-
Notifications
You must be signed in to change notification settings - Fork 118
Cloud Snapshots
Joshua Hiller edited this page Apr 3, 2024
·
2 revisions
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Search for snapshot jobs identified by the provided filter. | ||||
|
Register a cloud account for snapshot scanning. | ||||
|
Retrieve snapshot jobs identified by the provided IDs. | ||||
|
Launch a snapshot scan for a given cloud asset. | ||||
|
Gets the registry credentials. | ||||
|
Retrieve the scan report for an instance. |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Search for snapshot jobs identified by the provided filter.
search_scan_jobs
Method | Route |
---|---|
/snapshots/combined/deployments/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
filter | query | string | Search snapshot jobs using a query in Falcon Query Language (FQL). Supported filters: account_id,asset_identifier,cloud_provider,region,status | ||
limit | query | integer | The upper-bound on the number of records to retrieve. | ||
offset | query | integer | The offset from where to begin. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. | ||
sort | query | string | The fields to sort the records on. Supported columns: [account_id asset_identifier cloud_provider instance_type last_updated_timestamp region status] |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.search_scan_jobs(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshot(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadDeploymentsCombined(filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadDeploymentsCombined",
filter="string",
limit=integer,
offset=integer,
sort="string"
)
print(response)
Register a cloud account for snapshot scanning.
register_account
Method | Route |
---|---|
/snapshots/entities/accounts/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
body | list of dictionaries | Full body payload in JSON format. | |
aws_accounts |
|
body | list of dictionaries | Complete list of AWS accounts to register. | |
account_number |
|
body | string | AWS account number. Overriden if aws_accounts keyword is provided. |
|
batch_regions |
|
body | string | Region the batch is executed within. Overriden if aws_accounts keyword is provided. |
|
iam_external_id |
|
body | string | The external ID of the IAM account used. Overriden if aws_accounts keyword is provided. |
|
iam_role_arn |
|
body | string | The AWS ARN for the IAM account used. Overriden if aws_accounts keyword is provided. |
|
kms_alias |
|
body | string | The KMS alias for the IAM account used. Overriden if aws_accounts keyword is provided. |
|
processing_account |
|
body | string | The ID of the processing account. Overriden if aws_accounts keyword is provided. |
from falconpy import CLoudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.register_account(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.RegisterCspmSnapshotAccount(account_number="string",
batch_regions="string",
iam_external_id="string",
iam_role_arn="string",
kms_alias="string",
processing_account="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"aws_accounts": [
{
"account_number": "string",
"batch_regions": [
{
"job_definition_name": "string",
"job_queue": "string",
"region": "string"
}
],
"iam_external_id": "string",
"iam_role_arn": "string",
"kms_alias": "string",
"processing_account": "string"
}
]
}
response = falcon.command("RegisterCspmSnapshotAccount", body=body_payload)
print(response)
Retrieve snapshot jobs identified by the provided IDs.
get_scan_jobs
Method | Route |
---|---|
/snapshots/entities/deployments/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | Search snapshot jobs by ids - The maximum amount is 100 IDs | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_jobs(ids=id_list)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.ReadDeploymentsEntities(ids=id_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("ReadDeploymentsEntities", ids=id_list)
print(response)
Launch a snapshot scan for a given cloud asset.
launch_scan_job
Method | Route |
---|---|
/snapshots/entities/deployments/v1 |
- Consumes: application/json
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
account_id | body | string | Cloud provider account ID. | ||
asset_id | body | string | Asset ID. | ||
body | body | list of dictionaries | Full body payload in JSON format. | ||
cloud_provider | body | string | Cloud provider. | ||
region | body | string | Cloud provider region. |
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.launch_scan_job(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreateDeploymentEntity(account_id="string",
asset_id="string",
cloud_provider="string",
region="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"resources": [
{
"account_id": "string",
"asset_identifier": "string",
"cloud_provider": "string",
"region": "string"
}
]
}
response = falcon.command("CreateDeploymentEntity", body=body_payload)
print(response)
Gets the registry credentials
get_credentials
Method | Route |
---|---|
/snapshots/entities/image-registry-credentials/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.get_credentials()
print(response)
from falconpy import CloudSnapshots
# Do not hardcode API credentials!
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.GetCredentialsMixin0()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("GetCredentialsMixin0")
print(response)
retrieve the scan report for an instance
get_scan_reports
Method | Route |
---|---|
/snapshots/entities/scanreports/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
ids | query | string or list of strings | the instance identifiers to fetch the report for. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. Not required if using other keywords. |
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.get_scan_reports(ids=id_list)
print(response)
from falconpy import CloudSnapshots
falcon = CloudSnapshots(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.GetScanReport(ids=id_list)
print(response)
from falconpy import APIHarnessV2
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
id_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.command("GetScanReport", ids=id_list)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- Detects
- Device Control Policies
- Discover
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust