Skip to content
CrowdStrike Developer Center

Kubernetes Protection

The Kubernetes Protection service collection provides operations for managing Kubernetes cluster security. Query container vulnerabilities, cloud accounts, nodes, deployments, namespaces, and pods. Manage agent configurations and regenerate API keys.

LanguageLast Update
Pythonv1.6.1
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

Table of Contents

Section titled “Table of Contents”
OperationDescription
ReadClustersByDateRangeCount
read_clusters_by_date_range		Retrieve clusters by date range counts
ReadClustersByKubernetesVersionCount
read_clusters_by_version		Bucket clusters by kubernetes version
ReadClustersByStatusCount
read_clusters_by_status		Bucket clusters by status
ReadClusterCount
read_cluster_count		Retrieve cluster counts
ReadContainersByDateRangeCount
read_containers_by_date_range		Retrieve containers by date range counts
ReadContainerCountByRegistry
read_containers_by_registry		Retrieve top container image registries
FindContainersCountAffectedByZeroDayVulnerabilities
read_zero_day_affected_counts		Retrieve containers count affected by zero day vulnerabilities
ReadVulnerableContainerImageCount
read_vulnerable_container_count		Retrieve count of vulnerable images running on containers
ReadContainerCount
read_container_counts		Retrieve container counts
FindContainersByContainerRunTimeVersion
find_containers_by_runtime_version		Retrieve containers by container_runtime_version
GroupContainersByManaged
group_managed_containers		Group the containers by Managed
ReadContainerImageDetectionsCountByDate
read_detections_count_by_date		Retrieve count of image assessment detections on running containers over a period of time
ReadContainerImagesByState
read_images_by_state		Retrieve count of image states running on containers
ReadContainersSensorCoverage
read_sensor_coverage		Bucket containers by agent type and calculate sensor coverage
ReadContainerVulnerabilitiesBySeverityCount
read_vulnerability_counts_by_severity		Retrieve container vulnerabilities by severity counts
ReadDeploymentsByDateRangeCount
read_deployment_counts_by_date_range		Retrieve deployments by date range counts
ReadDeploymentCount
read_deployment_count		Retrieve deployment counts
ReadClusterEnrichment
read_cluster_enrichment		Retrieve cluster enrichment data
ReadContainerEnrichment
read_container_enrichment		Retrieve container enrichment data
ReadDeploymentEnrichment
read_deployment_enrichment		Retrieve deployment enrichment data
ReadNodeEnrichment
read_node_enrichment		Retrieve node enrichment data
ReadPodEnrichment
read_pod_enrichment		Retrieve pod enrichment data
ReadDistinctContainerImageCount
read_distinct_image_count		Retrieve count of distinct images running on containers
ReadContainerImagesByMostUsed
read_images_by_most_used		Bucket container by image-digest
ReadKubernetesIomByDateRange
read_iom_count_by_date_range		Returns the count of Kubernetes IOMs by the date. by default it’s for 7 days.
ReadNamespacesByDateRangeCount
read_namespaces_by_date_range_count		Retrieve namespaces by date range counts
ReadNamespaceCount
read_namespace_count		Retrieve namespace counts
ReadKubernetesIomCount
read_iom_count		Returns the total count of Kubernetes IOMs over the past seven days
ReadNodesByCloudCount
read_node_counts_by_cloud		Bucket nodes by cloud providers
ReadNodesByContainerEngineVersionCount
read_nodes_by_container_engine_version		Bucket nodes by their container engine version
ReadNodesByDateRangeCount
read_node_counts_by_date_range		Retrieve nodes by date range counts
ReadNodeCount
read_node_count		Retrieve node counts
ReadPodsByDateRangeCount
read_pod_counts_by_date_range		Retrieve pods by date range counts
ReadPodCount
read_pod_counts		Retrieve pod counts
ReadClusterCombined
read_clusters_combined		Retrieve kubernetes clusters identified by the provided filter criteria
ReadClusterCombinedV2
read_clusters_combined_v2		Retrieve kubernetes clusters identified by the provided filter criteria
ReadRunningContainerImages
read_running_images		Retrieve images on running containers
ReadContainerCombined
read_containers_combined		Retrieve containers identified by the provided filter criteria
ReadDeploymentCombined
read_deployments_combined		Retrieve kubernetes deployments identified by the provided filter criteria
SearchAndReadKubernetesIomEntities
search_and_read_ioms		Search Kubernetes IOM by the provided search criteria
ReadNodeCombined
read_nodes_combined		Retrieve kubernetes nodes identified by the provided filter criteria
ReadPodCombined
read_pods_combined		Retrieve kubernetes pods identified by the provided filter criteria
ReadKubernetesIomEntities
read_iom_entities		Retrieve Kubernetes IOM entities identified by the provided IDs
SearchKubernetesIoms
search_ioms		Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query
GetAWSAccounts
get_aws_accounts		Provides a list of AWS accounts.
CreateAWSAccount
create_aws_account		Creates a new AWS account in our system for a customer and generates the installation script
DeleteAWSAccountsMixin0
delete_aws_accounts		Delete AWS accounts.
UpdateAWSAccount
update_aws_account		Updates the AWS account per the query parameters provided
ListAzureAccounts
list_azure_accounts		Provides the azure subscriptions registered to Kubernetes Protection.
CreateAzureSubscription
create_azure_subscription		Creates a new Azure Subscription in our system
DeleteAzureSubscription
delete_azure_subscription		Delete an Azure Subscription from the system.
GetLocations
get_locations		Provides the cloud locations acknowledged by the Kubernetes Protection service
GetCombinedCloudClusters
get_cloud_clusters		Returns a combined list of provisioned cloud accounts and known kubernetes clusters.
GetAzureTenantConfig
get_azure_tenant_config		Returns the Azure tenant config.
GetStaticScripts
get_static_scripts		Get static bash scripts that are used during registration.
GetAzureTenantIDs
get_azure_tenant_ids		Provides all the azure subscriptions and tenants IDs.
GetAzureInstallScript
get_azure_install_script		Provide the script to run for a given tenant id and subscription IDs.
GetHelmValuesYaml
get_helm_values_yaml		Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart
RegenerateAPIKey
regenerate		Regenerate API key for docker registry integrations.
GetClusters
get_clusters		Provides the clusters acknowledged by the Kubernetes Protection service
TriggerScan
trigger_scan		Triggers a dry run or a full scan of a customer’s kubernetes footprint.
PostSearchKubernetesIOMEntities
search_kubernetes_ioms		Search Kubernetes IOM entities by filter criteria
PatchAzureServicePrincipal
update_azure_service_principal		Adds the client ID for the given tenant ID to our system.

