-
Notifications
You must be signed in to change notification settings - Fork 0
Compliance Assessments
Get the assessments for each cluster.
aggregate_cluster_assessments
Method | Route |
---|---|
/container-compliance/aggregates/compliance-by-clusters/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
cloud_info.namespace | Kubernetes namespace |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_cluster_assessments(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateClusterAssessments(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateClusterAssessments", filter="string")
print(response)
Get the assessments for each image.
aggregate_image_assessments
Method | Route |
---|---|
/container-compliance/aggregates/compliance-by-images/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
after | query | string |
after value from the last response. Leave empty or do not specify for the first request. |
||
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
limit | query | string | number of images to return in the response after after key. Default when not specified: 10000
|
||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
cloud_info.namespace | Kubernetes namespace |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_image_assessments(after="string", filter="string", limit="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateImageAssessments(after="string", filter="string", limit="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateImageAssessments",
after="string",
filter="string",
limit="string"
)
print(response)
Get the assessments for each rule.
aggregate_rules_assessments
Method | Route |
---|---|
/container-compliance/aggregates/compliance-by-rules/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_rules_assessments(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateRulesAssessments(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateRulesAssessments", filter="string")
print(response)
Get the containers grouped into rules on which they failed.
aggregate_failed_containers_by_rules
Method | Route |
---|---|
/container-compliance/aggregates/failed-containers-by-rules/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
cloud_info.namespace | Kubernetes namespace |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_containers_by_rules(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedContainersByRulesPath(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedContainersByRulesPath", filter="string")
print(response)
Get the failed containers count grouped into severity levels.
aggregate_failed_containers_count_by_severity
Method | Route |
---|---|
/container-compliance/aggregates/failed-containers-count-by-severity/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
cloud_info.namespace | Kubernetes namespace |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_containers_count_by_severity(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedContainersCountBySeverity(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedContainersCountBySeverity", filter="string")
print(response)
Get the images grouped into rules on which they failed.
aggregate_failed_images_by_rules
Method | Route |
---|---|
/container-compliance/aggregates/failed-images-by-rules/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
cloud_info.namespace | Kubernetes namespace |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_images_by_rules(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedImagesByRulesPath(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedImagesByRulesPath", filter="string")
print(response)
Get the failed images count grouped into severity levels.
aggregate_failed_images_count_by_severity
Method | Route |
---|---|
/container-compliance/aggregates/failed-images-count-by-severity/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
cloud_info.namespace | Kubernetes namespace |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_images_count_by_severity(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedImagesCountBySeverity(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedImagesCountBySeverity", filter="string")
print(response)
Get the failed rules for each cluster grouped into severity levels.
aggregate_failed_rules_by_clusters
Method | Route |
---|---|
/container-compliance/aggregates/failed-rules-by-clusters/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_by_clusters(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedRulesByClusters(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedRulesByClusters", filter="string")
print(response)
Get images with failed rules, rule count grouped by severity for each image.
aggregate_failed_rules_by_image
Method | Route |
---|---|
/container-compliance/aggregates/failed-rules-by-images/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_by_image(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedRulesByImages(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedRulesByImages", filter="string")
print(response)
Get the failed rules count grouped into severity levels.
aggregate_failed_rules_count_by_severity
Method | Route |
---|---|
/container-compliance/aggregates/failed-rules-count-by-severity/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_failed_rules_count_by_severity(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateFailedRulesCountBySeverity(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateFailedRulesCountBySeverity", filter="string")
print(response)
Get the rules grouped by their statuses.
aggregate_rules_by_status
Method | Route |
---|---|
/container-compliance/aggregates/rules-by-status/v2 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Filter results using a query in Falcon Query Language (FQL). | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required when using other keywords. |
Filter | Description |
---|---|
asset_type | asset type (container , image ) |
cid | Customer ID |
cloud_info.cloud_account_id | Cloud account ID |
cloud_info.cloud_provider | Cloud provider |
cloud_info.cloud_region | Cloud region |
cloud_info.cluster_name | Kubernetes cluster name |
compliance_finding.framework | Compliance finding framework (available values: CIS ) |
compliance_finding.id | Compliance finding ID |
compliance_finding.name | Compliance finding Name |
compliance_finding.severity | Compliance finding |
container_id | Container ID |
container_name | Container name |
image_digest | Image digest (sha256 digest) |
image_id | Image ID |
image_registry | Image registry |
image_repository | Image repository |
image_tag | Image tag |
severity | (available values: 4 - critical, 3 - high, 2 - medium, 1 - low) |
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.aggregate_rules_by_status(filter="string")
print(response)
from falconpy import ComplianceAssessments
falcon = ComplianceAssessments(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.extAggregateRulesByStatus(filter="string")
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("extAggregateRulesByStatus", filter="string")
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust