Skip to content
CrowdStrike Developer Center

Container Image Compliance

The Container Image Compliance service collection provides operations for aggregating compliance assessment data across clusters, images, and rules. This service collection has been renamed and is still available using the deprecated name. Legacy service collection name: Compliance Assessments.

LanguageLast Update
Pythonv1.4.9
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
extAggregateClusterAssessments
aggregate_cluster_assessments		Get the assessments for each cluster.
extAggregateImageAssessments
aggregate_image_assessments		Get the assessments for each image.
extAggregateRulesAssessments
aggregate_rules_assessments		Get the assessments for each rule.
extAggregateFailedContainersByRulesPath
aggregate_failed_containers_by_rules		Get the containers grouped into rules on which they failed.
extAggregateFailedContainersCountBySeverity
aggregate_failed_containers_count_by_severity		Get the failed containers count grouped into severity levels.
extAggregateFailedImagesByRulesPath
aggregate_failed_images_by_rules		Get the images grouped into rules on which they failed.
extAggregateFailedImagesCountBySeverity
aggregate_failed_images_count_by_severity		Get the failed images count grouped into severity levels.
extAggregateFailedRulesByClusters
aggregate_failed_rules_by_clusters		Get the failed rules for each cluster grouped into severity levels.
extAggregateFailedRulesByImages
aggregate_failed_rules_by_image		Get images with failed rules, rule count grouped by severity for each image.
extAggregateFailedRulesCountBySeverity
aggregate_failed_rules_count_by_severity		Get the failed rules count grouped into severity levels.
extAggregateRulesByStatus
aggregate_rules_by_status		Get the rules grouped by their statuses.

extAggregateClusterAssessments

Section titled “extAggregateClusterAssessments”

Get the assessments for each cluster.

GET /container-compliance/aggregates/compliance-by-clusters/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_cluster_assessments

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_cluster_assessments(filter="string")
print(response)

extAggregateImageAssessments

Section titled “extAggregateImageAssessments”

Get the assessments for each image.

GET /container-compliance/aggregates/compliance-by-images/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_image_assessments

Parameters

Section titled “Parameters”
NameTypeData typeDescription
afterquerystringafter value from the last response. Leave empty or do not specify for the first request.
filterquerystringFilter results using a query in Falcon Query Language (FQL).
limitquerystringNumber of images to return in the response after after key. Default when not specified: 10000.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
asset_typeasset type (container, image)
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_image_assessments(filter="string",
                                              after="string",
                                              limit="string")
print(response)

extAggregateRulesAssessments

Section titled “extAggregateRulesAssessments”

Get the assessments for each rule.

GET /container-compliance/aggregates/compliance-by-rules/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_rules_assessments

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_rules_assessments(filter="string")
print(response)

extAggregateFailedContainersByRulesPath

Section titled “extAggregateFailedContainersByRulesPath”

Get the containers grouped into rules on which they failed.

GET /container-compliance/aggregates/failed-containers-by-rules/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_containers_by_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_containers_by_rules(filter="string")
print(response)

extAggregateFailedContainersCountBySeverity

Section titled “extAggregateFailedContainersCountBySeverity”

Get the failed containers count grouped into severity levels.

GET /container-compliance/aggregates/failed-containers-count-by-severity/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_containers_count_by_severity

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_containers_count_by_severity(filter="string")
print(response)

extAggregateFailedImagesByRulesPath

Section titled “extAggregateFailedImagesByRulesPath”

Get the images grouped into rules on which they failed.

GET /container-compliance/aggregates/failed-images-by-rules/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_images_by_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_images_by_rules(filter="string")
print(response)

extAggregateFailedImagesCountBySeverity

Section titled “extAggregateFailedImagesCountBySeverity”

Get the failed images count grouped into severity levels.

GET /container-compliance/aggregates/failed-images-count-by-severity/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_images_count_by_severity

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_images_count_by_severity(filter="string")
print(response)

extAggregateFailedRulesByClusters

Section titled “extAggregateFailedRulesByClusters”

Get the failed rules for each cluster grouped into severity levels.

GET /container-compliance/aggregates/failed-rules-by-clusters/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_rules_by_clusters

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
asset_typeasset type (container, image)
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_rules_by_clusters(filter="string")
print(response)

extAggregateFailedRulesByImages

Section titled “extAggregateFailedRulesByImages”

Get images with failed rules, rule count grouped by severity for each image.

GET /container-compliance/aggregates/failed-rules-by-images/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_rules_by_image

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
asset_typeasset type (container, image)
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
cloud_info.namespaceKubernetes namespace
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_rules_by_image(filter="string")
print(response)

extAggregateFailedRulesCountBySeverity

Section titled “extAggregateFailedRulesCountBySeverity”

Get the failed rules count grouped into severity levels.

GET /container-compliance/aggregates/failed-rules-count-by-severity/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_rules_count_by_severity

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
asset_typeasset type (container, image)
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_failed_rules_count_by_severity(filter="string")
print(response)

extAggregateRulesByStatus

Section titled “extAggregateRulesByStatus”

Get the rules grouped by their statuses.

GET /container-compliance/aggregates/rules-by-status/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_rules_by_status

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter results using a query in Falcon Query Language (FQL).
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.
Supported Filters
Section titled “Supported Filters”
FilterDescription
asset_typeasset type (container, image)
cidCustomer ID
cloud_info.cloud_account_idCloud account ID
cloud_info.cloud_providerCloud provider
cloud_info.cloud_regionCloud region
cloud_info.cluster_nameKubernetes cluster name
compliance_finding.frameworkCompliance finding framework (available values: CIS)
compliance_finding.idCompliance finding ID
compliance_finding.nameCompliance finding Name
compliance_finding.severityCompliance finding severity; available values: 4, 3, 2, 1 (4: critical, 3: high, 2: medium, 1: low)
container_idContainer ID
container_nameContainer name
image_digestImage digest (sha256 digest)
image_idImage ID
image_registryImage registry
image_repositoryImage repository
image_tagImage tag

Code Examples

Section titled “Code Examples”
from falconpy import ContainerImageCompliance


falcon = ContainerImageCompliance(client_id=CLIENT_ID,
                                  client_secret=CLIENT_SECRET
                                  )


response = falcon.aggregate_rules_by_status(filter="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use