ReadClustersByDateRangeCount

Section titled “ReadClustersByDateRangeCount”

Retrieve clusters by date range counts

GET /container-security/aggregates/clusters/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_clusters_by_date_range

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_clusters_by_date_range()
print(response)

ReadClustersByKubernetesVersionCount

Section titled “ReadClustersByKubernetesVersionCount”

Bucket clusters by kubernetes version

GET /container-security/aggregates/clusters/count-by-kubernetes-version/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_clusters_by_version

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,namespace,node_count,pod_count,pod_name,tags
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_clusters_by_version(filter="string")
print(response)

ReadClustersByStatusCount

Section titled “ReadClustersByStatusCount”

Bucket clusters by status

GET /container-security/aggregates/clusters/count-by-status/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_clusters_by_status

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,namespace,node_count,pod_count,pod_name,tags
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_clusters_by_status(filter="string")
print(response)

ReadClusterCount

Section titled “ReadClusterCount”

Retrieve cluster counts

GET /container-security/aggregates/clusters/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_cluster_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: access,agent_status,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,namespace,node_count,pod_count,pod_name,tags
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_cluster_count(filter="string")
print(response)

ReadContainersByDateRangeCount

Section titled “ReadContainersByDateRangeCount”

Retrieve containers by date range counts

GET /container-security/aggregates/containers/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_containers_by_date_range

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringGet container counts using a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_containers_by_date_range(filter="string")
print(response)

ReadContainerCountByRegistry

Section titled “ReadContainerCountByRegistry”

Retrieve top container image registries

GET /container-security/aggregates/containers/count-by-registry/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_containers_by_registry

