:py:mod:`laceworksdk.api` ========================= .. py:module:: laceworksdk.api .. autoapi-nested-parse:: Lacework API wrappers. Subpackages ----------- .. toctree:: :titlesonly: :maxdepth: 3 v2/index.rst Submodules ---------- .. toctree:: :titlesonly: :maxdepth: 1 base_endpoint/index.rst crud_endpoint/index.rst read_endpoint/index.rst search_endpoint/index.rst Package Contents ---------------- Classes ~~~~~~~ .. autoapisummary:: laceworksdk.api.ActivitiesAPI laceworksdk.api.AgentAccessTokensAPI laceworksdk.api.AgentInfoAPI laceworksdk.api.AlertChannelsAPI laceworksdk.api.AlertProfilesAPI laceworksdk.api.AlertRulesAPI laceworksdk.api.AlertsAPI laceworksdk.api.AuditLogsAPI laceworksdk.api.CloudAccountsAPI laceworksdk.api.CloudActivitiesAPI laceworksdk.api.ConfigsAPI laceworksdk.api.ContainerRegistriesAPI laceworksdk.api.ContractInfoAPI laceworksdk.api.DatasourcesAPI laceworksdk.api.DataExportRulesAPI laceworksdk.api.EntitiesAPI laceworksdk.api.EventsAPI laceworksdk.api.InventoryAPI laceworksdk.api.OrganizationInfoAPI laceworksdk.api.PoliciesAPI laceworksdk.api.PolicyExceptionsAPI laceworksdk.api.QueriesAPI laceworksdk.api.ReportDefinitionsAPI laceworksdk.api.ReportRulesAPI laceworksdk.api.ReportsAPI laceworksdk.api.ResourceGroupsAPI laceworksdk.api.SchemasAPI laceworksdk.api.TeamMembersAPI laceworksdk.api.TeamUsersAPI laceworksdk.api.UserGroupsAPI laceworksdk.api.UserProfileAPI laceworksdk.api.VulnerabilitiesAPI laceworksdk.api.VulnerabilityExceptionsAPI laceworksdk.api.VulnerabilityPoliciesAPI laceworksdk.api.LaceworkClient .. py:class:: ActivitiesAPI(session) A class used to represent the `Activities API endpoint `_ Get information about network activities detected through the Lacework agent. The Activities API endpoint is a parent for different types of activities that can be queried. Attributes: ---------- changed_files: A ChangedFilesAPI instance. connections: A ConnectionsAPI instance. dns: A DnsAPI instance. user_logins: A UserLoginsAPI instance. .. py:class:: ChangedFilesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `Changed Files API endpoint `_ Search for changed files in your environment .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ConnectionsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `Connections API endpoint `_ Search for connections in your environment. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: DnsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `DNS Lookup API endpoint `_ Search for DNS summaries in your environment. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: UserLoginsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `UserLogins API endpoint `_ Search for user logins in your environment. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: AgentAccessTokensAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Agent Access Tokens API endpoint `_ To connect to the Lacework instance, Lacework agents require an agent access token. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(alias, enabled, props=None, **request_params) A method to create a new agent access token. :param alias: A string representing the name you wish to give to the created token. :type alias: str :param enabled: A boolean/integer representing whether the token is enabled. :type enabled: bool|int :param props: A dict containing optional values for the following fields: - description(str, optional): a description of the token - os(str, optional): the operating system - subscription(str, optional): The subscription level of the token. Valid values are: "standard", "professional", "enterprise" :type props: dict, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict :returns: The new access token :rtype: dict .. py:method:: get_by_id(id) A method to get an agent access token by its ID. :param id: A string representing the object ID. :type id: str :returns: a JSON object containing info regarding the requested access token :rtype: dict .. py:method:: update(id, token_enabled=None, props=None, **request_params) A method to update an agent access token. :param id: A string representing the object ID. :type id: str :param token_enabled: A boolean/integer representing whether the object is enabled. :type token_enabled: bool|int, optional :param props: A dict containing optional values for the following fields: - description (str, optional): a description of the token - os (str, optional): the operating system - subscription (str, optional): The subscription level of the token. Valid values are: "standard", "professional", "enterprise" :type props: dict, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict :returns: The updated access token. :rtype: dict .. py:method:: delete() Lacework does not currently allow for agent access tokens to be deleted. .. py:method:: get(id=None, resource=None, **request_params) A method to get objects. :param id: A string representing the object ID. :type id: str :param resource: The Lacework API resource type to get. :type resource: str :param request_params: A dictionary of parameters to add to the request. :type request_params: any :returns: JSON containing the retrieved object(s) :rtype: dict .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: AgentInfoAPI(session) Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `Agent Info API endpoint `_ View and verify information about all agents. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: AlertChannelsAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Alert Channels API endpoint `_ Lacework combines alert channels with alert rules or report rules to provide a flexible method for routing alerts and reports. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(name, type, enabled, data, **request_params) A method to create a new AlertChannels object. :param name: The name of the alert channel you wish to create. :type name: str :param type: The type of alert channel you wish to create. See the `API docs `_ for valid values. :type type: str :param enabled: A boolean/integer representing whether the object is enabled. (0 or 1) :type enabled: bool|int :param data: A dict matching the schema for the specified type. See the `API docs `_ for valid values. :type data: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The new alert channel :rtype: dict .. py:method:: get(guid=None, type=None) A method to get all Alert Channels, optionally filtered by guid and/or type. :param guid: The alert channel GUID. :type guid: str, optional :param type: A string representing the alert channel type. :type type: str, optional :returns: The channel(s) requested. :rtype: dict .. py:method:: get_by_guid(guid) A method to get AlertChannels objects by GUID. :param guid: The alert channel GUID. :type guid: str :returns: The channel(s) requested. :rtype: dict .. py:method:: get_by_type(type) A method to get AlertChannels objects by type. :param type: The alert channel type to return :type type: str :returns: The channel(s) requested. :rtype: dict .. py:method:: update(guid, name=None, type=None, enabled=None, data=None, **request_params) A method to update an AlertChannels object. :param guid: The guild of the alert channel to update. :type guid: str :param name: The name of the alert channel you wish to update. :type name: str :param type: The type of alert channel you wish to update. See the `API docs `_ for valid values. :type type: str :param enabled: A boolean/integer representing whether the object is enabled. (0 or 1) :type enabled: bool|int :param data: A dict matching the schema for the specified type. See the `API docs `_ for valid values. :type data: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated alert channel info. :rtype: dict .. py:method:: delete(guid) A method to delete an AlertChannels object. :param guid: A string representing the object GUID. