From b912fd055929ca4a3787a946af522a4aa1b8387b Mon Sep 17 00:00:00 2001
From: Joshua Hiller <joshua.hiller@crowdstrike.com>
Date: Sat, 27 Jan 2024 20:37:00 -0500
Subject: [PATCH] Add ReadContainerAlertsCountBySeverity operation.

---
 src/falconpy/_endpoint/_container_alerts.py | 18 ++++++++++++-
 src/falconpy/container_alerts.py            | 30 ++++++++++++++++++++-
 tests/test_container_alerts.py              |  1 +
 3 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/src/falconpy/_endpoint/_container_alerts.py b/src/falconpy/_endpoint/_container_alerts.py
index 1a83b0f0c..35c9bbb09 100644
--- a/src/falconpy/_endpoint/_container_alerts.py
+++ b/src/falconpy/_endpoint/_container_alerts.py
@@ -37,6 +37,22 @@
 """
 
 _container_alerts_endpoints = [
+  [
+    "ReadContainerAlertsCountBySeverity",
+    "GET",
+    "/container-security/aggregates/container-alerts/count-by-severity/v1",
+    "Get Container Alerts counts by severity",
+    "container_alerts",
+    [
+      {
+        "type": "string",
+        "description": "Search Container Alerts using a query in Falcon Query Language (FQL). Supported "
+        "filters: cid,container_id,last_seen",
+        "name": "filter",
+        "in": "query"
+      }
+    ]
+  ],
   [
     "ReadContainerAlertsCount",
     "GET",
@@ -47,7 +63,7 @@
       {
         "type": "string",
         "description": "Search Container Alerts using a query in Falcon Query Language (FQL). Supported "
-        "filters:  cid,last_seen",
+        "filters:  cid,container_id,last_seen",
         "name": "filter",
         "in": "query"
       }
diff --git a/src/falconpy/container_alerts.py b/src/falconpy/container_alerts.py
index ff63ed655..e75bc575b 100644
--- a/src/falconpy/container_alerts.py
+++ b/src/falconpy/container_alerts.py
@@ -54,13 +54,40 @@ class ContainerAlerts(ServiceClass):
     - a valid token provided by the authentication service class (oauth2.py)
     """
 
+    @force_default(defaults=["parameters"], default_types=["dict"])
+    def read_counts_by_severity(self: object, *args, parameters: dict = None, **kwargs) -> Dict[str, Union[int, dict]]:
+        """Get container alert counts by severity.
+
+        Keyword arguments:
+        filter -- Search Container Alerts using a query in Falcon Query Language (FQL). String.
+                  Supported filters:  cid, container_id, last_seen
+        parameters -- Full parameters payload dictionary. Not required if using other keywords.
+
+        Arguments: When not specified, the first argument to this method is assumed to be 'filter'.
+                   All others are ignored.
+
+        Returns: dict object containing API response.
+
+        HTTP Method: GET
+
+        Swagger URL
+        https://assets.falcon.crowdstrike.com/support/api/swagger.html#/container-alerts/ReadContainerAlertsCountBySeverity
+        """
+        return process_service_request(
+            calling_object=self,
+            endpoints=Endpoints,
+            operation_id="ReadContainerAlertsCountBySeverity",
+            keywords=kwargs,
+            params=handle_single_argument(args, parameters, "filter")
+            )
+
     @force_default(defaults=["parameters"], default_types=["dict"])
     def read_counts(self: object, *args, parameters: dict = None, **kwargs) -> Dict[str, Union[int, dict]]:
         """Search Container Alerts by the provided search criteria.
 
         Keyword arguments:
         filter -- Search Container Alerts using a query in Falcon Query Language (FQL). String.
-                  Supported filters:  cid, last_seen
+                  Supported filters:  cid, container_id, last_seen
         parameters -- Full parameters payload dictionary. Not required if using other keywords.
 
         Arguments: When not specified, the first argument to this method is assumed to be 'filter'.
@@ -113,5 +140,6 @@ def search_and_read(self: object, parameters: dict = None, **kwargs) -> Dict[str
     # This method name aligns to the operation ID in the API but
     # does not conform to snake_case / PEP8 and is defined here for
     # backwards compatibility / ease of use purposes
+    ReadContainerAlertsCountBySeverity = read_counts_by_severity
     ReadContainerAlertsCount = read_counts
     SearchAndReadContainerAlerts = search_and_read
diff --git a/tests/test_container_alerts.py b/tests/test_container_alerts.py
index c4bb87995..6631ff0b1 100644
--- a/tests/test_container_alerts.py
+++ b/tests/test_container_alerts.py
@@ -23,6 +23,7 @@ class TestContainerAlerts:
     def test_all_code_paths(self):
         error_checks = True
         tests = {
+            "read_counts_by_severity": falcon.read_counts_by_severity(filter="cid:'12345678901234567890123456789012"),
             "read_counts": falcon.read_counts(filter="cid:'12345678901234567890123456789012"),
             "search_and_read": falcon.search_and_read(limit=1)
         }