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: agent_id, image_repository, agent_type, image_tag, ai_related, image_vulnerability_count, allow_privilege_escalation, insecure_mount_source, app_name, insecure_mount_type, cid, insecure_propagation_mode, cloud_account_id, interactive_mode, cloud_instance_id, ipv4, cloud_name, ipv6, cloud_region, kac_agent_id, cloud_service, labels, cluster_id, last_seen, cluster_name, namespace, container_id, node_name, container_image_id, node_uid, container_name, package_name_version, cve_id, pod_id, detection_name, pod_name, first_seen, port, image_detection_count, privileged, image_digest, root_write_access, image_has_been_assessed, run_as_root_group, image_id, run_as_root_user, image_registry, running_status
under_assessmentqueryboolean(true/false) whether to return registries under assessment or not under assessment. If not provided all registries are considered
limitqueryintegerThe upper-bound on the number of records to retrieve.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_containers_by_registry(filter="string",
                                              under_assessment="string",
                                              limit=integer)
print(response)

FindContainersCountAffectedByZeroDayVulnerabilities

Section titled “FindContainersCountAffectedByZeroDayVulnerabilities”

Retrieve containers count affected by zero day vulnerabilities

GET /container-security/aggregates/containers/count-by-zero-day/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_zero_day_affected_counts

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_zero_day_affected_counts()
print(response)

ReadVulnerableContainerImageCount

Section titled “ReadVulnerableContainerImageCount”

Retrieve count of vulnerable images running on containers

GET /container-security/aggregates/containers/count-vulnerable-images/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_vulnerable_container_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_vulnerable_container_count(filter="string")
print(response)

ReadContainerCount

Section titled “ReadContainerCount”

Retrieve container counts

GET /container-security/aggregates/containers/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_container_counts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_container_counts(filter="string")
print(response)

FindContainersByContainerRunTimeVersion

Section titled “FindContainersByContainerRunTimeVersion”

Retrieve containers by container_runtime_version

GET /container-security/aggregates/containers/find-by-runtimeversion/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 find_containers_by_runtime_version

Parameters

Section titled “Parameters”
NameTypeData typeDescription
limitqueryintegerThe upper-bound on the number of container records to retrieve.
offsetqueryintegerIt is used to get the offset
sortquerystringField to sort results by
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.find_containers_by_runtime_version(limit="string",
                                                     offset="string",
                                                     sort="string",
                                                     filter="string")
print(response)

GroupContainersByManaged

Section titled “GroupContainersByManaged”

Group the containers by Managed

GET /container-security/aggregates/containers/group-by-managed/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 group_managed_containers

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.group_managed_containers(filter="string")
print(response)

ReadContainerImageDetectionsCountByDate

Section titled “ReadContainerImageDetectionsCountByDate”

Retrieve count of image assessment detections on running containers over a period of time

GET /container-security/aggregates/containers/image-detections-count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_detections_count_by_date

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_detections_count_by_date(filter="string")
print(response)

ReadContainerImagesByState

Section titled “ReadContainerImagesByState”

Retrieve count of image states running on containers

GET /container-security/aggregates/containers/images-by-state/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_images_by_state

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter using a query in Falcon Query Language (FQL). Supported filters: cid
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_images_by_state(filter="string")
print(response)

ReadContainersSensorCoverage

Section titled “ReadContainersSensorCoverage”

Bucket containers by agent type and calculate sensor coverage

GET /container-security/aggregates/containers/sensor-coverage/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_sensor_coverage

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_sensor_coverage(filter="string")
print(response)

ReadContainerVulnerabilitiesBySeverityCount

Section titled “ReadContainerVulnerabilitiesBySeverityCount”

Retrieve container vulnerabilities by severity counts

GET /container-security/aggregates/containers/vulnerability-count-by-severity/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_vulnerability_counts_by_severity

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringGet vulnerabilities count by severity for container using a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_vulnerability_counts_by_severity(filter="string")
print(response)

ReadDeploymentsByDateRangeCount

Section titled “ReadDeploymentsByDateRangeCount”

Retrieve deployments by date range counts

GET /container-security/aggregates/deployments/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_deployment_counts_by_date_range

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_deployment_counts_by_date_range()
print(response)

ReadDeploymentCount

Section titled “ReadDeploymentCount”

Retrieve deployment counts

GET /container-security/aggregates/deployments/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_deployment_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes deployments that match a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_deployment_count(filter="string")
print(response)

