Container Alerts

The Container Alerts service collection provides operations for searching and reading container alert data using Falcon Query Language (FQL) filters.

Language	Last Update
Python	v1.4.8
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
ReadContainerAlertsCountBySeverity `read_counts_by_severity`	Get Container Alert counts by severity.
ReadContainerAlertsCount `read_counts`	Search Container Alerts by the provided search criteria.
SearchAndReadContainerAlerts `search_and_read`	Search Container Alerts by the provided search criteria.

ReadContainerAlertsCountBySeverity

Get Container Alert counts by severity.

GET /container-security/aggregates/container-alerts/count-by-severity/v1

Scope Falcon Container Image: READ Consumes · Produces application/json

PEP 8 read_counts_by_severity

Parameters

Name	Type	Data type	Description
filter	query	string	Search Container Alerts using a query in Falcon Query Language (FQL). Supported filters: `cid`, `container_id`, `last_seen`
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

from falconpy import ContainerAlerts

falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_counts_by_severity(filter="string")
print(response)

from falconpy import ContainerAlerts

falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadContainerAlertsCountBySeverity(filter="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerAlertsCountBySeverity",
                          filter="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/container_alerts"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"

  response, err := client.ContainerAlerts.ReadContainerAlertsCountBySeverity(
    &container_alerts.ReadContainerAlertsCountBySeverityParams{
      Filter: &filter,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.containerAlerts.readContainerAlertsCountBySeverity("string");  // filter

console.log(response);

use rusty_falcon::apis::container_alerts_api::read_container_alerts_count_by_severity;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = read_container_alerts_count_by_severity(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::ContainerAlerts.new

response = api.read_container_alerts_count_by_severity(filter: 'string')

puts response

ReadContainerAlertsCount

Search Container Alerts by the provided search criteria

GET /container-security/aggregates/container-alerts/count/v1

Scope Falcon Container Image: READ Consumes · Produces application/json

PEP 8 read_counts

Parameters

Name	Type	Data type	Description
filter	query	string	Search Container Alerts using a query in Falcon Query Language (FQL). Supported filters: cid,last_seen
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

from falconpy import ContainerAlerts

falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.read_counts(filter="string")
print(response)

from falconpy import ContainerAlerts

falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.ReadContainerAlertsCount(filter="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadContainerAlertsCount",
                          filter="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/container_alerts"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"

  response, err := client.ContainerAlerts.ReadContainerAlertsCount(
    &container_alerts.ReadContainerAlertsCountParams{
      Filter: &filter,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.containerAlerts.readContainerAlertsCount("string");  // filter

console.log(response);

use rusty_falcon::apis::container_alerts_api::read_container_alerts_count;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = read_container_alerts_count(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::ContainerAlerts.new

response = api.read_container_alerts_count(filter: 'string')

puts response

SearchAndReadContainerAlerts

Search Container Alerts by the provided search criteria

GET /container-security/combined/container-alerts/v1

Scope Falcon Container Image: READ Consumes · Produces application/json

PEP 8 search_and_read

Parameters

Name	Type	Data type	Description
filter	query	string	Search Container Alerts using a query in Falcon Query Language (FQL). Supported filters: cid,container_id,last_seen,name,severity
limit	query	integer	The upper-bound on the number of records to retrieve. (Default: 100)
offset	query	integer	The offset from where to begin.
parameters	query	dictionary	Full query string parameters payload in JSON format. Not required if using other keywords.
sort	query	string	The fields to sort the records on.

Code Examples

from falconpy import ContainerAlerts

falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.search_and_read(filter="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string")
print(response)

from falconpy import ContainerAlerts

falcon = ContainerAlerts(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )

response = falcon.SearchAndReadContainerAlerts(filter="string",
                                               limit=integer,
                                               offset=integer,
                                               sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("SearchAndReadContainerAlerts",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string")
print(response)

Get-FalconContainerAlert -Filter "string" `
  -Sort "string" `
  -Limit integer `
  -Offset integer

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/container_alerts"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"
  limit := int64(0)
  offset := int64(0)
  sort := "string"

  response, err := client.ContainerAlerts.SearchAndReadContainerAlerts(
    &container_alerts.SearchAndReadContainerAlertsParams{
      Filter: &filter,
      Limit: &limit,
      Offset: &offset,
      Sort: &sort,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.containerAlerts.searchAndReadContainerAlerts(
  "string",  // filter
  integer,  // limit
  integer,  // offset
  "string"  // sort
);

console.log(response);

use rusty_falcon::apis::container_alerts_api::search_and_read_container_alerts;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = search_and_read_container_alerts(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
        Some(integer),  // limit
        Some(integer),  // offset
        Some("string"),  // sort
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::ContainerAlerts.new

response = api.search_and_read_container_alerts(filter: 'string',
                                                limit: integer,
                                                offset: integer,
                                                sort: 'string')

puts response

Container Alerts

Table of Contents

ReadContainerAlertsCountBySeverity

Parameters

Code Examples

ReadContainerAlertsCount

Parameters

Code Examples

SearchAndReadContainerAlerts

Parameters

Code Examples