Using the Kubernetes Protection service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Retrieve clusters by date range counts | ||||
| Bucket clusters by kubernetes version | ||||
| Bucket clusters by status | ||||
| Retrieve cluster counts | ||||
| Retrieve containers by date range counts | ||||
| Retrieve top container image registries | ||||
| Retrieve containers count affected by zero day vulnerabilities | ||||
| Retrieve count of vulnerable images running on containers | ||||
| Retrieve container counts | ||||
| Retrieve containers by container_runtime_version | ||||
| Group the containers by Managed | ||||
| Retrieve count of image assessment detections on running containers over a period of time | ||||
| Retrieve count of image states running on containers | ||||
| Bucket containers by agent type and calculate sensor coverage | ||||
| Retrieve container vulnerabilities by severity counts | ||||
| Retrieve deployments by date range counts | ||||
| Retrieve deployment counts | ||||
| Retrieve cluster enrichment data | ||||
| Retrieve container enrichment data | ||||
| Retrieve deployment enrichment data | ||||
| Retrieve node enrichment data | ||||
| Retrieve pod enrichment data | ||||
| Retrieve count of distinct images running on containers | ||||
| Bucket container by image-digest | ||||
| Returns the count of Kubernetes IOMs by the date. by default it's for 7 days. | ||||
| Retrieve namespaces by date range counts | ||||
| Retrieve namespace counts | ||||
| Returns the total count of Kubernetes IOMs over the past seven days | ||||
| Bucket nodes by cloud providers | ||||
| Bucket nodes by their container engine version | ||||
| Retrieve nodes by date range counts | ||||
| Retrieve node counts | ||||
| Retrieve pods by date range counts | ||||
| Retrieve pod counts | ||||
| Retrieve kubernetes clusters identified by the provided filter criteria | ||||
| Retrieve kubernetes clusters identified by the provided filter criteria | ||||
| Retrieve images on running containers | ||||
| Retrieve containers identified by the provided filter criteria | ||||
| Retrieve kubernetes deployments identified by the provided filter criteria | ||||
| Search Kubernetes IOM by the provided search criteria | ||||
| Retrieve kubernetes nodes identified by the provided filter criteria | ||||
| Retrieve kubernetes pods identified by the provided filter criteria | ||||
| Retrieve Kubernetes IOM entities identified by the provided IDs | ||||
| Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query | ||||
| Provides a list of AWS accounts. | ||||
| Creates a new AWS account in our system for a customer and generates the installation script. | ||||
| Delete AWS accounts. | ||||
| Updates the AWS account per the query parameters provided. | ||||
| Provides the azure subscriptions registered to Kubernetes Protection. | ||||
| Create Azure Subscriptions. | ||||
| Delete Azure Subscriptions. | ||||
| Provides the cloud locations acknowledged by the Kubernetes Protection service. | ||||
| Returns a combined list of provisioned cloud accounts and known kubernetes clusters. | ||||
| Returns the Azure tenant config. | ||||
| Gets static bash scripts that are used during registration. | ||||
| Provides all the azure subscriptions and tenants. | ||||
| Provides the script to run for a given tenant id and subscription IDs. | ||||
| Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart. | ||||
| Regenerate API key for docker registry integrations. | ||||
| Provides the clusters acknowledged by the Kubernetes Protection service. | ||||
| Triggers a dry run or a full scan of a customer's kubernetes footprint. | ||||
| Search Kubernetes IOM entities by filter criteria | ||||
| Adds the client ID for the given tenant ID to our system. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
ReadClustersByDateRangeCount
Retrieve clusters by date range counts
PEP8 method name
read_clusters_by_date_range
Endpoint
| Method | Route |
|---|---|
 | /container-security/aggregates/clusters/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No parameters
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_date_range()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByDateRangeCount()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByDateRangeCount")
print(response)
Back to Table of Contents
ReadClustersByKubernetesVersionCount
Bucket clusters by kubernetes version
PEP8 method name
read_clusters_by_version
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/clusters/count-by-kubernetes-version/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter |  | | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,namespace,node_count,pod_count,pod_name,tags |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_version(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByKubernetesVersionCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByKubernetesVersionCount", filter="string")
print(response)
Back to Table of Contents
ReadClustersByStatusCount
Bucket clusters by status
PEP8 method name
read_clusters_by_status
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/clusters/count-by-status/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,namespace,node_count,pod_count,pod_name,tags |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_by_status(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClustersByStatusCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClustersByStatusCount", filter="string")
print(response)
Back to Table of Contents
ReadClusterCount
Retrieve cluster counts
PEP8 method name
read_cluster_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/clusters/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,namespace,node_count,pod_count,pod_name,tags |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_cluster_count(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCount", filter="string")
print(response)
Back to Table of Contents
ReadContainersByDateRangeCount
Retrieve containers by date range counts
PEP8 method name
read_containers_by_date_range