ReadClusterEnrichment

Section titled “ReadClusterEnrichment”

Retrieve cluster enrichment data

GET /container-security/aggregates/enrichment/clusters/entities/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_cluster_enrichment

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cluster_idquerystring or list of stringsOne or more cluster ids for which to retrieve enrichment info
filterquerystringSupported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.read_cluster_enrichment(cluster_id=id_list, filter="string")
print(response)

ReadContainerEnrichment

Section titled “ReadContainerEnrichment”

Retrieve container enrichment data

GET /container-security/aggregates/enrichment/containers/entities/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_container_enrichment

Parameters

Section titled “Parameters”
NameTypeData typeDescription
container_idquerystring or list of stringsOne or more container ids for which to retrieve enrichment info
filterquerystringSupported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.read_container_enrichment(container_id=id_list,
                                            filter="string")
print(response)

ReadDeploymentEnrichment

Section titled “ReadDeploymentEnrichment”

Retrieve deployment enrichment data

GET /container-security/aggregates/enrichment/deployments/entities/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_deployment_enrichment

Parameters

Section titled “Parameters”
NameTypeData typeDescription
deployment_idquerystring or list of stringsOne or more deployment ids for which to retrieve enrichment info
filterquerystringSupported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.read_deployment_enrichment(deployment_id=id_list,
                                             filter="string")
print(response)

ReadNodeEnrichment

Section titled “ReadNodeEnrichment”

Retrieve node enrichment data

GET /container-security/aggregates/enrichment/nodes/entities/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_node_enrichment

Parameters

Section titled “Parameters”
NameTypeData typeDescription
node_namequerystring or list of stringsOne or more node names for which to retrieve enrichment info
filterquerystringSupported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_node_enrichment(node_name="string", filter="string")
print(response)

ReadPodEnrichment

Section titled “ReadPodEnrichment”

Retrieve pod enrichment data

GET /container-security/aggregates/enrichment/pods/entities/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_pod_enrichment

Parameters

Section titled “Parameters”
NameTypeData typeDescription
pod_idquerystring or list of stringsOne or more pod ids for which to retrieve enrichment info
filterquerystringSupported filters: cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,last_seen,namespace
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.read_pod_enrichment(pod_id=id_list, filter="string")
print(response)

ReadDistinctContainerImageCount

Section titled “ReadDistinctContainerImageCount”

Retrieve count of distinct images running on containers

GET /container-security/aggregates/images/count-by-distinct/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_distinct_image_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,ai_related,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_distinct_image_count(filter="string")
print(response)

ReadContainerImagesByMostUsed

Section titled “ReadContainerImagesByMostUsed”

Bucket container by image-digest

GET /container-security/aggregates/images/most-used/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_images_by_most_used

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes containers that match a query in Falcon Query Language (FQL). Supported filters: ai_related,agent_id,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_images_by_most_used(filter="string")
print(response)

ReadKubernetesIomByDateRange

Section titled “ReadKubernetesIomByDateRange”

Returns the count of Kubernetes IOMs by the date. by default it’s for 7 days.

GET /container-security/aggregates/kubernetes-ioms/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_iom_count_by_date_range

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_iom_count_by_date_range(filter="string")
print(response)

ReadNamespacesByDateRangeCount

Section titled “ReadNamespacesByDateRangeCount”

Retrieve namespaces by date range counts

GET /container-security/aggregates/namespaces/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_namespaces_by_date_range_count

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_namespaces_by_date_range_count()
print(response)

ReadNamespaceCount

Section titled “ReadNamespaceCount”

Retrieve namespace counts

GET /container-security/aggregates/namespaces/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_namespace_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes clusters that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cloud_service,cluster_id,cluster_name,first_seen,kac_agent_id,last_seen,namespace_id,namespace_name,resource_status
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_namespace_count(filter="string")
print(response)

ReadKubernetesIomCount

Section titled “ReadKubernetesIomCount”

Returns the total count of Kubernetes IOMs over the past seven days

GET /container-security/aggregates/kubernetes-ioms/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_iom_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringFilter images using a query in Falcon Query Language (FQL). Supported filters: cid,created_timestamp,detect_timestamp,prevented,severity
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_iom_count(filter="string")
print(response)

