Skip to content

Serverless Vulnerabilities

Jump to bottom
Joshua Hiller edited this page Nov 5, 2025 · 2 revisions

CrowdStrike Falcon CrowdStrike Subreddit

Using the Serverless Vulnerabilities service collection

Uber class support Service class support Documentation Version Page Updated

Table of Contents

Operation ID Description
GetCombinedVulnerabilitiesSARIF
PEP8 get_vulnerabilities
Retrieve all lambda vulnerabilities that match the given query and return in the SARIF format.

Passing credentials

WARNING

client_id and client_secret are keyword arguments that contain your CrowdStrike API credentials. Please note that all examples below do not hard code these values. (These values are ingested as strings.)

CrowdStrike does not recommend hard coding API credentials or customer identifiers within source code.

GetCombinedVulnerabilitiesSARIF

Retrieve all lambda vulnerabilities that match the given query and return in the SARIF format.

PEP8 method name

get_vulnerabilities

Endpoint

Method Route
GET /lambdas/combined/vulnerabilities/sarif/v1

Required Scope

falcon-container-image:read

Content-Type

  • Produces: application/json

Keyword Arguments

Name Service Uber Type Data type Description
filter Service Class Support Uber Class Support query string Filter lambda vulnerabilities using a query in Falcon Query Language (FQL).Supported filters: application_name,application_name_version,cid,cloud_account_id,cloud_account_name,cloud_provider,cve_id,cvss_base_score,exprt_rating,first_seen_timestamp,function_name,function_resource_id,is_supported,is_valid_asset_id,layer,region,runtime,severity,timestamp,type
limit Service Class Support Uber Class Support query integer The upper-bound on the number of records to retrieve.
offset Service Class Support Uber Class Support query integer The offset from where to begin.
parameters Service Class Support Uber Class Support query dictionary Full query string parameters payload in JSON format.
sort Service Class Support Uber Class Support query string The fields to sort the records on. Supported columns: [application_name application_name_version cid cloud_account_id cloud_account_name cloud_provider cve_id cvss_base_score exprt_rating first_seen_timestamp function_resource_id is_supported layer region runtime severity timestamp type]

Usage

Service class example (PEP8 syntax)
from falconpy import ServerlessVulnerabilities

falcon = ServerlessVulnerabilities(client_id=CLIENT_ID,
                                   client_secret=CLIENT_SECRET
                                   )

response = falcon.get_vulnerabilities(filter="string",
                                      limit=integer,
                                      offset=integer,
                                      sort="string"
                                      )
print(response)
Service class example (Operation ID syntax)
from falconpy import ServerlessVulnerabilities

falcon = ServerlessVulnerabilities(client_id=CLIENT_ID,
                                   client_secret=CLIENT_SECRET
                                   )

response = falcon.GetCombinedVulnerabilitiesSARIF(filter="string",
                                                  limit=integer,
                                                  offset=integer,
                                                  sort="string"
                                                  )
print(response)
Uber class example
from falconpy import APIHarnessV2

falcon = APIHarnessV2(client_id=CLIENT_ID,
                      client_secret=CLIENT_SECRET
                      )

response = falcon.command("GetCombinedVulnerabilitiesSARIF",
                          filter="string",
                          limit=integer,
                          offset=integer,
                          sort="string"
                          )
print(response)

CrowdStrike Falcon

Clone this wiki locally