-
Notifications
You must be signed in to change notification settings - Fork 122
Image Assessment Policies
Operation ID | Description | ||||
---|---|---|---|---|---|
|
Get all Image Assessment policies | ||||
|
Create Image Assessment policies | ||||
|
Delete Image Assessment Policy by policy UUID | ||||
|
Update Image Assessment Policy entities | ||||
|
Retrieve Image Assessment Policy Exclusion entities | ||||
|
Update Image Assessment Policy Exclusion entities | ||||
|
Retrieve Image Assessment Policy Group entities | ||||
|
Create Image Assessment Policy Group entities | ||||
|
Delete Image Assessment Policy Group entities | ||||
|
Update Image Assessment Policy Group entities | ||||
|
Update Image Assessment Policy precedence |
WARNING
client_id
andclient_secret
are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.
Get all Image Assessment policies.
read_policies
Method | Route |
---|---|
/container-security/entities/image-assessment-policies/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_policies()
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPolicies()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPolicies")
print(response)
Create Image Assessment policies.
create_policies
Method | Route |
---|---|
/container-security/entities/image-assessment-policies/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body |
|
body | dictionary | Full body payload in JSON format. | |
description |
|
body | string | Policy description. | |
name |
|
body | string | Policy name. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.create_policies(description="string", name="string")
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.CreatePolicies(description="string", name="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"name": "string"
}
response = falcon.command("CreatePolicies", body=body_payload)
print(response)
Delete Image Assessment Policy by policy UUID.
delete_policy
Method | Route |
---|---|
/container-security/entities/image-assessment-policies/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Image Assessment Policy entity UUID. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_policy(id="string")
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeletePolicy(id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeletePolicy", id="string")
print(response)
Update Image Assessment Policy entities.
update_policies
Method | Route |
---|---|
/container-security/entities/image-assessment-policies/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
description | body | string | Policy description. | ||
id | query | string | Image Assessment Policy entity UUID. | ||
is_enabled | query | boolean | Flag indicating if the policy is currently enabled. | ||
name | body | string | Policy name. | ||
parameters | query | dictionary | Full query string parameters payload in JSON format. | ||
policy_data | body | dictionary | Image Assessment Policy rules in JSON format. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
policy_data = {
"rules": [
{
"action": "string",
"policy_rules_data": {
"conditions": [
{}
]
}
}
]
}
response = falcon.update_policies(description="string",
id="string",
is_enabled=boolean,
name="string",
policy_data=policy_data
)
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
policy_data = {
"rules": [
{
"action": "string",
"policy_rules_data": {
"conditions": [
{}
]
}
}
]
}
response = falcon.UpdatePolicies(description="string",
id="string",
is_enabled=boolean,
name="string",
policy_data=policy_data
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
body_payload = {
"description": "string",
"is_enabled": boolean,
"name": "string",
"policy_data": {
"rules": [
{
"action": "string",
"policy_rules_data": {
"conditions": [
{}
]
}
}
]
}
}
response = falcon.command("UpdatePolicies",
id="string",
body=body_payload
)
print(response)
Retrieve Image Assessment Policy Exclusion entities.
read_policy_exclusions
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-exclusions/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_policy_exclusions()
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPolicyExclusions()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPolicyExclusions")
print(response)
Update Image Assessment Policy Exclusion entities.
update_policy_exclusions
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-exclusions/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
conditions | body | list of dictionaries | List of conditions to apply. Overrides other keywords if provided. | ||
description | body | string | Condition description. Ignored if conditions keyword is used. |
||
prop | body | string | Condition property. Ignored if conditions keyword is used. |
||
ttl | body | integer | Condition time to live. Ignored if conditions keyword is used. |
||
value | body | list of strings | Condition values. Ignored if conditions keyword is used. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
value_list = ["VALUE1", "VALUE2", "VALUE3"]
response = falcon.update_policy_exclusions(description="string",
prop="string",
ttl=integer,
value=value_list
)
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
value_list = ["VALUE1", "VALUE2", "VALUE3"]
response = falcon.UpdatePolicyExclusions(description="string",
prop="string",
ttl=integer,
value=value_list
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# The following structure can be used in the examples
# above (i.e. Service Class usage) by leveraging the
# conditions keyword. This will override the other
# keywords listed in the examples above.
conditions_list = [
{
"description": "string",
"prop": "string",
"ttl": integer,
"value": [
"string"
]
},
{
"description": "string",
"prop": "string",
"ttl": integer,
"value": [
"string"
]
}
]
body_payload = {
"conditions": conditions_list
}
response = falcon.command("UpdatePolicyExclusions", body=body_payload)
print(response)
Retrieve Image Assessment Policy Group entities.
read_policy_groups
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-groups/v1 |
- Produces: application/json
No keywords or arguments accepted.
