Skip to content
CrowdStrike Developer Center

Cloud Snapshots

The Cloud Snapshots service collection provides operations for managing cloud snapshot scanning and IaC detection. Search IaC detections, manage snapshot scan jobs, register cloud accounts, retrieve scan reports, and access registry credentials.

LanguageLast Update
Pythonv1.5.5
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
CombinedDetections
search_detections		Search IaC Detections using a query in Falcon Query Language.
ReadDeploymentsCombined
search_scan_jobs		Search for snapshot jobs identified by the provided filter.
RegisterCspmSnapshotAccount
register_account		Register customer cloud account for snapshot scanning.
ReadDeploymentsEntities
get_scan_jobs		Retrieve snapshot jobs identified by the provided IDs.
CreateDeploymentEntity
launch_scan_job		Launch a snapshot scan for a given cloud asset.
GetCredentialsIAC
get_iac_credentials		Gets the registry credentials (external endpoint).
GetScanReport
get_scan_reports		Retrieve the scan report for an instance.
GetCredentialsMixin0
get_credentials		Gets the registry credentials.

CombinedDetections

Section titled “CombinedDetections”

Search IaC Detections using a query in Falcon Query Language.

GET /iac/combined/detections/v1
Scope Infrastructure as Code (IaC): READ Consumes · Produces application/json
PEP 8 search_detections

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch IaC detections using a query in Falcon Query Language (FQL). Supported filters: detection_uuid, file_name, last_detected, platform, project_name, project_owner, project_ref, provider, resource_name, rule_category, rule_name, rule_type, rule_uuid, service, severity.
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringFields to sort the records on. Supported columns: detection_uuid, file_name, last_detected, platform, project_name, project_owner, project_ref, provider, resource_name, rule_category, rule_name, rule_type, rule_uuid, service, severity.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.search_detections(filter="string",
                                    limit=integer,
                                    offset=integer,
                                    sort="string")
print(response)

ReadDeploymentsCombined

Section titled “ReadDeploymentsCombined”

Search for snapshot jobs identified by the provided filter.

GET /snapshots/combined/deployments/v1
Scope Snapshot: READ Consumes · Produces application/json
PEP 8 search_scan_jobs

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id, asset_identifier, cloud_provider, region, status.
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe fields to sort the records on. Supported columns: account_id, asset_identifier, cloud_provider, instance_type, last_updated_timestamp, region, status.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.search_scan_jobs(filter="string",
                                   limit="string",
                                   offset="string",
                                   sort="string")
print(response)

RegisterCspmSnapshotAccount

Section titled “RegisterCspmSnapshotAccount”

Register a cloud account for snapshot scanning.

POST /snapshots/entities/accounts/v1
Scope Snapshot: WRITE Consumes · Produces application/json
PEP 8 register_account

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodylist of dictionariesFull body payload in JSON format.
aws_accountsbodylist of dictionariesComplete list of AWS accounts to register.
account_numberbodystringAWS account number. Overriden if aws_accounts keyword is provided.
batch_regionsbodystringRegion the batch is executed within. Overriden if aws_accounts keyword is provided.
iam_external_idbodystringThe external ID of the IAM account used. Overriden if aws_accounts keyword is provided.
iam_role_arnbodystringThe AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided.
kms_aliasbodystringThe KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided.
processing_accountbodystringThe ID of the processing account. Overriden if aws_accounts keyword is provided.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


aws_accounts = [
    {
        "account_number": "string",
        "batch_regions": [
            {
                "job_definition_name": "string",
                "job_queue": "string",
                "region": "string"
            }
        ],
        "iam_external_id": "string",
        "iam_role_arn": "string",
        "kms_alias": "string",
        "processing_account": "string"
    }
]


response = falcon.register_account(aws_accounts=aws_accounts,
                                   account_number="string",
                                   batch_regions=[{"key": "value"}],
                                   iam_external_id="string",
                                   iam_role_arn="string",
                                   kms_alias="string",
                                   processing_account="string")
print(response)

ReadDeploymentsEntities

Section titled “ReadDeploymentsEntities”

Retrieve snapshot jobs identified by the provided IDs.

GET /snapshots/entities/deployments/v1
Scope Snapshot: READ Consumes · Produces application/json
PEP 8 get_scan_jobs

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsSearch snapshot jobs by ids - The maximum amount is 100 IDs.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_scan_jobs(ids=id_list)
print(response)

CreateDeploymentEntity

Section titled “CreateDeploymentEntity”

Launch a snapshot scan for a given cloud asset.

POST /snapshots/entities/deployments/v1
Scope Snapshot: WRITE Consumes · Produces application/json
PEP 8 launch_scan_job

Parameters

Section titled “Parameters”
NameTypeData typeDescription
account_idbodystringCloud provider account ID.
asset_identifierbodystringCloud asset identifier.
bodybodylist of dictionariesFull body payload in JSON format.
cloud_providerbodystringCloud provider.
regionbodystringCloud provider region.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.launch_scan_job(account_id="string",
                                  asset_identifier="string",
                                  cloud_provider="string",
                                  region="string")
print(response)

GetCredentialsIAC

Section titled “GetCredentialsIAC”

Gets the registry credentials (external endpoint).

GET /iac/entities/image-registry-credentials/v1
Scope Infrastructure as Code (IaC): READ Consumes · Produces application/json
PEP 8 get_iac_credentials

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_iac_credentials()
print(response)

GetScanReport

Section titled “GetScanReport”

Retrieve the scan report for an instance.

GET /snapshots/entities/scanreports/v1
Scope Snapshot: READ Consumes · Produces application/json
PEP 8 get_scan_reports

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsThe instance identifiers to fetch the report for.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_scan_reports(ids=id_list)
print(response)

GetCredentialsMixin0

Section titled “GetCredentialsMixin0”

Gets the registry credentials.

GET /snapshots/entities/image-registry-credentials/v1
Scope Snapshot Scanner: READ Consumes · Produces application/json
PEP 8 get_credentials

Parameters

Section titled “Parameters”
NameTypeData typeDescription
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import CloudSnapshots


falcon = CloudSnapshots(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_credentials()
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use