ReadNodesByCloudCount

Section titled “ReadNodesByCloudCount”

Bucket nodes by cloud providers

GET /container-security/aggregates/nodes/count-by-cloud/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_node_counts_by_cloud

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_node_counts_by_cloud(filter="string")
print(response)

ReadNodesByContainerEngineVersionCount

Section titled “ReadNodesByContainerEngineVersionCount”

Bucket nodes by their container engine version

GET /container-security/aggregates/nodes/count-by-container-engine-version/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_nodes_by_container_engine_version

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_nodes_by_container_engine_version(filter="string")
print(response)

ReadNodesByDateRangeCount

Section titled “ReadNodesByDateRangeCount”

Retrieve nodes by date range counts

GET /container-security/aggregates/nodes/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_node_counts_by_date_range

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_node_counts_by_date_range(filter="string")
print(response)

ReadNodeCount

Section titled “ReadNodeCount”

Retrieve node counts

GET /container-security/aggregates/nodes/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_node_count

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes nodes that match a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_node_count(filter="string")
print(response)

ReadPodsByDateRangeCount

Section titled “ReadPodsByDateRangeCount”

Retrieve pods by date range counts

GET /container-security/aggregates/pods/count-by-date/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_pod_counts_by_date_range

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_pod_counts_by_date_range()
print(response)

ReadPodCount

Section titled “ReadPodCount”

Retrieve pod counts

GET /container-security/aggregates/pods/count/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_pod_counts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve count of Kubernetes pods that match a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_pod_counts(filter="string")
print(response)

ReadClusterCombined

Section titled “ReadClusterCombined”

Retrieve kubernetes clusters identified by the provided filter criteria

GET /container-security/combined/clusters/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_clusters_combined

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filters: access,agent_id,agent_status,agent_type,cid,cloud_account_id,cloud_name,cloud_region,cloud_service,cluster_id,cluster_name,cluster_status,container_count,iar_version,kubernetes_version,last_seen,management_status,node_count,pod_count,tags, namespace, pod_name
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringField to sort results by
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_clusters_combined(filter="string",
                                         limit=integer,
                                         offset=integer,
                                         sort="string")
print(response)

ReadClusterCombinedV2

Section titled “ReadClusterCombinedV2”

Retrieve kubernetes clusters identified by the provided filter criteria

GET /container-security/combined/clusters/v2
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_clusters_combined_v2

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes clusters using a query in Falcon Query Language (FQL). Supported filter fields: access, agent_id, agent_status, agent_type, cid, cloud_account_id, cloud_name, cloud_region, cloud_service, cluster_id, cluster_name, cluster_status, container_count, iar_coverage, kac_agent_id, kubernetes_version, last_seen, management_status, node_count, pod_count, namespace, pod_name and tags
sortquerystringThe fields to sort the records on.
include_countsquerybooleanFlag to include node, pod and container counts in the response
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_clusters_combined_v2(filter="string",
                                            include_counts=boolean,
                                            limit=integer,
                                            offset=integer,
                                            sort="string")
print(response)

ReadRunningContainerImages

Section titled “ReadRunningContainerImages”

Retrieve images on running containers

GET /container-security/combined/container-images/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_running_images

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringRetrieve list of images on running containers using a query in Falcon Query Language (FQL). Supported filters: cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,hosts,image_digest,image_has_been_assessed,image_id,image_name,image_registry,image_repository,image_tag,last_seen,namespace,running_status
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringField to sort results by
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_running_images(filter=["string"],
                                      limit=integer,
                                      offset=integer,
                                      sort="string")
print(response)

ReadContainerCombined

Section titled “ReadContainerCombined”

Retrieve containers identified by the provided filter criteria

GET /container-security/combined/containers/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_containers_combined

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes containers using a query in Falcon Query Language (FQL). Supported filters: agent_id,ai_related,agent_type,allow_privilege_escalation,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_id,container_name,cve_id,detection_name,first_seen,image_detection_count,image_digest,image_has_been_assessed,image_id,image_registry,image_repository,image_tag,image_vulnerability_count,insecure_mount_source,insecure_mount_type,insecure_propagation_mode,interactive_mode,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,package_name_version,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user,running_status
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringField to sort results by
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_containers_combined(filter="string",
                                           limit=integer,
                                           offset=integer,
                                           sort="string")
print(response)