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Get container counts using a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_by_date_range(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainersByDateRangeCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainersByDateRangeCount", filter="string")
print(response)
Back to Table of Contents
ReadContainerCountByRegistry
Retrieve top container image registries
PEP8 method name
read_containers_by_registry
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/count-by-registry/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: agent_id, image_repository, agent_type, image_tag, ai_related, image_vulnerability_count, allow_privilege_escalation, insecure_mount_source, app_name, insecure_mount_type, cid, insecure_propagation_mode, cloud_account_id, interactive_mode, cloud_instance_id, ipv4, cloud_name, ipv6, cloud_region, kac_agent_id, cloud_service, labels, cluster_id, last_seen, cluster_name, namespace, container_id, node_name, container_image_id, node_uid, container_name, package_name_version, cve_id, pod_id, detection_name, pod_name, first_seen, port, image_detection_count, privileged, image_digest, root_write_access, image_has_been_assessed, run_as_root_group, image_id, run_as_root_user, image_registry, running_status |
| under_assessment | | | query | boolean | (true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_by_registry(filter="string",
under_assessment=boolean,
limit=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCountByRegistry(filter="string",
under_assessment=boolean,
limit=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCountByRegistry",
filter="string",
under_assessment=boolean,
limit=integer
)
print(response)
Back to Table of Contents
FindContainersCountAffectedByZeroDayVulnerabilities
Retrieve containers count affected by zero day vulnerabilities
PEP8 method name
read_zero_day_affected_counts
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/count-by-zero-day/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No parameters
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_zero_day_affected_counts()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.FindContainersCountAffectedByZeroDayVulnerabilities()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("FindContainersCountAffectedByZeroDayVulnerabilities")
print(response)
Back to Table of Contents
ReadVulnerableContainerImageCount
Retrieve count of vulnerable images running on containers
PEP8 method name
read_vulnerable_container_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/count-vulnerable-images/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerable_container_count(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadVulnerableContainerImageCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadVulnerableContainerImageCount", filter="string")
print(response)
Back to Table of Contents
ReadContainerCount
Retrieve container counts
PEP8 method name
read_container_counts
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_container_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCount", filter="string")
print(response)
Back to Table of Contents
FindContainersByContainerRunTimeVersion
Retrieve containers by container_runtime_version
PEP8 method name
find_containers_by_runtime_version
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/find-by-runtimeversion/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| limit | | | query | integer | The upper-bound on the number of container records to retrieve. |
| offset | | | query | integer | It is used to get the offset |
| sort | | | query | string | Field to sort results by |
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.find_containers_by_runtime_version(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.FindContainersByContainerRunTimeVersion(limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("FindContainersByContainerRunTimeVersion",
limit=integer,
offset=integer,
sort="string",
filter="string"
)
print(response)
Back to Table of Contents
GroupContainersByManaged
Group the containers by Managed
PEP8 method name
group_managed_containers
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/group-by-managed/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.group_managed_containers(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GroupContainersByManaged(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GroupContainersByManaged", filter="string")
print(response)
Back to Table of Contents
ReadContainerImageDetectionsCountByDate
Retrieve count of image assessment detections on running containers over a period of time
PEP8 method name
read_detections_count_by_date
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/image-detections-count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_detections_count_by_date(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImageDetectionsCountByDate(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImageDetectionsCountByDate", filter="string")
print(response)
Back to Table of Contents
ReadContainerImagesByState
Retrieve count of image states running on containers
PEP8 method name
read_images_by_state
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/images-by-state/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter using a query in Falcon Query Language (FQL). Supported filters: cid |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_images_by_state(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImagesByState(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImagesByState", filter="string")
print(response)
Back to Table of Contents
ReadContainersSensorCoverage
Bucket containers by agent type and calculate sensor coverage
PEP8 method name
read_sensor_coverage
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/sensor-coverage/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_sensor_coverage(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainersSensorCoverage(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainersSensorCoverage", filter="string")
print(response)
Back to Table of Contents
ReadContainerVulnerabilitiesBySeverityCount
Retrieve container vulnerabilities by severity counts
