Add ReadContainerAlertsCountBySeverity operation.

src/falconpy/_endpoint/_container_alerts.py

@@ -37,6 +37,22 @@
 """
 
 _container_alerts_endpoints = [
+  [
+    "ReadContainerAlertsCountBySeverity",
+    "GET",
+    "/container-security/aggregates/container-alerts/count-by-severity/v1",
+    "Get Container Alerts counts by severity",
+    "container_alerts",
+    [
+      {
+        "type": "string",
+        "description": "Search Container Alerts using a query in Falcon Query Language (FQL). Supported "
+        "filters: cid,container_id,last_seen",
+        "name": "filter",
+        "in": "query"
+      }
+    ]
+  ],
   [
     "ReadContainerAlertsCount",
     "GET",
@@ -47,7 +63,7 @@
       {
         "type": "string",
         "description": "Search Container Alerts using a query in Falcon Query Language (FQL). Supported "
-        "filters:  cid,last_seen",
+        "filters:  cid,container_id,last_seen",
         "name": "filter",
         "in": "query"
       }

src/falconpy/container_alerts.py

@@ -54,13 +54,40 @@ class ContainerAlerts(ServiceClass):
     - a valid token provided by the authentication service class (oauth2.py)
     """
 
+    @force_default(defaults=["parameters"], default_types=["dict"])
+    def read_counts_by_severity(self: object, *args, parameters: dict = None, **kwargs) -> Dict[str, Union[int, dict]]:
+        """Get container alert counts by severity.
+
+        Keyword arguments:
+        filter -- Search Container Alerts using a query in Falcon Query Language (FQL). String.
+                  Supported filters:  cid, container_id, last_seen
+        parameters -- Full parameters payload dictionary. Not required if using other keywords.
+
+        Arguments: When not specified, the first argument to this method is assumed to be 'filter'.
+                   All others are ignored.
+
+        Returns: dict object containing API response.
+
+        HTTP Method: GET
+
+        Swagger URL
+        https://assets.falcon.crowdstrike.com/support/api/swagger.html#/container-alerts/ReadContainerAlertsCountBySeverity
+        """
+        return process_service_request(
+            calling_object=self,
+            endpoints=Endpoints,
+            operation_id="ReadContainerAlertsCountBySeverity",
+            keywords=kwargs,
+            params=handle_single_argument(args, parameters, "filter")
+            )
+
     @force_default(defaults=["parameters"], default_types=["dict"])
     def read_counts(self: object, *args, parameters: dict = None, **kwargs) -> Dict[str, Union[int, dict]]:
         """Search Container Alerts by the provided search criteria.
 
         Keyword arguments:
         filter -- Search Container Alerts using a query in Falcon Query Language (FQL). String.
-                  Supported filters:  cid, last_seen
+                  Supported filters:  cid, container_id, last_seen
         parameters -- Full parameters payload dictionary. Not required if using other keywords.
 
         Arguments: When not specified, the first argument to this method is assumed to be 'filter'.
@@ -113,5 +140,6 @@ def search_and_read(self: object, parameters: dict = None, **kwargs) -> Dict[str
     # This method name aligns to the operation ID in the API but
     # does not conform to snake_case / PEP8 and is defined here for
     # backwards compatibility / ease of use purposes
+    ReadContainerAlertsCountBySeverity = read_counts_by_severity
     ReadContainerAlertsCount = read_counts
     SearchAndReadContainerAlerts = search_and_read

tests/test_container_alerts.py

@@ -23,6 +23,7 @@ class TestContainerAlerts:
     def test_all_code_paths(self):
         error_checks = True
         tests = {
+            "read_counts_by_severity": falcon.read_counts_by_severity(filter="cid:'12345678901234567890123456789012"),
             "read_counts": falcon.read_counts(filter="cid:'12345678901234567890123456789012"),
             "search_and_read": falcon.search_and_read(limit=1)
         }