Skip to content

Kubernetes Container Compliance

Jump to bottom
Joshua Hiller edited this page Nov 5, 2025 · 2 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Kubernetes Container Compliance service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
AggregateAssessmentsGroupedByClustersV2
PEP8 aggregate_assessments_by_cluster
Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types.
AggregateComplianceByAssetType
PEP8 aggregate_compliance_by_asset_type
Provides aggregated compliance assessment metrics and rule status information, organized by asset type.
AggregateComplianceByClusterType
PEP8 aggregate_compliance_by_cluster_type
Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type.
AggregateComplianceByFramework
PEP8 aggregate_compliance_by_framework
Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework.
AggregateFailedRulesByClustersV3
PEP8 aggregate_failed_rules_by_clusters
Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low).
AggregateAssessmentsGroupedByRulesV2
PEP8 aggregate_assessments_by_rules
Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts.
AggregateTopFailedImages
PEP8 aggregate_top_failed_images
Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low).
CombinedImagesFindings
PEP8 image_findings
Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations.
CombinedNodesFindings
PEP8 node_findings
Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations.
getRulesMetadataByID
PEP8 get_rules_metadata
Retrieve detailed compliance rule information by ID. Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

AggregateAssessmentsGroupedByClustersV2

Returns cluster details along with aggregated assessment results organized by cluster, including pass/fail assessment counts for various asset types.

PEP8 method name

aggregate_assessments_by_cluster

Endpoint

Method Route
GET /container-compliance/aggregates/clusters/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support
Uber Class Support
 query integer The zero-based position of the first record to return.
limit
Service Class Support
Uber Class Support
 query integer The maximum number of records to return. (1-500) Default is 20.
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results.

Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_assessments_by_cluster(offset=integer,
                                                   limit=integer,
                                                   filter="string"
                                                   )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateAssessmentsGroupedByClustersV2(offset=integer,
                                                          limit=integer,
                                                          filter="string"
                                                          )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateAssessmentsGroupedByClustersV2",
                          offset=integer,
                          limit=integer,
                          filter="string"
                          )
print(response)

AggregateComplianceByAssetType

Provides aggregated compliance assessment metrics and rule status information, organized by asset type.

PEP8 method name

aggregate_compliance_by_asset_type

Endpoint

Method Route
GET /container-compliance/aggregates/compliance-by-asset-type/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_compliance_by_asset_type(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateComplianceByAssetType(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateComplianceByAssetType", filter="string")
print(response)

AggregateComplianceByClusterType

Provides aggregated compliance assessment metrics and rule status information, organized by Kubernetes cluster type.

PEP8 method name

aggregate_compliance_by_cluster_type

Endpoint

Method Route
GET /container-compliance/aggregates/compliance-by-cluster-type/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_compliance_by_cluster_type(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateComplianceByClusterType(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateComplianceByClusterType", filter="string")
print(response)

AggregateComplianceByFramework

Provides aggregated compliance assessment metrics and rule status information, organized by compliance framework.

PEP8 method name

aggregate_compliance_by_framework

Endpoint

Method Route
GET /container-compliance/aggregates/compliance-by-framework/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_compliance_by_framework(filter="string")
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateComplianceByFramework(filter="string")
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateComplianceByFramework", filter="string")
print(response)

AggregateFailedRulesByClustersV3

Retrieves the most non-compliant clusters, ranked in descending order based on the number of failed compliance rules across severity levels (critical, high, medium, and low).

PEP8 method name

aggregate_failed_rules_by_clusters

Endpoint

Method Route
GET /container-compliance/aggregates/failed-rules-by-clusters/v3

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
limit
Service Class Support
Uber Class Support
 query integer The maximum number of records to return. (1-100) Default is 10.
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_failed_rules_by_clusters(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateFailedRulesByClustersV3(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateFailedRulesByClustersV3", filter="string", limit=integer)
print(response)

AggregateAssessmentsGroupedByRulesV2

Returns rule details along with aggregated assessment results organized by compliance rule, including pass/fail assessment counts.