PEP8 method name
read_vulnerability_counts_by_severity
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/containers/vulnerability-count-by-severity/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Get vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_vulnerability_counts_by_severity(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerVulnerabilitiesBySeverityCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerVulnerabilitiesBySeverityCount", filter="string")
print(response)
Back to Table of Contents
ReadDeploymentsByDateRangeCount
Retrieve deployments by date range counts
PEP8 method name
read_deployment_counts_by_date_range
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/deployments/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No parameters
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployment_counts_by_date_range()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsByDateRangeCount()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsByDateRangeCount")
print(response)
Back to Table of Contents
ReadDeploymentCount
Retrieve deployment counts
PEP8 method name
read_deployment_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/deployments/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployment_count(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentCount", filter="string")
print(response)
Back to Table of Contents
ReadClusterEnrichment
Retrieve cluster enrichment data
PEP8 method name
read_cluster_enrichment
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/enrichment/clusters/entities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cluster_id | | | query | string or list of strings | One or more cluster ids for which to retrieve enrichment info |
| filter | | | query | string | Supported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadClusterEnrichment(cluster_id=id_list, filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadClusterEnrichment", cluster_id=id_list, filter="string")
print(response)
Back to Table of Contents
ReadContainerEnrichment
Retrieve container enrichment data
PEP8 method name
read_container_enrichment
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/enrichment/containers/entities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| container_id | | | query | string or list of strings | One or more container ids for which to retrieve enrichment info |
| filter | | | query | string | Supported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_container_enrichment(container_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadContainerEnrichment(container_id=id_list, filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadContainerEnrichment", container_id=id_list, filter="string")
print(response)
Back to Table of Contents
ReadDeploymentEnrichment
Retrieve deployment enrichment data
PEP8 method name
read_deployment_enrichment
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/enrichment/deployments/entities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| deployment_id | | | query | string or list of strings | One or more deployment ids for which to retrieve enrichment info |
| filter | | | query | string | Supported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_deployment_enrichment(deployment_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadDeploymentEnrichment(deployment_id=id_list, filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadDeploymentEnrichment", deployment_id=id_list, filter="string")
print(response)
Back to Table of Contents
ReadNodeEnrichment
Retrieve node enrichment data
PEP8 method name
read_node_enrichment
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/enrichment/nodes/entities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| node_name | | | query | string or list of strings | One or more node names for which to retrieve enrichment info |
| filter | | | query | string | Supported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_node_enrichment(node_name=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadNodeEnrichment(node_name=id_list, filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadNodeEnrichment", node_name=id_list, filter="string")
print(response)
Back to Table of Contents
ReadPodEnrichment
Retrieve pod enrichment data
PEP8 method name
read_pod_enrichment
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/enrichment/pods/entities/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| pod_id | | | query | string or list of strings | One or more pod ids for which to retrieve enrichment info |
| filter | | | query | string | Supported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.read_pod_enrichment(pod_id=id_list, filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.ReadPodEnrichment(pod_id=id_list, filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # You may also provide a list of strings here: ["ID1", "ID2", "ID3"]
response = falcon.command("ReadPodEnrichment", pod_id=id_list, filter="string")
print(response)
Back to Table of Contents
ReadDistinctContainerImageCount
Retrieve count of distinct images running on containers
PEP8 method name
read_distinct_image_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/images/count-by-distinct/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,ai_related,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_distinct_image_count(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDistinctContainerImageCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDistinctContainerImageCount", filter="string")
print(response)
Back to Table of Contents
ReadContainerImagesByMostUsed
Bucket container by image-digest
PEP8 method name
read_images_by_most_used
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/images/most-used/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_images_by_most_used(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerImagesByMostUsed(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerImagesByMostUsed", filter="string")
print(response)
Back to Table of Contents
ReadKubernetesIomByDateRange
Returns the count of Kubernetes IOMs by the date. by default it's for 7 days.
