Using the Spotlight Vulnerability Metadata service collection
Table of Contents
| Operation ID | Description | ||||
|---|---|---|---|---|---|
| Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities. | ||||
Passing credentials
WARNING
client_idandclient_secretare keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
combineVulnMetadataExt
Perform a combined query and get operation for retrieving Risk (vulnerability metadata) entities.
PEP8 method name
get_cve_metadata
Endpoint
| Method | Route |
|---|---|
 | /spotlight/combined/vulnerability-metadata-external/v1 |
Required Scope
Content-Type
- Produces: application/json
Keyword Arguments
| Name | Service | Uber | Type | Data type | Description |
|---|---|---|---|---|---|
| after |  | | query | string | A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results. |
| filter | | | query | string | Filter items using a query in Falcon Query Language (FQL). Wildcards * and empty filter values are unsupported. Available filter fields that support exact match: id, provider, cve_ids, cwe_ids, impact.cvss_v2.base_metrics.vector, impact.cvss_v2.temporal_metrics.vector, impact.cvss_v3.base_metrics.integrity_impact, impact.cvss_v3.base_metrics.vector, impact.cvss_v3.temporal_metrics.vector. Available filter fields that support range comparisons (>, <, >=, <=): created_timestamp, impact.cvss_v2.base_metrics.base_score, impact.cvss_v3.base_metrics.base_score, impact.cvss_v2.temporal_metrics.temporal_score, impact.cvss_v3.temporal_metrics.temporal_score, source_created_timestamp, source_updated_timestamp, updated_timestamp. Required. |
| limit | | | query | integer | The number of items to return in this response (default: 100, max: 400). Use with the after parameter to manage pagination of results. |
| offset | | | query | string | Starting index of overall result set from which to return ids. |
| risk_provider | | | query | string or list of strings | Zero or more risk providers. Zero means all. Supported values: S (for Falcon sensor). |
| sort | | | query | string | Sort vulnerabilities by their properties. Available sort options: created_timestamp|asc/desc, updated_timestamp|asc/desc. |
| parameters | | | query | dictionary | Full query string parameters payload in JSON format. |
Usage
Service class example (PEP8 syntax)
from falconpy import SpotlightVulnerabilityMetadata
# Do not hardcode API credentials!
falcon = SpotlightVulnerabilityMetadata(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_cve_metadata(after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)
Service class example (Operation ID syntax)
from falconpy import SpotlightVulnerabilityMetadata
# Do not hardcode API credentials!
falcon = SpotlightVulnerabilityMetadata(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.combineVulnMetadataExt(after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)
Uber class example
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("combineVulnMetadataExt",
after="string",
filter="string",
limit=integer,
offset="string",
risk_provider="string",
sort="string"
)
print(response)
Back to Table of Contents