Unidentified Containers

The Unidentified Containers service collection provides operations for searching and counting unidentified containers in your CrowdStrike Falcon environment. Retrieve counts by date range or total time period, and search for containers by criteria including cloud provider, cluster, severity, and namespace.

Language	Last Update
Python	v1.4.6
PowerShell	v2.2.9
Go	v0.20.0
TypeScript	v0.6.0
Rust	v0.7.0
Ruby	v1.2.0

Operation	Description
ReadUnidentifiedContainersByDateRangeCount `read_count_by_date_range`	Returns the count of Unidentified Containers over the last 7 days
ReadUnidentifiedContainersCount `read_count`	Returns the total count of Unidentified Containers over a time period
SearchAndReadUnidentifiedContainers `search_and_read`	Search Unidentified Containers by the provided search criteria

ReadUnidentifiedContainersByDateRangeCount

Returns the count of Unidentified Containers over the last 7 days

GET /container-security/aggregates/unidentified-containers/count-by-date/v1

Scope Falcon Container Image: READ Consumes · Produces application/json

PEP 8 read_count_by_date_range

Parameters

Name	Type	Data type	Description
filter	query	string	Filter Unidentified Containers using a query in Falcon Query Language (FQL). Supported filters: assessed_images_count,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,containers_impacted_count,detections_count,image_assessment_detections_count,last_seen,namespace,node_name,severity,unassessed_images_count,visible_to_k8s
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import UnidentifiedContainers

falcon = UnidentifiedContainers(client_id=CLIENT_ID,
                                client_secret=CLIENT_SECRET
                                )

response = falcon.read_count_by_date_range(filter="string")
print(response)

from falconpy import UnidentifiedContainers

falcon = UnidentifiedContainers(client_id=CLIENT_ID,
                                client_secret=CLIENT_SECRET
                                )

response = falcon.ReadUnidentifiedContainersByDateRangeCount(filter="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadUnidentifiedContainersByDateRangeCount",
                          filter="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/unidentified_containers"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"

  response, err := client.UnidentifiedContainers.CountByDateRange(
    &unidentified_containers.CountByDateRangeParams{
      Filter: &filter,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.unidentifiedContainers.countByDateRange("string");  // filter

console.log(response);

use rusty_falcon::apis::unidentified_containers_api::read_unidentified_containers_by_date_range_count;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = read_unidentified_containers_by_date_range_count(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::UnidentifiedContainers.new

response = api.read_unidentified_containers_by_date_range_count(filter: 'string')

puts response

ReadUnidentifiedContainersCount

Returns the total count of Unidentified Containers over a time period

GET /container-security/aggregates/unidentified-containers/count/v1

Scope Falcon Container Image: READ Consumes · Produces application/json

PEP 8 read_count

Parameters

Name	Type	Data type	Description
filter	query	string	Filter Unidentified Containers using a query in Falcon Query Language (FQL). Supported filters: assessed_images_count,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,containers_impacted_count,detections_count,image_assessment_detections_count,last_seen,namespace,node_name,severity,unassessed_images_count,visible_to_k8s
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import UnidentifiedContainers

falcon = UnidentifiedContainers(client_id=CLIENT_ID,
                                client_secret=CLIENT_SECRET
                                )

response = falcon.read_count(filter="string")
print(response)

from falconpy import UnidentifiedContainers

falcon = UnidentifiedContainers(client_id=CLIENT_ID,
                                client_secret=CLIENT_SECRET
                                )

response = falcon.ReadUnidentifiedContainersCount(filter="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadUnidentifiedContainersCount",
                          filter="string")
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/unidentified_containers"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"

  response, err := client.UnidentifiedContainers.Count(
    &unidentified_containers.CountParams{
      Filter: &filter,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.unidentifiedContainers.count("string");  // filter

console.log(response);

use rusty_falcon::apis::unidentified_containers_api::read_unidentified_containers_count;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = read_unidentified_containers_count(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::UnidentifiedContainers.new

response = api.read_unidentified_containers_count(filter: 'string')