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.read_policy_groups()
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.ReadPolicyGroups()
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("ReadPolicyGroups")
print(response)
Create Image Assessment Policy Group entities.
create_policy_groups
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
conditions | body | list of dictionaries | List of policy conditions to apply. Overriden if policy_group_data keyword is used. |
||
description | body | string | Policy group description. | ||
name | body | string | Policy group name. | ||
policy_group_data | body | dictionary | Policy group data in JSON format. Overrides conditions keyword if provided. |
||
policy_id | body | string | Policy ID. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions_list = [
{},
{}
]
response = falcon.create_policy_groups(conditions=conditions_list,
description="string",
name="string",
policy_id="string"
)
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions_list = [
{},
{}
]
response = falcon.CreatePolicyGroups(conditions=conditions_list,
description="string",
name="string",
policy_id="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions_list = [
{},
{}
]
body_payload = {
"description": "string",
"name": "string",
"policy_group_data": {
"conditions": condtions_list
},
"policy_id": "string"
}
response = falcon.command("CreatePolicyGroups", body=body_payload)
print(response)
Delete Image Assessment Policy Group entities
delete_policy_group
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
id |
|
|
query | string | Policy Image group entity UUID. |
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.delete_policy_group(id="string")
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.DeletePolicyGroup(id="string")
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
response = falcon.command("DeletePolicyGroup", id="string")
print(response)
Update Image Assessment Policy Group entities
update_policy_groups
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-groups/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
conditions | body | list of dictionaries | List of policy conditions to apply. Overriden if policy_group_data keyword is used. |
||
description | body | string | Policy group description. | ||
id |
|
|
query | string | Policy Image group entity UUID. |
name | body | string | Policy group name. | ||
parameters |
|
|
query | dictionary | Full query string parameters payload in JSON format. |
policy_group_data | body | dictionary | Policy group data in JSON format. Overrides conditions keyword if provided. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions_list = [
{},
{}
]
response = falcon.update_policy_groups(id="string",
conditions=conditions_list,
description="string",
name="string"
)
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions_list = [
{},
{}
]
response = falcon.UpdatePolicyGroups(id="string",
conditions=conditions_list,
description="string",
name="string"
)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
conditions_list = [
{},
{}
]
body_payload = {
"description": "string",
"name": "string",
"policy_group_data": {
"conditions": conditions_list
}
}
response = falcon.command("UpdatePolicyGroups", id="string", body=body_payload)
print(response)
Update Image Assessment Policy precedence
update_policy_precedence
Method | Route |
---|---|
/container-security/entities/image-assessment-policy-precedence/v1 |
- Produces: application/json
Name | Service | Uber | Type | Data type | Description |
---|---|---|---|---|---|
body | body | dictionary | Full body payload in JSON format. | ||
precedence | body | string or list of strings | List of policy conditions to apply. |
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Precedence will be applied in the order provided.
ordered_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.update_policy_precedence(precedence=ordered_list)
print(response)
from falconpy import ImageAssessmentPolicies
# Do not hardcode API credentials!
falcon = ImageAssessmentPolicies(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Precedence will be applied in the order provided.
ordered_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
response = falcon.UpdatePolicyPrecedence(precedence=ordered_list)
print(response)
from falconpy import APIHarnessV2
# Do not hardcode API credentials!
falcon = APIHarnessV2(client_id=CLIENT_ID,
client_secret=CLIENT_SECRET
)
# Precedence will be applied in the order provided.
ordered_list = 'ID1,ID2,ID3' # Can also pass a list here: ['ID1', 'ID2', 'ID3']
body_payload = {
"precedence": ordered_list
}
response = falcon.command("UpdatePolicyPrecedence", body=body_payload)
print(response)
- Home
- Discussions Board
- Glossary of Terms
- Installation, Upgrades and Removal
- Samples Collection
- Using FalconPy
- API Operations
-
Service Collections
- Alerts
- API Integrations
- ASPM
- Certificate Based Exclusions
- Cloud Connect AWS (deprecated)
- Cloud Snapshots
- Compliance Assessments
- Configuration Assessment
- Configuration Assessment Evaluation Logic
- Container Alerts
- Container Detections
- Container Images
- Container Packages
- Container Vulnerabilities
- CSPM Registration
- Custom IOAs
- Custom Storage
- D4C Registration (deprecated)
- DataScanner
- Delivery Settings
- Detects
- Device Control Policies
- Discover
- Downloads
- Drift Indicators
- Event Streams
- Exposure Management
- Falcon Complete Dashboard
- Falcon Container
- Falcon Intelligence Sandbox
- FDR
- FileVantage
- Firewall Management
- Firewall Policies
- Foundry LogScale
- Host Group
- Host Migration
- Hosts
- Identity Protection
- Image Assessment Policies
- Incidents
- Installation Tokens
- Intel
- IOA Exclusions
- IOC
- IOCs (deprecated)
- Kubernetes Protection
- MalQuery
- Message Center
- ML Exclusions
- Mobile Enrollment
- MSSP (Flight Control)
- OAuth2
- ODS (On Demand Scan)
- Overwatch Dashboard
- Prevention Policy
- Quarantine
- Quick Scan
- Quick Scan Pro
- Real Time Response
- Real Time Response Admin
- Real Time Response Audit
- Recon
- Report Executions
- Response Policies
- Sample Uploads
- Scheduled Reports
- Sensor Download
- Sensor Update Policy
- Sensor Usage
- Sensor Visibility Exclusions
- Spotlight Evaluation Logic
- Spotlight Vulnerabilities
- Tailored Intelligence
- ThreatGraph
- Unidentified Containers
- User Management
- Workflows
- Zero Trust Assessment
- Documentation Support
-
CrowdStrike SDKs
- Crimson Falcon - Ruby
- FalconPy - Python 3
- FalconJS - Javascript
- goFalcon - Go
- PSFalcon - Powershell
- Rusty Falcon - Rust