vulnerabilities=boolean,
                                       expand_detections=boolean,
                                       limit=integer,
                                       offset=integer,
                                       sort="string"
                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadCombinedImagesExport(filter="string",
                                           expand_vulnerabilities=boolean,
                                           expand_detections=boolean,
                                           limit=integer,
                                           offset=integer,
                                           sort="string"
                                           )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadCombinedImagesExport",
                          filter="string",
                          expand_vulnerabilities=boolean,
                          expand_detections=boolean,
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

Back to Table of Contents

CombinedImageIssuesSummary

Retrieve image issues summary such as Image detections, Runtime detections, Policies, vulnerabilities

PEP8 method name

get_combined_issues_summary

Endpoint

Method	Route
	/container-security/combined/images/issues-summary/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
cid			query	string	CID
include_base_image_vuln			query	boolean	Flag indicating if base image vulnerabilities should be included.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
image_digest			query	string	Image digest ID
registry			query	string	Registry name
repository			query	string	Repository name
tag			query	string	Tag name

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_issues_summary(cid="string",
                                              include_base_image_vuln=boolean,
                                              image_digest="string",
                                              registry="string",
                                              repository="string",
                                              tag="string"
                                              )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageIssuesSummary(cid="string",
                                             include_base_image_vuln=boolean,
                                             image_digest="string",
                                             registry="string",
                                             repository="string",
                                             tag="string"
                                             )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageIssuesSummary",
                          cid="string",
                          include_base_image_vuln=boolean,
                          image_digest="string",
                          registry="string",
                          repository="string",
                          tag="string"
                          )
print(response)

Back to Table of Contents

CombinedImageVulnerabilitySummary

aggregates information about vulnerabilities for an image

PEP8 method name

get_combined_vulnerabilities_summary

Endpoint

Method	Route
	/container-security/combined/images/vulnerabilities-summary/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
cid			query	string	CID
include_base_image_vuln			query	boolean	Flag indicating if base image vulnerabilities should be included.
parameters			query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
image_digest			query	string	Image digest ID
registry			query	string	registry name
repository			query	string	repository name
tag			query	string	tag name

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_vulnerabilities_summary(cid="string",
                                                       include_base_image_vuln=boolean,
                                                       image_digest="string",
                                                       registry="string",
                                                       repository="string",
                                                       tag="string"
                                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageVulnerabilitySummary(cid="string",
                                                    include_base_image_vuln=boolean,
                                                    image_digest="string",
                                                    registry="string",
                                                    repository="string",
                                                    tag="string"
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImageVulnerabilitySummary",
                          cid="string",
                          include_base_image_vuln=boolean,
                          image_digest="string",
                          registry="string",
                          repository="string",
                          tag="string"
                          )
print(response)

Back to Table of Contents

CreateBaseImagesEntities

Creates base images using the provided details

PEP8 method name

create_base_images

Endpoint

Method	Route
	/container-security/entities/base-images/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
body			body	dictionary	Full body payload in JSON format.
image_digest			body	string	Image digest.
image_id			body	string	Image ID.
registry			body	string	Registry.
repository			body	string	Image repository.
tag			body	string	Image tag.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.get_combined_vulnerabilities_summary(image_digest="string",
                                                       image_id="string",
                                                       registry="string",
                                                       repository="string",
                                                       tag="string"
                                                       )
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.CombinedImageVulnerabilitySummary(image_digest="string",
                                                    image_id="string",
                                                    registry="string",
                                                    repository="string",
                                                    tag="string"
                                                    )
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
  "base_images": [
    {
      "image_digest": "string",
      "image_id": "string",
      "registry": "string",
      "repository": "string",
      "tag": "string"
    }
  ]
}

response = falcon.command("CreateBaseImagesEntities", body=body_payload)
print(response)

Back to Table of Contents

DeleteBaseImages

Delete base images by base image UUID

PEP8 method name

delete_base_images

Endpoint

Method	Route
	/container-security/entities/base-images/v1

Required Scope

Content-Type

• Produces: application/json

Keyword Arguments

Name	Service	Uber	Type	Data type	Description
ids			query	string or list of strings	Base Image ID(s).
parameters			query	dictionary	Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_combined_vulnerabilities_summary(ids=id_list)
print(response)

Service class example (Operation ID syntax)

from falconpy import ContainerImages

# Do not hardcode API credentials!
falcon = ContainerImages(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.CombinedImageVulnerabilitySummary(ids=id_list)
print(response)

Uber class example

from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("DeleteBaseImages", ids=id_list)
print(response)

Back to Table of Contents