puts response

SearchAndReadUnidentifiedContainers

Search Unidentified Containers by the provided search criteria

GET /container-security/combined/unidentified-containers/v1

Scope Falcon Container Image: READ Consumes · Produces application/json

PEP 8 search_and_read

Parameters

Name	Type	Data type	Description
filter	query	string	Search Unidentified Containers using a query in Falcon Query Language (FQL). Supported filters: assessed_images_count,cid,cloud_account_id,cloud_name,cloud_region,cluster_id,cluster_name,containers_impacted_count,detections_count,image_assessment_detections_count,last_seen,namespace,node_name,severity,unassessed_images_count,visible_to_k8s
limit	query	integer	The upper-bound on the number of records to retrieve.
offset	query	integer	The offset from where to begin.
sort	query	string	The fields to sort the records on.
parameters	query	dictionary	Full query string parameters payload in JSON format.

Code Examples

from falconpy import UnidentifiedContainers

falcon = UnidentifiedContainers(client_id=CLIENT_ID,
                                client_secret=CLIENT_SECRET
                                )

response = falcon.search_and_read(filter="string",
                                  limit=integer,
                                  offset=integer,
                                  sort="string")
print(response)

from falconpy import UnidentifiedContainers

falcon = UnidentifiedContainers(client_id=CLIENT_ID,
                                client_secret=CLIENT_SECRET
                                )

response = falcon.SearchAndReadUnidentifiedContainers(filter="string",
                                                      limit=integer,
                                                      offset=integer,
                                                      sort="string")
print(response)

from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("SearchAndReadUnidentifiedContainers",
                          filter="string",
                          sort="string",
                          limit=integer,
                          offset=integer)
print(response)

package main

import (
  "context"
  "fmt"
  "os"

  "github.com/crowdstrike/gofalcon/falcon"
  "github.com/crowdstrike/gofalcon/falcon/client/unidentified_containers"
)

func main() {
  client, err := falcon.NewClient(&falcon.ApiConfig{
    ClientId:     os.Getenv("FALCON_CLIENT_ID"),
    ClientSecret: os.Getenv("FALCON_CLIENT_SECRET"),
    Context:      context.Background(),
  })
  if err != nil {
    panic(err)
  }

  filter := "string"
  sort := "string"
  limit := int64(0)
  offset := int64(0)

  response, err := client.UnidentifiedContainers.Search(
    &unidentified_containers.SearchParams{
      Filter: &filter,
      Sort: &sort,
      Limit: &limit,
      Offset: &offset,
      Context: context.Background(),
    },
  )
  if err != nil {
    panic(falcon.ErrorExplain(err))
  }

  fmt.Printf("%+v\n", response.Payload)
}

import { FalconClient } from "crowdstrike-falcon";

const client = new FalconClient({
  cloud: process.env.FALCON_CLOUD!,
  clientId: process.env.FALCON_CLIENT_ID!,
  clientSecret: process.env.FALCON_CLIENT_SECRET!,
});

const response = await client.unidentifiedContainers.search(
  "string",  // filter
  "string",  // sort
  integer,  // limit
  integer  // offset
);

console.log(response);

use rusty_falcon::apis::unidentified_containers_api::search_and_read_unidentified_containers;
use rusty_falcon::easy::client::FalconHandle;

#[tokio::main]
async fn main() {
    let falcon = FalconHandle::from_env().await.expect("Could not authenticate");

    let response = search_and_read_unidentified_containers(
        &falcon.cfg,  // configuration
        Some("string"),  // filter
        Some("string"),  // sort
        Some(integer),  // limit
        Some(integer),  // offset
    ).await.expect("API call failed");

    println!("{:?}", response);
}

require "crimson-falcon"

Falcon.configure do |config|
  config.client_id = ENV["FALCON_CLIENT_ID"]
  config.client_secret = ENV["FALCON_CLIENT_SECRET"]
  config.cloud = ENV["FALCON_CLOUD"]
end

api = Falcon::UnidentifiedContainers.new

response = api.search_and_read_unidentified_containers(filter: 'string',
                                                       sort: 'string',
                                                       limit: integer,
                                                       offset: integer)

puts response

Unidentified Containers

Table of Contents

ReadUnidentifiedContainersByDateRangeCount

Parameters

Code Examples

ReadUnidentifiedContainersCount

Parameters

Code Examples

SearchAndReadUnidentifiedContainers

Parameters

Code Examples