PEP8 method name
read_iom_count_by_date_range
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/kubernetes-ioms/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_iom_count_by_date_range(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadKubernetesIomByDateRange(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadKubernetesIomByDateRange", filter="string")
print(response)
Back to Table of Contents
ReadNamespacesByDateRangeCount
Retrieve namespaces by date range counts
PEP8 method name
read_namespaces_by_date_range_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/namespaces/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No parameters
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_namespaces_by_date_range_count()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNamespacesByDateRangeCount")
print(response)
Back to Table of Contents
ReadNamespaceCount
Retrieve namespace counts
PEP8 method name
read_namespace_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/namespaces/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cloud_service,cluster_id,cluster_name,first_seen,kac_agent_id,last_seen,namespace_id,namespace_name,resource_status |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 / Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_namespace_count(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNamespaceCount", filter="string")
print(response)
Back to Table of Contents
ReadKubernetesIomCount
Returns the total count of Kubernetes IOMs over the past seven days
PEP8 method name
read_iom_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/kubernetes-ioms/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Filter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_iom_count(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadKubernetesIomCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadKubernetesIomCount", filter="string")
print(response)
Back to Table of Contents
ReadNodesByCloudCount
Bucket nodes by cloud providers
PEP8 method name
read_node_counts_by_cloud
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/nodes/count-by-cloud/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts_by_cloud(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByCloudCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByCloudCount", filter="string")
print(response)
Back to Table of Contents
ReadNodesByContainerEngineVersionCount
Bucket nodes by their container engine version
PEP8 method name
read_nodes_by_container_engine_version
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/nodes/count-by-container-engine-version/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_nodes_by_container_engine_version(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByContainerEngineVersionCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByContainerEngineVersionCount", filter="string")
print(response)
Back to Table of Contents
ReadNodesByDateRangeCount
Retrieve nodes by date range counts
PEP8 method name
read_node_counts_by_date_range
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/nodes/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts_by_date_range(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodesByDateRangeCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodesByDateRangeCount", filter="string")
print(response)
Back to Table of Contents
ReadNodeCount
Retrieve node counts
PEP8 method name
read_node_count
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/nodes/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_node_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodeCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodeCount", filter="string")
print(response)
Back to Table of Contents
ReadPodsByDateRangeCount
Retrieve pods by date range counts
PEP8 method name
read_pod_counts_by_date_range
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/pods/count-by-date/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
No parameters
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pod_counts_by_date_range()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodsByDateRangeCount()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodsByDateRangeCount")
print(response)
Back to Table of Contents
ReadPodCount
Retrieve pod counts
PEP8 method name
read_pod_counts
Endpoint
| Method | Route |
|---|---|
| /container-security/aggregates/pods/count/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pod_counts(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodCount(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodCount", filter="string")
print(response)
Back to Table of Contents
ReadClusterCombined
Retrieve kubernetes clusters identified by the provided filter criteria
PEP8 method name
read_clusters_combined
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/clusters/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_id,agent_status,agent_type,cid,cloud_account_id,cloud_name,cloud_region,cloud_service,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags, namespace, pod_name |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | Field to sort results by |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadClusterCombinedV2
Retrieve kubernetes clusters identified by the provided filter criteria
PEP8 method name
read_clusters_combined_v2
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/clusters/v2 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filter fields: access, agent_id, agent_status, agent_type, cid, cloud_account_id, cloud_name, cloud_region, cloud_service, cluster_id, cluster_name, cluster_status, container_count, iar_coverage, kac_agent_id, kubernetes_version, last_seen, management_status, node_count, pod_count, namespace, pod_name and tags |
| sort | | | query | string | The fields to sort the records on. |
| include_counts | | | query | boolean | Flag to include node, pod and container counts in the response |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_clusters_combined_v2(filter="string",
sort="string",
include_counts=boolean,
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadClusterCombinedV2(filter="string",
sort="string",
include_counts=boolean,
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadClusterCombinedV2",
filter="string",
sort="string",
include_counts=boolean,
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
ReadRunningContainerImages
Retrieve images on running containers
PEP8 method name
read_running_images
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/container-images/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Retrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,namespace,running_status |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | Field to sort results by |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_running_images(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadRunningContainerImages(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadRunningContainerImages",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadContainerCombined
Retrieve containers identified by the provided filter criteria
PEP8 method name
read_containers_combined
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/containers/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,ai_related,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | Field to sort results by |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_containers_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadContainerCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadContainerCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadDeploymentCombined
Retrieve kubernetes deployments identified by the provided filter criteria
PEP8 method name
read_deployments_combined
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/deployments/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | Field to sort results by |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_deployments_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
SearchAndReadKubernetesIomEntities
Search Kubernetes IOM by the provided search criteria
PEP8 method name
search_and_read_ioms
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/kubernetes-ioms/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_ai_related,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | The fields to sort the records on. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_and_read_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchAndReadKubernetesIomEntities(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("SearchAndReadKubernetesIomEntities",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadNodeCombined
Retrieve kubernetes nodes identified by the provided filter criteria
PEP8 method name
read_nodes_combined
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/nodes/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | Field to sort results by |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_nodes_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadNodeCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadNodeCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadPodCombined
Retrieve kubernetes pods identified by the provided filter criteria
PEP8 method name
read_pods_combined
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/pods/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | Field to sort results by |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_pods_combined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPodCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPodCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
ReadKubernetesIomEntities
Retrieve Kubernetes IOM entities identified by the provided IDs
PEP8 method name
read_iom_entities
Endpoint
| Method | Route |
|---|---|
| /container-security/entities/kubernetes-ioms/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Search Kubernetes IOMs by ids - The maximum amount is 100 IDs |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.read_iom_entities(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadKubernetesIomEntities(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadKubernetesIomEntities", ids=id_list)
print(response)
Back to Table of Contents
SearchKubernetesIoms
Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
PEP8 method name
search_ioms
Endpoint
| Method | Route |
|---|---|
| /container-security/queries/kubernetes-ioms/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| filter | | | query | string | Search Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ai_related,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity |
| limit | | | query | integer | The upper-bound on the number of records to retrieve. |
| offset | | | query | integer | The offset from where to begin. |
| sort | | | query | string | The fields to sort the records on. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_ioms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.SearchKubernetesIoms(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
PARAMS = {
"filter": "string",
"limit": integer,
"offset": integer,
"sort": "string"
}
response = falcon.command("SearchKubernetesIoms",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Back to Table of Contents
GetAWSAccounts
Provides a list of AWS accounts.
PEP8 method name
get_aws_accounts
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/accounts/aws/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | AWS Account ID(s). |
| is_horizon_acct | | | query | string | Filter by whether an account originates from Horizon or not. Allowed values: False or True |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| status | | | query | string | Filter by account status. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_aws_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_acct="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAWSAccounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_acct="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAWSAccounts",
status="string",
limit=integer,
offset=integer,
ids=id_list,
is_horizon_acct="string"
)
print(response)
Back to Table of Contents
CreateAWSAccount
Creates a new AWS account in our system for a customer and generates the installation script
PEP8 method name
create_aws_account
Endpoint
| Method | Route |
|---|---|
 | /kubernetes-protection/entities/accounts/aws/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | |  | body | dictionary | Full body payload in JSON format. |
| account_id | |  | body | string | Account ID. |
| region | | | body | string | Cloud region. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_aws_account(account_id="string", region="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAWSAccount(account_id="string", region="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"account_id": "string",
"region": "string"
}
]
}
response = falcon.command("CreateAWSAccount", body=BODY)
print(response)
Back to Table of Contents
DeleteAWSAccountsMixin0
Delete AWS accounts.
PEP8 method name
delete_aws_accounts
Endpoint
| Method | Route |
|---|---|
 | /kubernetes-protection/entities/accounts/aws/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | AWS Account ID(s) to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_aws_accounts(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAWSAccountsMixin0(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAWSAccountsMixin0", ids=id_list)
print(response)
Back to Table of Contents
UpdateAWSAccount
Updates the AWS account per the query parameters provided
PEP8 method name
update_aws_account
Endpoint
| Method | Route |
|---|---|
 | /kubernetes-protection/entities/accounts/aws/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | AWS Account ID(s) to update. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| region | | | query | string | Default region for account automation. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_aws_account(region="string", ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdateAWSAccount(region="string", ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("UpdateAWSAccount", region="string", ids=id_list)
print(response)
Back to Table of Contents
ListAzureAccounts
Provides the azure subscriptions registered to Kubernetes Protection.