ReadDeploymentCombined

Section titled “ReadDeploymentCombined”

Retrieve kubernetes deployments identified by the provided filter criteria

GET /container-security/combined/deployments/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_deployments_combined

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes deployments using a query in Falcon Query Language (FQL). Supported filters: annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,deployment_id,deployment_name,first_seen,last_seen,namespace,pod_count
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringField to sort results by
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_deployments_combined(filter="string",
                                            limit=integer,
                                            offset=integer,
                                            sort="string")
print(response)

SearchAndReadKubernetesIomEntities

Section titled “SearchAndReadKubernetesIomEntities”

Search Kubernetes IOM by the provided search criteria

GET /container-security/combined/kubernetes-ioms/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 search_and_read_ioms

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_ai_related,containers_impacted_count,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringThe fields to sort the records on.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.search_and_read_ioms(filter="string",
                                       limit=integer,
                                       offset=integer,
                                       sort="string")
print(response)

ReadNodeCombined

Section titled “ReadNodeCombined”

Retrieve kubernetes nodes identified by the provided filter criteria

GET /container-security/combined/nodes/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_nodes_combined

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes nodes using a query in Falcon Query Language (FQL). Supported filters: aid,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,container_runtime_version,first_seen,image_digest,ipv4,last_seen,node_name,node_uid,pod_count
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringField to sort results by
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_nodes_combined(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string")
print(response)

ReadPodCombined

Section titled “ReadPodCombined”

Retrieve kubernetes pods identified by the provided filter criteria

GET /container-security/combined/pods/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_pods_combined

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes pods using a query in Falcon Query Language (FQL). Supported filters: agent_id,agent_type,allow_privilege_escalation,annotations_list,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,container_count,ipv4,ipv6,labels,last_seen,namespace,node_name,node_uid,owner_id,owner_type,pod_id,pod_name,port,privileged,root_write_access,run_as_root_group,run_as_root_user
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringField to sort results by
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.read_pods_combined(filter="string",
                                     limit=integer,
                                     offset=integer,
                                     sort="string")
print(response)

ReadKubernetesIomEntities

Section titled “ReadKubernetesIomEntities”

Retrieve Kubernetes IOM entities identified by the provided IDs

GET /container-security/entities/kubernetes-ioms/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 read_iom_entities

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsSearch Kubernetes IOMs by ids - The maximum amount is 100 IDs
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.read_iom_entities(ids=id_list)
print(response)

SearchKubernetesIoms

Section titled “SearchKubernetesIoms”

Search Kubernetes IOMs by the provided search criteria. this endpoint returns a list of Kubernetes IOM UUIDs matching the query

GET /container-security/queries/kubernetes-ioms/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 search_ioms

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringSearch Kubernetes IOMs using a query in Falcon Query Language (FQL). Supported filters: cid,cis_id,cluster_id,cluster_name,containers_impacted_count,containers_impacted_ai_related,containers_impacted_ids,detection_type,name,namespace,resource_id,resource_name,resource_type,prevented,severity
limitqueryintegerThe upper-bound on the number of records to retrieve.
offsetqueryintegerThe offset from where to begin.
sortquerystringThe fields to sort the records on.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.search_ioms(filter="string",
                              limit=integer,
                              offset=integer,
                              sort="string")
print(response)

GetAWSAccounts

Section titled “GetAWSAccounts”

Provides a list of AWS accounts.

GET /kubernetes-protection/entities/accounts/aws/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 get_aws_accounts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsAWS Account ID(s).
is_horizon_acctquerystringFilter by whether an account originates from Horizon or not. Allowed values: False or True
limitqueryintegerMaximum number of records to return.
offsetqueryintegerStarting index of overall result set from which to return ids.
parametersquerydictionaryFull query string parameters payload in JSON format.
statusquerystringFilter by account status.

Code Examples

Section titled “Code Examples”
from falconpy import CloudConnectAWS


falcon = CloudConnectAWS(client_id=CLIENT_ID,
                         client_secret=CLIENT_SECRET
                         )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_aws_accounts(ids=id_list)
print(response)

CreateAWSAccount

Section titled “CreateAWSAccount”

Creates a new AWS account in our system for a customer and generates the installation script

POST /kubernetes-protection/entities/accounts/aws/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 create_aws_account

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
account_idbodystringAccount ID.
regionbodystringCloud region.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.create_aws_account(account_id="string", region="string")
print(response)

DeleteAWSAccountsMixin0

Section titled “DeleteAWSAccountsMixin0”

Delete AWS accounts.

DELETE /kubernetes-protection/entities/accounts/aws/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 delete_aws_accounts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsAWS Account ID(s) to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_aws_accounts(ids=id_list)
print(response)

UpdateAWSAccount

Section titled “UpdateAWSAccount”

Updates the AWS account per the query parameters provided

PATCH /kubernetes-protection/entities/accounts/aws/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 update_aws_account

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsAWS Account ID(s) to update.
parametersquerydictionaryFull query string parameters payload in JSON format.
regionquerystringDefault region for account automation.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.update_aws_account(ids=id_list, region="string")
print(response)

ListAzureAccounts

Section titled “ListAzureAccounts”

Provides the azure subscriptions registered to Kubernetes Protection.

GET /kubernetes-protection/entities/accounts/azure/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 list_azure_accounts

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsAzure Tenant ID(s).
subscription_idquerystring or list of stringsAzure Subscription ID(s).
is_horizon_acctquerybooleanFlag indicating if we should filter by accounts originating from Horizon.
limitqueryintegerMaximum number of records to return.
offsetqueryintegerStarting index of overall result set from which to return ids.
parametersquerydictionaryFull query string parameters payload in JSON format.
statusquerystringFilter by account status (operational or provisioned).

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.list_azure_accounts(ids=id_list,
                                      is_horizon_acct=boolean,
                                      subscription_id=id_list,
                                      limit=integer,
                                      offset=integer,
                                      status="string")
print(response)

CreateAzureSubscription

Section titled “CreateAzureSubscription”

Creates a new Azure Subscription in our system

POST /kubernetes-protection/entities/accounts/azure/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 create_azure_subscription

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
subscription_idbodystringAzure Subscription ID.
tenant_idbodystringAzure Tenant ID.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.create_azure_subscription(subscription_id="string",
                                            tenant_id="string")
print(response)

DeleteAzureSubscription

Section titled “DeleteAzureSubscription”

Delete an Azure Subscription from the system.

DELETE /kubernetes-protection/entities/accounts/azure/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 delete_azure_subscription

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsAzure Subscription ID(s) to delete.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.delete_azure_subscription(ids=id_list)
print(response)

GetLocations

Section titled “GetLocations”

Provides the cloud locations acknowledged by the Kubernetes Protection service

GET /kubernetes-protection/entities/cloud-locations/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 get_locations

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cloudsquerystring or list of stringsCloud provider.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_locations(clouds=id_list)
print(response)

GetCombinedCloudClusters

Section titled “GetCombinedCloudClusters”

Returns a combined list of provisioned cloud accounts and known kubernetes clusters.

GET /kubernetes-protection/entities/cloud_cluster/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 get_cloud_clusters

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cluster_servicequerystring or list of stringsCluster Service.
cluster_statusquerystring or list of stringsCluster Status.
idsquerystring or list of stringsCloud Account IDs.
locationsquerystring or list of stringsCloud location.
limitqueryintegerLimit returned results.
offsetqueryintegerPagination offset.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_cloud_clusters(cluser_service=id_list,
                                     cluster_status=id_list,
                                     ids=id_list,
                                     locations=id_list,
                                     limit=integer,
                                     offset=integer)
print(response)

GetAzureTenantConfig

Section titled “GetAzureTenantConfig”

Returns the Azure tenant config.

GET /kubernetes-protection/entities/config/azure/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 get_azure_tenant_config

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsCloud Account IDs.
limitqueryintegerLimit returned results.
offsetqueryintegerPagination offset.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_azure_tenant_config(ids=id_list,
                                          limit=integer,
                                          offset=integer)
print(response)

GetStaticScripts

Section titled “GetStaticScripts”

Get static bash scripts that are used during registration.

GET /kubernetes-protection/entities/gen/scripts/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json application/octet-stream
PEP 8 get_static_scripts

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.get_static_scripts()
print(response)

GetAzureTenantIDs

Section titled “GetAzureTenantIDs”

Provides all the azure subscriptions and tenants IDs.