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: test(guid) A method to test an AlertChannels object. :param guid: A string representing the object GUID. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: AlertProfilesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Alert Profiles API endpoint `_ An alert profile is a set of metadata that defines how your LQL queries get consumed into events and alerts. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(alert_profile_id, alerts, extends, **request_params) A method to create a new AlertProfiles object. :param alert_profile_id: A unique ID to name the new alert profile :type alert_profile_id: str :param extends: The base alert profile object. :type extends: str :param alerts: A list of dictionaries containing alert details to create. Alert fields are: - name (str): The name of the alert. - eventName (str): The name to show in Event Triage. - description (str): The description to show in Event Triage. - subject (str): The subject to show in the Event Dossier. :type alerts: list of dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: A JSON object containing the created Alert Profile :rtype: dict .. py:method:: get(id=None) A method to get AlertProfiles objects. :param id: A string representing the alert profile ID. :type id: str :returns: The returned alert profile(s) :rtype: dict .. py:method:: get_by_id(id) A method to get an AlertProfiles object by ID. :param id: A string representing the alert profile ID. :type id: str :returns: The returned alert profile(s) :rtype: dict .. py:method:: search(**request_params) Search functionality is not yet implemented for Alert Profiles. .. py:method:: update(id, alerts=None, **request_params) A method to update an AlertProfiles object. :param id: A string representing the object ID. :type id: str :param alerts: A list of dictionaries containing alert details to update. Alert fields are: - name (str): The name of the alert. - eventName (str): The name to show in Event Triage. - description (str): The description to show in Event Triage. - subject (str): The subject to show in the Event Dossier. :type alerts: list of dicts :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated Alert Profile :rtype: dict .. py:method:: delete(id) A method to delete an AlertProfiles object. :param id: A string representing the alert profile ID. :type id: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:class:: AlertRulesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Alert Rules API endpoint `_ Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels, you define information about where to send alerts, such as to Jira, Slack, or email. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(type, filters, intg_guid_list, **request_params) A method to create new Alert Rules. :param type: The type of the alert rule. Valid values are: "Event" :type type: str :param filters: The alert rule definition. See the `API docs `_ for valid values. :type filters: dict :param intg_guid_list: A list of GUIDs representing the alert channels to use. :type intg_guid_list: list of str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The new rule. :rtype: dict .. py:method:: get(guid=None) A method to get AlertRules objects. :param guid: The alert rule GUID to retrieve. :type guid: str :returns: The alert rule(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get an AlertRules object by GUID. :param guid: The alert rule GUID. :type guid: str :returns: The alert rule :rtype: dict .. py:method:: update(guid, filters=None, intg_guid_list=None, **request_params) A method to update an AlertRules object. :param guid: The Alert Rule GUID you wish to update. :type guid: str :param filters: The alert rule definition. See the `API docs `_ for valid values. :type filters: dict, optional :param intg_guid_list: A list of GUIDs representing the alert channels to use. :type intg_guid_list: list of str, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated alert rule :rtype: dict .. py:method:: delete(guid) A method to delete an AlertRules object. :param guid: The alert rule GUID. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: AlertsAPI(session) Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `Alerts API endpoint `_ Lacework provides real-time alerts that are interactive and manageable. Each alert contains various metadata information, such as severity level, type, status, alert category, and associated tags. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(start_time=None, end_time=None, limit=None, **request_params) A method to get Alerts. :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. :type start_time: str :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. :type end_time: str :param limit: An integer representing the number of Alerts to return. :type limit: int :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The requested alert(s) :rtype: dict .. py:method:: get_details(id, scope, **request_params) A method to get Alerts objects by ID. :param id: The alert ID. :type id: str :param scope: The scope of the details to return. Valid values are: "Details", "Investigation", "Events", "RelatedAlerts", "Integrations", "Timeline" :type scope: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The requested alert details. :rtype: dict .. py:method:: comment(id, comment) A method to comment on an Alerts object. :param id: The alert ID. :type id: str :param comment: The comment to post. :type comment: str :returns: The posted comment :rtype: dict .. py:method:: close(id, reason, comment=None) A method to close an Alert. :param id: The alert ID. :type id: str :param comment: A comment on the reason. If 0 is chosen for the "reason" field then the "comment" field is required. :type comment: str, option :param reason: An number representing the close reason. Valid values are: 0: Other, 1: False positive, 2: Not enough information, 3: Malicious and have resolution in place, 4: Expected because of routine testing :type reason: int :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: AuditLogsAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Audit Log API endpoint `_ Get audit logs. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(start_time=None, end_time=None, **request_params) A method to get audit logs. :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. :type start_time: str :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. :type end_time: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The audit logs for the requested time period. :rtype: dict .. py:method:: search(json=None) A method to search audit logs. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: A list of dictionaries containing the desired search parameters: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. :type json: list of dicts :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: CloudAccountsAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Cloud Accounts API endpoint `_ Cloud accounts are integrations between Lacework and cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(name, type, enabled, data, **request_params) A method to create a new cloud accounts integration. :param name: The name of the integration to create. :type name: str :param type: The type of the integration. See the `API docs `_ for valid values. :type type: str :param enabled: Whether the object is enabled. :type enabled: bool|int :param data: The definition of the new integration to create. Note this changes depending on the value of the "type" field. See the `API docs `_ for valid values. :type data: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: Details of the newly created cloud account integration. :rtype: dict .. py:method:: get(guid=None, type=None) A method to get cloud account integrations. Using no args will get all integrations. :param guid: The GUID of the integration to retrieve. :type guid: str, optional :param type: The type of the integration(s) to retrieve. Valid types are: "AwsCfg", "AwsCtSqs", "AwsEksAudit", "AwsUsGovCfg", "AwsUsGovCtSqs", "AzureAlSeq", "AzureCfg", "GcpAtSes", "GcpCfg" :type type: str, optional :returns: The details of the requested integration(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get a cloud account integration by its GUID. :param guid: The GUID of the integration to retrieve. :type guid: str :returns: The details of the requested integration. :rtype: dict .. py:method:: get_by_type(type) A method to get cloud account integration(s) by type. :param type: The type of the integration(s) to retrieve. Valid types are: "AwsCfg", "AwsCtSqs", "AwsEksAudit", "AwsUsGovCfg", "AwsUsGovCtSqs", "AzureAlSeq", "AzureCfg", "GcpAtSes", "GcpCfg" :type type: str, optional :returns: The details of the requested integration(s) :rtype: dict .. py:method:: update(guid, name=None, type=None, enabled=None, data=None, **request_params) A method to update an CloudAccounts object. :param guid: The GUID of the integration to update. :type guid: str :param name: The integration name. :type name: str, optional :param type: The type of the integration. See the `API docs `_ for valid values. :type type: str :param enabled: Whether the object is enabled. :type enabled: bool|int :param data: The definition of the new integration to create. Note this changes depending on the value of the "type" field. See the `API docs `_ for valid values. :type data: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated details for the integration specified. :rtype: dict .. py:method:: delete(guid) A method to delete a cloud account integration. :param guid: The integration GUID to delete. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: CloudActivitiesAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Cloud Activities API endpoint `_ Get information about cloud activities for the integrated AWS cloud accounts in your Lacework instance. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(start_time=None, end_time=None, **request_params) A method to get cloud activities objects. :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. :type start_time: str :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. :type end_time: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The requested cloud activity data. :rtype: dict .. py:method:: get_pages(start_time=None, end_time=None, **request_params) A method to get an iterator of activities A helper method that yields a generator which allows you to iterate through the resulting pages of activities. Call this instead of the "get" method if you don't want to write your own code to get the paginated results. :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. :type start_time: str :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. :type end_time: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :Yields: *dict* -- a generator which yields a dict of cloud activities. .. py:method:: get_data_items(start_time=None, end_time=None, **request_params) A method to get an iterator of activities A helper method that yields a generator which allows you to iterate through the resulting pages of activities. Call this instead of the "get" method if you don't want to write your own code to get the paginated results. :param start_time: A "%Y-%m-%dT%H:%M:%SZ" structured timestamp to begin from. :type start_time: str :param end_time: A "%Y-%m-%dT%H:%M:%S%Z" structured timestamp to end at. :type end_time: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :Yields: *dict* -- a generator which yields multipe dicts of cloud activities. .. py:method:: search(json=None) A method to search cloud activities. :param json: A list of dictionaries containing the desired search parameters: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. :type json: list of dicts :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ConfigsAPI(session) A class used to represent the `Configs API endpoint `_ Get information about compliance configurations. The Configs API endpoint is a parent for different types of configs that can be queried. .. attribute:: compliance_evaluations A ComplianceEvaluationsAPI instance. :type: ComplianceEvaluationsAPI .. attribute:: azure_subscriptions An AzureSubscriptions instance. :type: AzureSubscriptions .. attribute:: gcp_projects A GcpProjects instance. :type: GcpProjects .. py:class:: AzureSubscriptions(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.read_endpoint.ReadEndpoint` A class used to represent the Azure Subscriptions API endpoint. Get a list of Azure subscription IDs for an entire account or for a specific Azure tenant. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(id=None, resource=None, **request_params) A method to get objects. :param id: A string representing the object ID. :type id: str :param resource: The Lacework API resource type to get. :type resource: str :param request_params: Use to pass any additional parameters the API :type request_params: dict :returns: the requested o :rtype: dict .. py:class:: GcpProjects(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.read_endpoint.ReadEndpoint` A class used to represent the GCP Projects API endpoint. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(id=None, resource=None, **request_params) A method to get objects. :param id: A string representing the object ID. :type id: str :param resource: The Lacework API resource type to get. :type resource: str :param request_params: Use to pass any additional parameters the API :type request_params: dict :returns: the requested o :rtype: dict .. py:class:: ComplianceEvaluationsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Compliance Evaluations API endpoint. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ContainerRegistriesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Container Registries API endpoint `_ Lacework provides the ability to assess, identify, and report vulnerabilities found in the operating system software packages in a Docker container image. After integrating a container registry in Lacework, Lacework finds all container images in the registry repositories, assesses those container images for software packages with known vulnerabilities, and reports them. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(name, type, enabled, data, **request_params) A method to create a new container registry integration. :param name: The name to use to create the container registry integration. :type name: str :param enabled: Whether the integration is enabled. :type enabled: bool|int :param type: The type of the integration. See the `API docs `_ for valid values. :type type: str :param enabled: Whether the object is enabled. :type enabled: bool|int :param data: The definition of the new integration to create. Note this changes depending on the value of the "type" field. See the `API docs `_ for valid values. :type data: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: Details for the newly created container registry integration :rtype: dict .. py:method:: get(guid=None, type=None) A method to get ContainerRegistries objects. Using no args will get all integrations. :param guid: The GUID of the container registry integration to get. :type guid: str, optional :param type: The type of the container registry integration(s) to get. Valid types are: "ContVulnCfg" :type type: str, optional :returns: The details of the requested integration(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get a container registry integration by GUID. :param guid: The GUID of the container registry integration to get :type guid: str :returns: The details of the requested integration :rtype: dict .. py:method:: get_by_type(type) A method to get container registry integration(s) by type. :param type: The type of the container registry integration(s) to get. Valid types are: "ContVulnCfg" :type type: str :returns: The details of the requested integration(s) :rtype: dict .. py:method:: update(guid, name=None, type=None, enabled=None, data=None, **request_params) A method to update an ContainerRegistries object. :param guid: A string representing the object GUID. :param name: The name to use to create the container registry integration. :type name: str :param enabled: Whether the integration is enabled. :type enabled: bool|int :param type: The type of the integration. See the `API docs `_ for valid values. :type type: str :param enabled: Whether the object is enabled. :type enabled: bool|int :param data: The definition of the new integration to create. Note this changes depending on the value of the "type" field. See the `API docs `_ for valid values. :type data: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: Details for the updated container registry integration :rtype: dict .. py:method:: delete(guid) A method to delete a container registry integration . :param guid: The GUID of the container registry integration to delete :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: ContractInfoAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Contract Info API endpoint `_ Get Lacework contract information. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(**request_params) A method to get contract info :returns: Contract info for the lacework instance. request_params (dict, optional): Use to pass any additional parameters the API :rtype: dict .. py:class:: DatasourcesAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Datasources API endpoint `_ Get schema details for all datasources that you can query using LQL. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get() A method to get Datasources. :returns: All datasources :rtype: dict .. py:method:: get_datasource(datasource) A method to get the schema for a particular datasource. :param datasource: The name of the datasource schema get. :type datasource: str :returns: The datasource schema. :rtype: dict .. py:method:: list_data_sources() A method to list the datasources that are available. :returns: Each tuple has two entries, source name and description. :rtype: list of tuples .. py:class:: DataExportRulesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Data Export Rules API endpoint `_ S3 data export allows you to export data collected from your Lacework account and send it to an S3 bucket of your choice. You can extend Lacework processed/normalized data to report/visualize alone or combine with other business/security data to get insights and make meaningful business decisions. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(type, filters, intg_guid_list, **request_params) A method to create a new DataExportRules object. :param type: The type of data export rule to create. Valid values are: "Dataexport" :type type: str :param intg_guid_list: The guids of the alert channels for the rule to use :type intg_guid_list: list of str :param filters: A dict containing the fields needed to define the rule. fields are: - name (str): The name of the alert - enabled (bool|int): Whether the export rule is enabled - description (str, optional): The description of the export rule - profileVersions (list of str, optional): A list of profile versions :type filters: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created data export rule :rtype: dict .. py:method:: get(guid=None) A method to get data export rules. Using no args will get all rules. :param guid: The guid of the rule to get. :type guid: str, optional :returns: The requested data export rule(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get an DataExportRules object by GUID. :param guid: The guid of the rule to get. :type guid: str :returns: The requested data export rule :rtype: dict .. py:method:: update(guid, filters=None, intg_guid_list=None, **request_params) A method to update an existing DataExportRules object. :param guid: The guid of the export rule to update :type guid: str :param intg_guid_list: The guids of the alert channels for the rule to use :type intg_guid_list: list of str :param filters: A dict containing the fields needed to define the rule. fields are: - name (str, optional): The name of the alert - enabled (bool|int, optional): Whether the export rule is enabled - description (str, optional): The description of the export rule - profileVersions (list of str, optional): A list of profile versions :type filters: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated data export rule :rtype: dict .. py:method:: delete(guid) A method to delete a data export rule. :param guid: The GUID of the data export rule to delete :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: EntitiesAPI(session) A class used to represent the `Entities API endpoint `_ The Entities API endpoint is simply a parent for different types of entities that can be queried. Attributes: ---------- applications: A ApplicationsAPI instance. command_lines: A CommandLinesAPI instance. containers: A ContainersAPI instance. files: A FilesAPI instance. images: A ImagesAPI instance. internal_ip_addresses: A InternalIPAddressesAPI instance. k8s_pods: A K8sPodsAPI instance. machines: A MachinesAPI instance. machine_details: A MachineDetailsAPI instance. network_interfaces: A NetworkInterfacesAPI instance. new_file_hashes: A NewFileHashesAPI instance. packages: A PackagesAPI