PEP8 method name
list_azure_accounts
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/accounts/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Azure Tenant ID(s). |
| subscription_id | | | query | string or list of strings | Azure Subscription ID(s). |
| is_horizon_acct | | | query | boolean | Flag indicating if we should filter by accounts originating from Horizon. |
| limit | | | query | integer | Maximum number of records to return. |
| offset | | | query | integer | Starting index of overall result set from which to return ids. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
| status | | | query | string | Filter by account status (operational or provisioned). |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.list_azure_accounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_acct=boolean
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.ListAzureAccounts(status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_acct=boolean
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
sub_list = 'SUB1,SUB2,SUB3' # Can also pass a list here: ['SUB1', 'SUB2', 'SUB3']
response = falcon.command("ListAzureAccounts",
status="string",
limit=integer,
offset=integer,
ids=id_list,
subscription_id=sub_list,
is_horizon_acct=boolean
)
print(response)
Back to Table of Contents
CreateAzureSubscription
Creates a new Azure Subscription in our system
PEP8 method name
create_azure_subscription
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/accounts/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format. |
| subscription_id | | | body | string | Azure Subscription ID. |
| tenant_id | | | body | string | Azure Tenant ID. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_azure_subscription(subscription_id="string", tenant_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateAzureSubscription(subscription_id="string", tenant_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
BODY = {
"resources": [
{
"subscription_id": "string",
"tenant_id": "string"
}
]
}
response = falcon.command("CreateAzureSubscription", body=BODY)
print(response)
Back to Table of Contents
DeleteAzureSubscription
Delete an Azure Subscription from the system.
PEP8 method name
delete_azure_subscription
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/accounts/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Azure Subscription ID(s) to delete. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.delete_azure_subscription(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.DeleteAzureSubscription(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("DeleteAzureSubscription", ids=id_list)
print(response)
Back to Table of Contents
GetLocations
Provides the cloud locations acknowledged by the Kubernetes Protection service
PEP8 method name
get_locations
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/cloud-locations/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| clouds | | | query | string or list of strings | Cloud provider. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.get_locations(clouds=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.GetLocations(clouds=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'aws,azure,gcp' # Can also pass a list here: ['aws', 'azure', 'gcp']
response = falcon.command("GetLocations", clouds=id_list)
print(response)
Back to Table of Contents
GetCombinedCloudClusters
Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
PEP8 method name
get_cloud_clusters
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/cloud_cluster/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cluster_service | | | query | string or list of strings | Cluster Service. |
| cluster_status | | | query | string or list of strings | Cluster Status. |
| ids | | | query | string or list of strings | Cloud Account IDs. |
| locations | | | query | string or list of strings | Cloud location. |
| limit | | | query | integer | Limit returned results. |
| offset | | | query | integer | Pagination offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.get_cloud_clusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.GetCombinedCloudClusters(cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# You may provide the string lists as a string, a comma delimited string, or a list
response = falcon.command("GetCombinedCloudClusters",
cluster_service="string or list of strings",
cluster_status="string or list of strings",
ids="string or list of strings",
locations="string or list of strings",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
GetAzureTenantConfig
Returns the Azure tenant config.
PEP8 method name
get_azure_tenant_config
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/config/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Cloud Account IDs. |
| limit | | | query | integer | Limit returned results. |
| offset | | | query | integer | Pagination offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_tenant_config(ids=id_list,
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureTenantConfig(ids=id_list,
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureTenantConfig",
ids=id_list,
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
GetStaticScripts
Get static bash scripts that are used during registration.
PEP8 method name
get_static_scripts
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/gen/scripts/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/octet-stream
Keyword Arguments
No keywords or arguments accepted.
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_static_scripts()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetStaticScripts()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetStaticScripts")
print(response)
Back to Table of Contents
GetAzureTenantIDs
Provides all the azure subscriptions and tenants IDs.
PEP8 method name
get_azure_tenant_ids
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/tenants/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| ids | | | query | string or list of strings | Cloud Account IDs. |
| status | | | query | string | Cluster status. (Not Installed, Running, Stopped) |
| limit | | | query | integer | Limit returned results. |
| offset | | | query | integer | Pagination offset. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_tenant_ids(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureTenantIDs(ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureTenantIDs",
ids=id_list,
status="string",
limit=integer,
offset=integer
)
print(response)
Back to Table of Contents
GetAzureInstallScript
Provide the script to run for a given tenant id and subscription IDs.