GET /kubernetes-protection/entities/tenants/azure/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 get_azure_tenant_ids

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsCloud Account IDs.
statusquerystringCluster status. (Not Installed, Running, Stopped)
limitqueryintegerLimit returned results.
offsetqueryintegerPagination offset.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_azure_tenant_ids(ids=id_list,
                                       status="string",
                                       limit=integer,
                                       offset=integer)
print(response)

GetAzureInstallScript

Section titled “GetAzureInstallScript”

Provide the script to run for a given tenant id and subscription IDs.

GET /kubernetes-protection/entities/user-script/azure/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json application/octet-stream
PEP 8 get_azure_install_script

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringAzure Tenant ID.
subscription_idquerystring or list of stringsAzure Subscription IDs.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required when using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_azure_install_script(id="string", subscription_id=id_list)
print(response)

GetHelmValuesYaml

Section titled “GetHelmValuesYaml”

Provides a sample Helm values.yaml file for a customer to install alongside the agent Helm chart

GET /kubernetes-protection/entities/integration/agent/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json application/yaml
PEP 8 get_helm_values_yaml

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cluster_namequerystringCluster name. For EKS this will be the cluster ARN.
is_self_managed_clusterquerybooleanSet to True if the cluster is not managed by a cloud provider, and False if it is.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.get_helm_values_yaml(cluster_name="string",
                                       is_self_managed_cluster="string")
print(response)

RegenerateAPIKey

Section titled “RegenerateAPIKey”

Regenerate API key for docker registry integrations.

POST /kubernetes-protection/entities/integration/api-key/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 regenerate

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.regenerate()
print(response)

GetClusters

Section titled “GetClusters”

Provides the clusters acknowledged by the Kubernetes Protection service

GET /kubernetes-protection/entities/kubernetes/clusters/v1
Scope Kubernetes Protection: READ Consumes · Produces application/json
PEP 8 get_clusters

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cluster_namesquerystring or list of stringsCluster name. For EKS this will be the cluster ARN.
account_idsquerystring or list of stringsCluster account ID. For EKS this will be the AWS account ID.
locationsquerystring or list of stringsCloud location.
cluster_servicequerystringCluster service.
limitqueryintegerMaximum number of results to return.
offsetqueryintegerStarting offset to begin returning results.
statusquerystring or list of stringsCluster status.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_clusters(account_ids=id_list,
                               cluster_names=id_list,
                               cluster_service="string",
                               limit=integer,
                               locations=id_list,
                               status="string",
                               offset="string")
print(response)

TriggerScan

Section titled “TriggerScan”

Triggers a dry run or a full scan of a customer’s kubernetes footprint.

POST /kubernetes-protection/entities/scan/trigger/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 trigger_scan

Parameters

Section titled “Parameters”
NameTypeData typeDescription
scan_typequerystringType of scan to perform, cluster-refresh, dry-run or full. Defaults to dry-run.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.trigger_scan(scan_type="string")
print(response)

PostSearchKubernetesIOMEntities

Section titled “PostSearchKubernetesIOMEntities”

Search Kubernetes IOM entities by filter criteria

POST /container-security/combined/kubernetes-ioms/search/v1
Scope Falcon Container Image: READ Consumes · Produces application/json
PEP 8 search_kubernetes_ioms

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format
filterquerystringFQL filter to search Kubernetes IOM entities
limitqueryintegerMaximum number of entities to return
sortquerystringSort specification for results
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.search_kubernetes_ioms(filter="string",
                                         sort="string",
                                         limit=integer)
print(response)

PatchAzureServicePrincipal

Section titled “PatchAzureServicePrincipal”

Adds the client ID for the given tenant ID to our system.

PATCH /kubernetes-protection/entities/service-principal/azure/v1
Scope Kubernetes Protection: WRITE Consumes · Produces application/json
PEP 8 update_azure_service_principal

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idquerystringAzure Tenant ID.
client_idquerystringAzure Client ID.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import KubernetesProtection


falcon = KubernetesProtection(client_id=CLIENT_ID,
                              client_secret=CLIENT_SECRET
                              )


response = falcon.update_azure_service_principal(id="string",
                                                 client_id="string")
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use