Skip to content
CrowdStrike Developer Center

Kubernetes Container Compliance

The Kubernetes Container Compliance service collection provides operations for assessing and reporting on Kubernetes compliance posture. Aggregate assessments by cluster, asset type, cluster type, compliance framework, failed rules, and images. Retrieve detailed compliance findings for container images and Kubernetes nodes, and access compliance rule metadata.

LanguageLast Update
Pythonv1.5.3
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
AggregateAssessmentsGroupedByClustersV2
aggregate_assessments_by_cluster		Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types.
AggregateComplianceByAssetType
aggregate_compliance_by_asset_type		Provides aggregated compliance assessment metrics and rule status information, organized by asset type.
AggregateComplianceByClusterType
aggregate_compliance_by_cluster_type		Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type.
AggregateComplianceByFramework
aggregate_compliance_by_framework		Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework.
AggregateFailedRulesByClustersV3
aggregate_failed_rules_by_clusters		Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low).
AggregateAssessmentsGroupedByRulesV2
aggregate_assessments_by_rules		Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts.
AggregateTopFailedImages
aggregate_top_failed_images		Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low).
CombinedImagesFindings
image_findings		Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations.
CombinedNodesFindings
node_findings		Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations.
getRulesMetadataByID
get_rules_metadata		Retrieve detailed compliance rule information by ID. Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers.

AggregateAssessmentsGroupedByClustersV2

Section titled “AggregateAssessmentsGroupedByClustersV2”

Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types.

GET /container-compliance/aggregates/clusters/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_assessments_by_cluster

Parameters

Section titled “Parameters”
NameTypeData typeDescription
offsetqueryintegerThe zero-based position of the first record to return.
limitqueryintegerThe maximum number of records to return. (1-500) Default is 20.
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_assessments_by_cluster(filter="string",
                                                   limit=integer,
                                                   offset=integer)
print(response)

AggregateComplianceByAssetType

Section titled “AggregateComplianceByAssetType”

Provides aggregated compliance assessment metrics and rule status information, organized by asset type.

GET /container-compliance/aggregates/compliance-by-asset-type/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_compliance_by_asset_type

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_compliance_by_asset_type(filter="string")
print(response)

AggregateComplianceByClusterType

Section titled “AggregateComplianceByClusterType”

Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type.

GET /container-compliance/aggregates/compliance-by-cluster-type/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_compliance_by_cluster_type

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_compliance_by_cluster_type(filter="string")
print(response)

AggregateComplianceByFramework

Section titled “AggregateComplianceByFramework”

Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework.

GET /container-compliance/aggregates/compliance-by-framework/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_compliance_by_framework

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_compliance_by_framework(filter="string")
print(response)

AggregateFailedRulesByClustersV3

Section titled “AggregateFailedRulesByClustersV3”

Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low).

GET /container-compliance/aggregates/failed-rules-by-clusters/v3
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_failed_rules_by_clusters

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
limitqueryintegerThe maximum number of records to return. (1-100) Default is 10.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_failed_rules_by_clusters(filter="string",
                                                     limit=integer)
print(response)

AggregateAssessmentsGroupedByRulesV2

Section titled “AggregateAssessmentsGroupedByRulesV2”

Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts.

GET /container-compliance/aggregates/rules/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_assessments_by_rules

Parameters

Section titled “Parameters”
NameTypeData typeDescription
offsetqueryintegerThe zero-based position of the first record to return.
limitqueryintegerThe maximum number of records to return. (1-500) Default is 20.
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_assessments_by_rules(filter="string",
                                                 limit=integer,
                                                 offset=integer)
print(response)

AggregateTopFailedImages

Section titled “AggregateTopFailedImages”

Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low).

GET /container-compliance/aggregates/top-failed-images/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 aggregate_top_failed_images

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
limitqueryintegerThe maximum number of records to return. (1-100) Default is 10.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.aggregate_top_failed_images(filter="string", limit=integer)
print(response)

CombinedImagesFindings

Section titled “CombinedImagesFindings”

Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations.

GET /container-compliance/combined/findings-by-images/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 image_findings

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, cloud_info.namespace, compliance_finding.asset_uid, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status, image_digest, image_id, image_registry, image_repository, image_tag
afterquerystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don’t provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limitqueryintegerThe maximum number of images for which assessments are to be returned: 1-100. Default is 100. Use with the after parameter to manage pagination of results.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.image_findings(after="string", filter="string", limit=integer)
print(response)

CombinedNodesFindings

Section titled “CombinedNodesFindings”

Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations.

GET /container-compliance/combined/findings-by-nodes/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 node_findings

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.asset_uid, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status, aid, node_id, node_name, node_type
afterquerystringA pagination token used with the limit parameter to manage pagination of results. On your first request, don’t provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limitqueryintegerThe maximum number of nodes for which assessments are to be returned: 1-100. Default is 100. Use with the after parameter to manage pagination of results.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


response = falcon.node_findings(after="string", filter="string", limit=integer)
print(response)

getRulesMetadataByID

Section titled “getRulesMetadataByID”

Retrieve detailed compliance rule information by ID.

Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers.

GET /container-compliance/combined/findings-by-nodes/v2
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 get_rules_metadata

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsRule IDs.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesContainerCompliance


falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_rules_metadata(ids=id_list)
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use