PEP8 method name

aggregate_assessments_by_rules

Endpoint

Method Route
GET /container-compliance/aggregates/rules/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
offset
Service Class Support
Uber Class Support
 query integer The zero-based position of the first record to return.
limit
Service Class Support
Uber Class Support
 query integer The maximum number of records to return. (1-500) Default is 20.
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_assessments_by_rules(offset=integer,
                                                 limit=integer,
                                                 filter="string"
                                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateAssessmentsGroupedByRulesV2(offset=integer,
                                                       limit=integer,
                                                       filter="string"
                                                       )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateAssessmentsGroupedByRulesV2", 
                          offset=integer,
                          limit=integer,
                          filter="string"
                          )
print(response)

AggregateTopFailedImages

Retrieves the most non-compliant container images, ranked in descending order based on the number of failed assessments across severity levels (critical, high, medium, and low).

PEP8 method name

aggregate_top_failed_images

Endpoint

Method Route
GET /container-compliance/aggregates/top-failed-images/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.severity
limit
Service Class Support
Uber Class Support
 query integer The maximum number of records to return. (1-100) Default is 10.
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.aggregate_top_failed_images(filter="string", limit=integer)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.AggregateTopFailedImages(filter="string", limit=integer)
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("AggregateTopFailedImages", filter="string", limit=integer)
print(response)

CombinedImagesFindings

Returns detailed compliance assessment results for container images, providing the information needed to identify compliance violations.

PEP8 method name

image_findings

Endpoint

Method Route
GET /container-compliance/combined/findings-by-images/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, cloud_info.namespace, compliance_finding.asset_uid, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status, image_digest, image_id, image_registry, image_repository, image_tag
after
Service Class Support
Uber Class Support
 query string A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limit
Service Class Support
Uber Class Support
 query integer The maximum number of images for which assessments are to be returned: 1-100. Default is 100. Use with the after parameter to manage pagination of results.
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.image_findings(filter="string",
                                 after="string",
                                 limit=integer
                                 )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.CombinedImagesFindings(filter="string",
                                         after="string",
                                         limit=integer
                                         )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedImagesFindings", 
                          filter="string",
                          after="string",
                          limit=integer
                          )
print(response)

CombinedNodesFindings

Returns detailed compliance assessment results for kubernetes nodes, providing the information needed to identify compliance violations.

PEP8 method name

node_findings

Endpoint

Method Route
GET /container-compliance/combined/findings-by-nodes/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter
Service Class Support
Uber Class Support
 query string FQL filter expression used to limit the results. Filter fields include: cid, cloud_info.cloud_account_id, cloud_info.cloud_provider, cloud_info.cloud_region, cloud_info.cluster_id, cloud_info.cluster_name, cloud_info.cluster_type, compliance_finding.asset_type, compliance_finding.asset_uid, compliance_finding.framework_name, compliance_finding.framework_name_version, compliance_finding.framework_version, compliance_finding.id, compliance_finding.severity, compliance_finding.status, aid, node_id, node_name, node_type
after
Service Class Support
Uber Class Support
 query string A pagination token used with the limit parameter to manage pagination of results. On your first request, don't provide an after token. On subsequent requests, provide the after token from the previous response to continue from that place in the results.
limit
Service Class Support
Uber Class Support
 query integer The maximum number of nodes for which assessments are to be returned: 1-100. Default is 100. Use with the after parameter to manage pagination of results.
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.node_findings(filter="string",
                                after="string",
                                limit=integer
                                )
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

response = falcon.CombinedNodesFindings(filter="string",
                                        after="string",
                                        limit=integer
                                        )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("CombinedNodesFindings",
                          filter="string",
                          after="string",
                          limit=integer
                          )
print(response)

getRulesMetadataByID

Retrieve detailed compliance rule information by ID.

Includes descriptions, remediation steps, and audit procedures by specifying rule identifiers.

PEP8 method name

get_rules_metadata

Endpoint

Method Route
GET /container-compliance/combined/findings-by-nodes/v2

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
ids
Service Class Support
Uber Class Support
 query string or list of strings Rule IDs.
parameters
Service Class Support
Uber Class Support
 query dictionary Full query string parameters payload in JSON format.

Usage

Service class example (PEP8 syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.get_rules_metadata(ids=id_list)
print(response)
Service class example (Operation ID syntax)
from falconpy import KubernetesContainerCompliance

falcon = KubernetesContainerCompliance(client_id=CLIENT_ID,
                                       client_secret=CLIENT_SECRET
                                       )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.getRulesMetadataByID(ids=id_list)
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']

response = falcon.command("getRulesMetadataByID", ids=id_list)
print(response)

CrowdStrike Falcon

Clone this wiki locally