PEP8 method name
get_azure_install_script
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/user-script/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/octet-stream
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Azure Tenant ID. |
| subscription_id | | | query | string or list of strings | Azure Subscription IDs. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_azure_install_script(id="string",
subscription_id=id_list,
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetAzureInstallScript(id="string",
subscription_id=id_list
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = "ID1,ID2,ID3" # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetAzureInstallScript",
id="string",
subscription_id=id_list
)
print(response)
Back to Table of Contents
GetHelmValuesYaml
Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
PEP8 method name
get_helm_values_yaml
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/integration/agent/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/yaml
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cluster_name | | | query | string | Cluster name. For EKS this will be the cluster ARN. |
| is_self_managed_cluster | | | query | boolean | Set to True if the cluster is not managed by a cloud provider, and False if it is. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_helm_values_yaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetHelmValuesYaml(cluster_name="string", is_self_managed_cluster=boolean)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetHelmValuesYaml",
cluster_name="string",
is_self_managed_cluster=boolean
)
print(response)
Back to Table of Contents
RegenerateAPIKey
Regenerate API key for docker registry integrations.
PEP8 method name
regenerate
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/integration/api-key/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
No keywords are arguments are required.
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.regenerate()
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegenerateAPIKey()
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("RegenerateAPIKey")
print(response)
Back to Table of Contents
GetClusters
Provides the clusters acknowledged by the Kubernetes Protection service
PEP8 method name
get_clusters
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/kubernetes/clusters/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| cluster_names | | | query | string or list of strings | Cluster name. For EKS this will be the cluster ARN. |
| account_ids | | | query | string or list of strings | Cluster account ID. For EKS this will be the AWS account ID. |
| locations | | | query | string or list of strings | Cloud location. |
| cluster_service | | | query | string | Cluster service. |
| limit | | | query | integer | Maximum number of results to return. |
| offset | | | query | integer | Starting offset to begin returning results. |
| status | | | query | string or list of strings | Cluster status. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.get_clusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.GetClusters(cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
clusters = 'CLID1,CLID2,CLID3' # Can also pass a list here: ['CLID1', 'CLID2', 'CLID3']
accounts = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
locations = 'LOC1,LOC2,LOC3' # Can also pass a list here: ['LOC1', 'LOC2', 'LOC3']
status_types = 'STAT1,STAT2,STAT3' # Can also pass a list here: ['STAT1', 'STAT2', 'STAT3']
response = falcon.command("GetClusters",
cluster_names=clusters,
account_ids=accounts,
locations=locations,
cluster_service="string",
limit=integer,
offset=integer,
status=status_types
)
print(response)
Back to Table of Contents
TriggerScan
Triggers a dry run or a full scan of a customer's kubernetes footprint.
PEP8 method name
trigger_scan
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/scan/trigger/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| scan_type | | | query | string | Type of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.trigger_scan(scan_type="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.TriggerScan(scan_type="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("TriggerScan", scan_type="string")
print(response)
Back to Table of Contents
PostSearchKubernetesIOMEntities
Search Kubernetes IOM entities by filter criteria
PEP8 method name
search_kubernetes_ioms
Endpoint
| Method | Route |
|---|---|
| /container-security/combined/kubernetes-ioms/search/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| body | | | body | dictionary | Full body payload in JSON format |
| filter | | | query | string | FQL filter to search Kubernetes IOM entities |
| limit | | | query | integer | Maximum number of entities to return |
| sort | | | query | string | Sort specification for results |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_kubernetes_ioms(filter="string",
limit=100,
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PostSearchKubernetesIOMEntities(filter="string",
limit=100,
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"pit": "string",
"search_after": [
None
]
}
response = falcon.command("PostSearchKubernetesIOMEntities",
body=body_payload,
filter="string",
limit=100,
sort="string"
)
print(response)
Back to Table of Contents
PatchAzureServicePrincipal
Adds the client ID for the given tenant ID to our system.
PEP8 method name
update_azure_service_principal or patch_azure_service_principal
Endpoint
| Method | Route |
|---|---|
| /kubernetes-protection/entities/service-principal/azure/v1 |
Required Scope
Content-Type
- Consumes: application/json
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| id | | | query | string | Azure Tenant ID. |
| client_id | | | query | string | Azure Client ID. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.update_azure_service_principal(id="string", client_id="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesProtection
# Do not hardcode API credentials!
falcon = KubernetesProtection(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.PatchAzureServicePrincipal(id="string", client_id="string")
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("PatchAzureServicePrincipal", id="string", client_id="string")
print(response)
Back to Table of Contents