Skip to content

Image Assessment Policies

Joshua Hiller edited this page Dec 10, 2024 · 6 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Image Assessment Policies service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
ReadPolicies
PEP8 read_policies
Get all Image Assessment policies
CreatePolicies
PEP8 create_policies
Create Image Assessment policies
DeletePolicy
PEP8 delete_policy
Delete Image Assessment Policy by policy UUID
UpdatePolicies
PEP8 update_policies
Update Image Assessment Policy entities
ReadPolicyExclusions
PEP8 read_policy_exclusions
Retrieve Image Assessment Policy Exclusion entities
UpdatePolicyExclusions
PEP8 update_policy_exclusions
Update Image Assessment Policy Exclusion entities
ReadPolicyGroups
PEP8 read_policy_groups
Retrieve Image Assessment Policy Group entities
CreatePolicyGroups
PEP8 create_policy_groups
Create Image Assessment Policy Group entities
DeletePolicyGroup
PEP8 delete_policy_group
Delete Image Assessment Policy Group entities
UpdatePolicyGroups
PEP8 update_policy_groups
Update Image Assessment Policy Group entities
UpdatePolicyPrecedence
PEP8 update_policy_precedence
Update Image Assessment Policy precedence

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

ReadPolicies

Get all Image Assessment policies.

PEP8 method name

read_policies

Endpoint

Method Route
GET /container-security/entities/image-assessment-policies/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.read_policies()

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.ReadPolicies()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPolicies")

print(response)

CreatePolicies

Create Image Assessment policies.

PEP8 method name

create_policies

Endpoint

Method Route
POST /container-security/entities/image-assessment-policies/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body Service Class Support
Uber Class Support body dictionary Full body payload in JSON format.
description Service Class Support
Uber Class Support body string Policy description.
name Service Class Support
Uber Class Support body string Policy name.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.create_policies(description="string", name="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.CreatePolicies(description="string", name="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

body_payload = {
  "description": "string",
  "name": "string"
}

response = falcon.command("CreatePolicies", body=body_payload)

print(response)

DeletePolicy

Delete Image Assessment Policy by policy UUID.

PEP8 method name

delete_policy

Endpoint

Method Route
DELETE /container-security/entities/image-assessment-policies/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Image Assessment Policy entity UUID.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.delete_policy(id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.DeletePolicy(id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("DeletePolicy", id="string")

print(response)

UpdatePolicies

Update Image Assessment Policy entities.

PEP8 method name

update_policies

Endpoint

Method Route
PATCH /container-security/entities/image-assessment-policies/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
description Service Class Support Uber Class Support body string Policy description.
id Service Class Support Uber Class Support query string Image Assessment Policy entity UUID.
is_enabled Service Class Support Uber Class Support query boolean Flag indicating if the policy is currently enabled.
name Service Class Support Uber Class Support body string Policy name.
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.
policy_data Service Class Support Uber Class Support body dictionary Image Assessment Policy rules in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )
policy_data = {
    "rules": [
        {
        "action": "string",
        "policy_rules_data": {
            "conditions": [
                {}
            ]
        }
        }
    ]
}

response = falcon.update_policies(description="string",
                                  id="string",
                                  is_enabled=boolean,
                                  name="string",
                                  policy_data=policy_data
                                  )
print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )
policy_data = {
    "rules": [
        {
        "action": "string",
        "policy_rules_data": {
            "conditions": [
                {}
            ]
        }
        }
    ]
}

response = falcon.UpdatePolicies(description="string",
                                 id="string",
                                 is_enabled=boolean,
                                 name="string",
                                 policy_data=policy_data
                                 )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )
body_payload = {
  "description": "string",
  "is_enabled": boolean,
  "name": "string",
  "policy_data": {
    "rules": [
      {
        "action": "string",
        "policy_rules_data": {
          "conditions": [
            {}
          ]
        }
      }
    ]
  }
}

response = falcon.command("UpdatePolicies",
                          id="string",
                          body=body_payload
                          )
print(response)

ReadPolicyExclusions

Retrieve Image Assessment Policy Exclusion entities.

PEP8 method name

read_policy_exclusions

Endpoint

Method Route
GET /container-security/entities/image-assessment-policy-exclusions/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.read_policy_exclusions()

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.ReadPolicyExclusions()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPolicyExclusions")

print(response)

UpdatePolicyExclusions

Update Image Assessment Policy Exclusion entities.

PEP8 method name

update_policy_exclusions

Endpoint

Method Route
POST /container-security/entities/image-assessment-policy-exclusions/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
conditions Service Class Support Uber Class Support body list of dictionaries List of conditions to apply. Overrides other keywords if provided.
description Service Class Support Uber Class Support body string Condition description. Ignored if conditions keyword is used.
prop Service Class Support Uber Class Support body string Condition property. Ignored if conditions keyword is used.
ttl Service Class Support Uber Class Support body integer Condition time to live. Ignored if conditions keyword is used.
value Service Class Support Uber Class Support body list of strings Condition values. Ignored if conditions keyword is used.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

value_list = ["VALUE1", "VALUE2", "VALUE3"]

response = falcon.update_policy_exclusions(description="string",
                                           prop="string",
                                           ttl=integer,
                                           value=value_list
                                           )
print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

value_list = ["VALUE1", "VALUE2", "VALUE3"]

response = falcon.UpdatePolicyExclusions(description="string",
                                         prop="string",
                                         ttl=integer,
                                         value=value_list
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# The following structure can be used in the examples
# above (i.e. Service Class usage) by leveraging the
# conditions keyword. This will override the other
# keywords listed in the examples above.
conditions_list = [
    {
      "description": "string",
      "prop": "string",
      "ttl": integer,
      "value": [
        "string"
      ]
    },
    {
      "description": "string",
      "prop": "string",
      "ttl": integer,
      "value": [
        "string"
      ]
    }    
]


body_payload = {
  "conditions": conditions_list
}

response = falcon.command("UpdatePolicyExclusions", body=body_payload)

print(response)

ReadPolicyGroups

Retrieve Image Assessment Policy Group entities.

PEP8 method name

read_policy_groups

Endpoint

Method Route
GET /container-security/entities/image-assessment-policy-groups/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

No keywords or arguments accepted.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.read_policy_groups()

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.ReadPolicyGroups()

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("ReadPolicyGroups")

print(response)

CreatePolicyGroups

Create Image Assessment Policy Group entities.

PEP8 method name

create_policy_groups

Endpoint

Method Route
POST /container-security/entities/image-assessment-policy-groups/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
conditions Service Class Support Uber Class Support body list of dictionaries List of policy conditions to apply. Overriden if policy_group_data keyword is used.
description Service Class Support Uber Class Support body string Policy group description.
name Service Class Support Uber Class Support body string Policy group name.
policy_group_data Service Class Support Uber Class Support body dictionary Policy group data in JSON format. Overrides conditions keyword if provided.
policy_id Service Class Support Uber Class Support body string Policy ID.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )
conditions_list = [
    {},
    {}
]
response = falcon.create_policy_groups(conditions=conditions_list,
                                       description="string",
                                       name="string",
                                       policy_id="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )
conditions_list = [
    {},
    {}
]
response = falcon.CreatePolicyGroups(conditions=conditions_list,
                                     description="string",
                                     name="string",
                                     policy_id="string"
                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

conditions_list = [
    {},
    {}
]
body_payload = {
  "description": "string",
  "name": "string",
  "policy_group_data": {
    "conditions": condtions_list
  },
  "policy_id": "string"
}

response = falcon.command("CreatePolicyGroups", body=body_payload)

print(response)

DeletePolicyGroup

Delete Image Assessment Policy Group entities

PEP8 method name

delete_policy_group

Endpoint

Method Route
DELETE /container-security/entities/image-assessment-policy-groups/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
id
Service Class Support

Uber Class Support
query string Policy Image group entity UUID.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.delete_policy_group(id="string")

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

response = falcon.DeletePolicyGroup(id="string")

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("DeletePolicyGroup", id="string")

print(response)

UpdatePolicyGroups

Update Image Assessment Policy Group entities

PEP8 method name

update_policy_groups

Endpoint

Method Route
PATCH /container-security/entities/image-assessment-policy-groups/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
conditions Service Class Support Uber Class Support body list of dictionaries List of policy conditions to apply. Overriden if policy_group_data keyword is used.
description Service Class Support Uber Class Support body string Policy group description.
id
Service Class Support

Uber Class Support
query string Policy Image group entity UUID.
name Service Class Support Uber Class Support body string Policy group name.
parameters
Service Class Support

Uber Class Support
query dictionary Full query string parameters payload in JSON format.
policy_group_data Service Class Support Uber Class Support body dictionary Policy group data in JSON format. Overrides conditions keyword if provided.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

conditions_list = [
    {},
    {}
]
response = falcon.update_policy_groups(id="string",
                                       conditions=conditions_list,
                                       description="string",
                                       name="string"
                                       )
print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

conditions_list = [
    {},
    {}
]
response = falcon.UpdatePolicyGroups(id="string",
                                     conditions=conditions_list,
                                     description="string",
                                     name="string"
                                     )
print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                    client_secret=CLIENT_SECRET
                    )

conditions_list = [
    {},
    {}
]
body_payload = {
  "description": "string",
  "name": "string",
  "policy_group_data": {
    "conditions": conditions_list
  }
}

response = falcon.command("UpdatePolicyGroups", id="string", body=body_payload)

print(response)

UpdatePolicyPrecedence

Update Image Assessment Policy precedence

PEP8 method name

update_policy_precedence

Endpoint

Method Route
POST /container-security/entities/image-assessment-policy-precedence/v1

Required Scope

falcon-container-image:write

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
body Service Class Support Uber Class Support body dictionary Full body payload in JSON format.
precedence Service Class Support Uber Class Support body string or list of strings List of policy conditions to apply.

Usage

Service class example (PEP8 syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

# Precedence will be applied in the order provided.
ordered_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.update_policy_precedence(precedence=ordered_list)

print(response)
Service class example (Operation ID syntax)
from falconpy import ImageAssessmentPolicies

# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
                                 client_secret=CLIENT_SECRET
                                 )

# Precedence will be applied in the order provided.
ordered_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.UpdatePolicyPrecedence(precedence=ordered_list)

print(response)
Uber class example
from falconpy import APIHarnessV2

# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

# Precedence will be applied in the order provided.
ordered_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

body_payload = {
  "precedence": ordered_list
}

response = falcon.command("UpdatePolicyPrecedence", body=body_payload)

print(response)

CrowdStrike Falcon

Clone this wiki locally