instance. processes: A ProcessesAPI instance. users: A UsersAPI instance. .. py:class:: ApplicationsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Applications API endpoint. Methods: ------- search(json=None) A method to search Applications objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: CommandLinesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Command Lines API endpoint. Methods: ------- search(json=None) A method to search CommandLines objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ContainersAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Containers API endpoint. Methods: ------- search(json=None) A method to search Containers objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: FilesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Files API endpoint. Methods: ------- search(json=None) A method to search Files objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ImagesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Images API endpoint. Methods: ------- search(json=None) A method to search Images objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: InternalIPAddressesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Internal IP Addresses API endpoint. Methods: ------- search(json=None) A method to search InternalIPAddresses objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: K8sPodsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the K8s Pods API endpoint. Methods: ------- search(json=None) A method to search K8sPods objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: MachinesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Machines API endpoint. Methods: ------- search(json=None) A method to search Machines objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: MachineDetailsAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Machine Details API endpoint. Methods: ------- search(json=None) A method to search MachineDetails objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: NetworkInterfacesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Network Interfaces API endpoint. Methods: ------- search(json=None) A method to search NetworkInterfaces objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: NewFileHashesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the New File Hashes API endpoint. Methods: ------- search(json=None) A method to search NewFileHashes objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: PackagesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Packages API endpoint. Methods: ------- search(json=None) A method to search Packages objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ProcessesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Processes API endpoint. Methods: ------- search(json=None) A method to search Processes objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: UsersAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Users API endpoint. Methods: ------- search(json=None) A method to search Users objects. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: EventsAPI(session) Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `Events API endpoint `_ View and verify the evidence or observation details of individual events. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: InventoryAPI(session) Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the `Inventory API endpoint `_ View and monitor in-use cloud resources' risk, compliance, and configuration changes. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: scan(csp) A method to trigger a resource inventory scan. :param csp: The cloud service provider to run the scan on. Valid values are: "AWS" "Azure" "GCP" :type csp: string :returns: Status of scan :rtype: dict .. py:method:: status(csp) A method to get the status of a Resource Inventory scan. :param csp: The cloud service provider to run the scan on. Valid values are: "AWS" "Azure" "GCP" :type csp: string :returns: Status of scan :rtype: dict .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: OrganizationInfoAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Organization Info API endpoint `_ Return information about whether the Lacework account is an organization account and, if it is, what the organization account URL is. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get() A method to get organization info. :returns: Organization info :rtype: dict .. py:class:: PoliciesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Policies API endpoint `_ Policies are a mechanism used to add annotated metadata to queries for improving the context of alerts, reports, and information displayed in the Lacework Console. You can fully customize policies. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(policy_type, query_id, enabled, title, description, remediation, severity, alert_enabled, alert_profile, limit=1000, eval_frequency=None, tags=[], **request_params) A method to create a new Policies object. :param policy_type: The policy type. Valid values are: "Violation" :type policy_type: str, optional :param query_id: The policy query ID. :type query_id: str :param enabled: Whether the policy is enabled. :type enabled: bool :param title: The policy title. :type title: str :param description: The policy description. :type description: str :param remediation: The remediation strategy for the object. :type remediation: str :param severity: A string representing the object severity. Valid values are : "info", "low", "medium", "high", "critical" :type severity: str :param alert_enabled: A boolean representing whether alerting is enabled. :type alert_enabled: bool :param alert_profile: A string representing the alert profile. :type alert_profile: str, optional :param limit: An integer representing the number of results to return. (Default value = 1000) :type limit: int, optional :param tags: A list of policy tags :type tags: list of str :param eval_frequency: A string representing the frequency in which to evaluate the object. Valid values are: "Hourly", "Daily" :type eval_frequency: str, optional, deprecated :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created policy. :rtype: dict .. py:method:: get(policy_id=None) A method to get Policies objects. Using no args will get all policies. :param policy_id: A string representing the object policy ID. :type policy_id: str, optional :returns: The requested policies :rtype: dict .. py:method:: get_by_id(policy_id) A method to get a Policies object by policy ID. :param policy_id: A string representing the object policy ID. :type policy_id: str :returns: The requested policy :rtype: dict .. py:method:: update(policy_id, policy_type=None, query_id=None, enabled=None, title=None, description=None, remediation=None, severity=None, alert_enabled=None, alert_profile=None, limit=None, tags=[], eval_frequency=None, **request_params) A method to update a Lacework Query Language (LQL) policy. :param policy_id: A string representing the object policy ID. :type policy_id: str :param policy_type: The policy type. Valid values are: "Violation" :type policy_type: str, optional :param query_id: The policy query ID. :type query_id: str, optional :param enabled: Whether the policy is enabled. :type enabled: bool, optional :param title: The policy title. :type title: str, optional :param description: The policy description. :type description: str, optional :param remediation: The remediation strategy for the object. :type remediation: str, optional :param severity: A string representing the object severity. Valid values are : "info", "low", "medium", "high", "critical" :type severity: str, optional :param alert_enabled: A boolean representing whether alerting is enabled. :type alert_enabled: bool, optional :param alert_profile: A string representing the alert profile. :type alert_profile: str, optional :param limit: An integer representing the number of results to return. (Default value = 1000) :type limit: int, optional :param tags: A list of policy tags :type tags: list of str, optional :param eval_frequency: A string representing the frequency in which to evaluate the object. Valid values are: "Hourly", "Daily" :type eval_frequency: str, optional, deprecated :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created policy. :rtype: dict .. py:method:: bulk_update(json) A method to update Policy objects in bulk. :param json: A list of dictionaries containing policy configuration. - policyId (str): The ID of the policy. - enabled (bool): The status of the policy. - severity (str): The severity of the policy. Valid values: "info", "low", "medium", "high", "critical" :type json: list of dicts :returns: The updated policies. :rtype: dict .. py:method:: delete(policy_id) A method to delete a policy. :param policy_id: A string representing the policy ID. :type policy_id: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: PolicyExceptionsAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Policies Exceptions API endpoint `_ Policy exceptions are a mechanism used to maintain the policies but allow you to circumvent one or more restrictions. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(policy_id, description, constraints, **request_params) A method to create a new Exceptions object. :param policy_id: The object policy ID. :type policy_id: str :param description: The object description. :type description: str, optional :param constraints: The object constraints. Dict fields are: - field_key (str): A string representing the constraint key. Values are: 'accountIds', 'resourceNames', 'regionNames' and 'resourceTags' - field_values (list of str): Constraint values :type constraints: list of dicts :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created policy exception :rtype: dict .. py:method:: get(exception_id=None, policy_id=None) A method to get Exceptions objects. :param exception_id: A string representing the exception ID. (Default value = None) :type exception_id: str, optional :param policy_id: The ID of the policy for which to get the exceptions. :returns: The requested exception(s) :rtype: dict .. py:method:: get_by_id(exception_id, policy_id) A method to get a Exceptions object by policy ID. :param exception_id: A string representing the exception ID. (Default value = None) :type exception_id: str :param policy_id: The ID of the policy for which to get the exceptions. :returns: The requested exception(s) :rtype: dict .. py:method:: update(exception_id, policy_id, description=None, constraints=None, **request_params) A method to create a new Exceptions object. :param exception_id: The exception ID to update. :type exception_id: str :param policy_id: The object policy ID. :type policy_id: str :param description: The object description. :type description: str, optional :param constraints: The object constraints. Dict fields are: - field_key (str): A string representing the constraint key. Values are: 'accountIds', 'resourceNames', 'regionNames' and 'resourceTags' - field_values (list of str): Constraint values :type constraints: list of dicts, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated policy exception :rtype: dict .. py:method:: delete(exception_id, policy_id) A method to delete a policy xception :param exception_id: The exception ID. :type exception_id: str :param policy_id: The policy ID. :type policy_id: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: QueriesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Queries API endpoint `_ Queries are the mechanism used to interactively request information from a specific curated datasource. Queries have a defined structure for authoring detections. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(query_id, query_text, evaluator_id=None, **request_params) A method to create a new Queries object. :param query_id: Name of the new query. :type query_id: str :param query_text: The object query text. :type query_text: str :param evaluator_id: A string representing the evaluator in which the query is to be run. :type evaluator_id: str, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created query :rtype: dict .. py:method:: get(query_id=None) A method to get registered queries. Using no args will get all registered queries. :param query_id: The query ID to get. :type query_id: str, optional :returns: The requested querie(s) :rtype: dict .. py:method:: get_by_id(query_id) A method to get a Queries object by query ID. :param query_id: The query ID to get. :type query_id: str :returns: The requested querie(s) :rtype: dict .. py:method:: execute(evaluator_id=None, query_id=None, query_text=None, arguments={}) A method to execute a Queries object. :param evaluator_id: The evaluator in which the query object is to be run. :type evaluator_id: str, optional :param query_id: The query ID. :type query_id: str, optional :param query_text: The query text. :type query_text: str :param arguments (dict of str: str): A dictionary of key/value pairs to be used as arguments in the query object. :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The query results :rtype: dict .. py:method:: execute_by_id(query_id, arguments={}) A method to execute a Queries object by query ID. :param query_id: The query ID to execute :type query_id: str :param arguments (dict of str: str): A dictionary of key/value pairs to be used as arguments in the query object. :returns: The query results :rtype: dict .. py:method:: validate(query_text, evaluator_id=None, **request_params) A method to validate a Queries object. :param query_text: The query text to validate :type query_text: str :param evaluator_id: The evaluator in which the query is to be run. :type evaluator_id: str, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: Validation Results :rtype: dict .. py:method:: update(query_id, query_text, **request_params) A method to update a Queries object. :param query_id: Name of the new query. :type query_id: str :param query_text: The object query text. :type query_text: str, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated created query :rtype: dict .. py:method:: delete(query_id) A method to delete a query. :param query_id: The ID of the query to delete :type query_id: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: ReportDefinitionsAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Report Definition API endpoint `_ A report definition contains data retrieval and layout information for a report. Lacework provides endpoints to create a report definition, to list all definitions, and to update or delete a definition. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(report_name, report_type, sub_report_type, report_definition, **request_params) A method to create a new report definition. :param report_name: The name of the report definition. :type report_name: str :param report_type: Type of the report definition. Valid values: "COMPLIANCE" :type report_type: str :param sub_report_type: The sub-type of the report definition. Valid values: "AWS", "GCP", "Azure" :type sub_report_type: str :param report_definition: A dictionary representing the report definition. Fields are: - sections (list of dicts): A list of dictionaries representing the sections of the report definition. Fields are: - category (str): The section's category. - title (str): The section's title. - policies (list of str): A list strings representing the section's policies. :type report_definition: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created report definition :rtype: dict .. py:method:: get(id=None) A method to get report definitions. Using no args will get all report definitions. :param id: The report definition ID to get. :type id: str, optional :returns: The requested report definition(s) :rtype: dict .. py:method:: get_by_id(id) A method to get a report definition by ID. :param id: The report definition ID to get. :type id: str :returns: The requested report definition :rtype: dict .. py:method:: search() A method to 'pass' when attempting to search ReportDefinitions objects. Search functionality is not yet implemented for Alert Profiles. .. py:method:: update(id, report_name, report_definition, **request_params) A method to update a report definition. :param id: A string representing the object ID. :param report_name: The name of the report definition. :type report_name: str :param report_definition: A dictionary representing the report definition. Fields are: - sections (list of dicts): A list of dictionaries representing the sections of the report definition. Fields are: - category (str): The section's category. - title (str): The section's title. - policies (list of str): A list strings representing the section's policies. :type report_definition: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated report definition :rtype: dict .. py:method:: delete(id) A method to delete a report definition. :param id: The ID of the report definition to delete. :type id: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:class:: ReportRulesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Report Rules API endpoint `_ Lacework combines alert channels and report rules to provide a flexible method for routing reports. For report rules, you define information about which reports to send. For alert channels, you define where to send reports such as to Jira, Slack, or email. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(type, filters, intg_guid_list, report_notification_types, **request_params) A method to create a new report rule. :param type: The type of report rule. Valid values: 'Report' :type type: str :param intg_guid_list: A list of integration GUIDs representing the report channels to use. :type intg_guid_list: list of str :param filters: A dictionary containing the definition of the new rule. Fields are: - name (str): The report rule name - description (str, optional): The report rule description - enabled (bool|int): Whether the report rule is enabled - resourceGroups (list of str): A list of resource groups to apply the rule to - severity (list of ints): A list severities to apply the rule to. Valid values: 1=Critical 2=High 3=Medium 4=Low 5=Info :type filters: dict :param report_notification_types: A dict of booleans for the report types that you want the rule to apply to. Fields are: "agentEvents", "awsCis14", "awsCisS3", "awsCloudtrailEvents", "awsComplianceEvents", "awsCis14IsoIec270022022", "awsCyberEssentials22", "awsCsaCcm405", "azureActivityLogEvents", "azureCis", "azureCis131", "azureComplianceEvents", "azurePci", "azurePciRev2", "azureSoc", "azureSocRev2", "azureIso27001", "azureHipaa", "azureNistCsf", "azureNist80053Rev5", "azureNist800171Rev2", "gcpAuditTrailEvents", "gcpCis", "gcpComplianceEvents", "gcpHipaa", "gcpHipaaRev2", "gcpIso27001", "gcpCis12", "gcpCis13", "gcpK8s", "gcpPci", "gcpPciRev2", "gcpSoc", "gcpSocRev2", "gcpNistCsf", "gcpNist80053Rev4", "gcpNist800171Rev2", "hipaa", "iso2700", "k8sAuditLogEvents", "nist800"-"53Rev4", "nist800"-"171Rev2", "openShiftCompliance", "openShiftComplianceEvents", "pci", "platformEvents", "soc", "awsSocRev2", "trendReport", "awsPciDss321", "awsNist80053Rev5", "awsSoc2", "awsNist800171Rev2", "awsNistCsf", "awsCmmc102", "awsHipaa", "awsIso270012013" :type report_notification_types: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created report rule :rtype: dict .. py:method:: get(guid=None) A method to get ReportRules objects. Using no args will get all report rules. :param guid: The GUID of the report rule to get :type guid: str, optional :returns: The requested report rule(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get a report rule by GUID. :param guid: The GUID of the report rule to get :type guid: str :returns: The requested report rule(s) :rtype: dict .. py:method:: update(guid, filters=None, intg_guid_list=None, report_notification_types=None, **request_params) A method to update a ReportRules object. :param guid: The GUID of the report rule to update :type guid: str :param intg_guid_list: A list of integration GUIDs representing the report channels to use :type intg_guid_list: list of str, optional :param filters: A dictionary containing the definition of the new rule. Fields are: - name (str): The report rule name - description (str, optional): The report rule description - enabled (bool|int, optional): Whether the report rule is enabled - resourceGroups (list of str, optional): A list of resource groups to apply the rule to - severity (list of ints, optional): A list severities to apply the rule to. Valid values: 1=Critical 2=High 3=Medium 4=Low 5=Info :type filters: dict, optional :param report_notification_types: A dict of booleans for the report types that you want the rule to apply to. Fields are: "agentEvents", "awsCis14", "awsCisS3", "awsCloudtrailEvents", "awsComplianceEvents", "awsCis14IsoIec270022022", "awsCyberEssentials22", "awsCsaCcm405", "azureActivityLogEvents", "azureCis", "azureCis131", "azureComplianceEvents", "azurePci", "azurePciRev2", "azureSoc", "azureSocRev2", "azureIso27001", "azureHipaa", "azureNistCsf", "azureNist80053Rev5", "azureNist800171Rev2", "gcpAuditTrailEvents", "gcpCis", "gcpComplianceEvents", "gcpHipaa", "gcpHipaaRev2", "gcpIso27001", "gcpCis12", "gcpCis13", "gcpK8s", "gcpPci", "gcpPciRev2", "gcpSoc", "gcpSocRev2", "gcpNistCsf", "gcpNist80053Rev4", "gcpNist800171Rev2", "hipaa", "iso2700", "k8sAuditLogEvents", "nist800"-"53Rev4", "nist800"-"171Rev2", "openShiftCompliance", "openShiftComplianceEvents", "pci", "platformEvents", "soc", "awsSocRev2", "trendReport", "awsPciDss321", "awsNist80053Rev5", "awsSoc2", "awsNist800171Rev2", "awsNistCsf", "awsCmmc102", "awsHipaa", "awsIso270012013" :type report_notification_types: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created report rule :rtype: dict .. py:method:: delete(guid) A method to delete a report rule. :param guid: The GUID of the report rule to delete. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: ReportsAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Reports API endpoint `_ Lacework combines details about non-compliant resources that are in violation into reports. You must configure at least one cloud integration with AWS, Azure, or GCP to receive these reports. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(primary_query_id=None, secondary_query_id=None, format=None, report_type=None, **request_params) A method to get Reports objects. :param primary_query_id: The primary ID that is used to fetch the report. (AWS Account ID or Azure Tenant ID) :type primary_query_id: str :param secondary_query_id: The secondary ID that is used to fetch the report. (GCP Project ID or Azure Subscription ID) :type secondary_query_id: str :param format: The format of the report. Valid values: "csv", "html", "json", "pdf" :type format: str, optional :param report_type: The type of the report. See `available reports `_ for a list of report types. Valid values are in the "API Format" column. :type report_type: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The details of the report :rtype: dict .. py:class:: ResourceGroupsAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Resource Groups API endpoint `_ Resource groups provide a way to categorize Lacework-identifiable assets. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(resource_name, resource_type, enabled, props, **request_params) A method to create a new ResourceGroups object. :param resource_name: The resource group name. :type resource_name: str :param resource_type: The resource group type. See the `API docs `_ for a list of types. :type resource_type: str :param enabled: Whether the object is enabled. :type enabled: bool|int :param props: The new resource group's properties. The format varies based on the value of the type arg. See the `API docs `_ for valid fields. :type props: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created resource group :rtype: dict .. py:method:: get(guid=None) A method to get resource groups. Using no args will get all resource groups. :param guid: The GUID of the resource group to get. :type guid: str, optional :returns: The requested resource group(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get resource groups by GUID. :param guid: The GUID of the resource group to get. :type guid: str :returns: The requested resource group(s) :rtype: dict .. py:method:: update(guid, resource_name=None, resource_type=None, enabled=None, props=None, **request_params) A method to update an ResourceGroups object. :param guid: A string representing the object GUID. :type guid: str :param resource_name: The resource group name. :type resource_name: str, optional :param resource_type: The resource group type. See the `API docs `_ for a list of types. :type resource_type: str, optional :param enabled: Whether the object is enabled. :type enabled: bool|int, optional :param props: The new resource group's properties. The format varies based on the value of the type arg. See the `API docs `_ for valid fields. :type props: dict, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created resource group :rtype: dict .. py:method:: delete(guid) A method to delete a resource groups. :param guid: The GUID of the resource group to delete. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: SchemasAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `Schemas API endpoint `_ Get details about the available Lacework schemas. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(type=None, subtype=None) A method to get schema objects. Using no args will get all schemas. :param type: The schema type to retrieve. Valid values are any API resource listed in the Lacework API `documentation `_ .Examples include "AlertChannels", "CloudAccounts", "AgentAccessTokens", etc.. :type type: str, optional :param subtype: The subtype to retrieve. Subtypes are only available for API resources that have "type" like fields. For instance the "AlertChannels" resource has subtypes such as "AwsS3", "SlackChannel", etc. See the Lacework API `documentation `_ for more info. :type subtype: str, optional :returns: The requested schema :rtype: dict .. py:method:: get_by_subtype(type, subtype) A method to fetch a specific subtype schema. :param type: The schema type to retrieve. Valid values are any API resource listed in the Lacework API `documentation `_ .Examples include "AlertChannels", "CloudAccounts", "AgentAccessTokens", etc.. :type type: str :param subtype: The subtype to retrieve. Subtypes are only available for API resources that have "type" like fields. For instance the "AlertChannels" resource has subtypes such as "AwsS3", "SlackChannel", etc. See the Lacework API `documentation `_ for more info. :type subtype: str :returns: The requested schema :rtype: dict .. py:class:: TeamMembersAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Team Members API endpoint `_ DEPRECATED. Please use the TeamUsersAPI class instead. Team members can be granted access to multiple Lacework accounts and have different roles for each account. Team members can also be granted organization-level roles. Note: The TeamMembers API is deprecated and is unavailable if you have migrated to the new RBAC model in your Lacework Console. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(user_name, user_enabled, props, org_admin=None, org_user=None, admin_role_accounts=None, user_role_accounts=None, **request_params) A method to create a new team member. :param user_name: The email address of the user. :type user_name: str :param user_enabled: Whether the object is enabled. :type user_enabled: bool|int :param props: The user configuration. Fields are: - firstName (str): The first name of the team member. - lastName (str): The last name of the team member. - company (str): The company of the team member. - accountAdmin (bool, optional): A boolean representing if the team member is an account admin. :type props: dict :param org_admin: Is the user an organization admin. (Organization-level Access Required) :type org_admin: bool, optional :param org_user: Is the user is an organization user. (Organization-level Access Required) :type org_user: bool, optional :param admin_role_accounts: A list accounts where the user is an admin. (Organization-level Access Required) :type admin_role_accounts: list of str :param user_role_accounts: A list of where the team member is a user. (Organization-level Access Required) :type user_role_accounts: list of str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created team member. :rtype: dict .. py:method:: get(guid=None) A method to get team members. Using no args will get all team members. :param guid: The GUID of the team member to get. :type guid: str, optional :returns: The requested team member :rtype: dict .. py:method:: get_by_guid(guid) A method to get a team member by GUID. :param guid: The GUID of the team member to get. :type guid: str :returns: The requested team member :rtype: dict .. py:method:: update(guid, user_name=None, user_enabled=None, props=None, org_admin=None, org_user=None, admin_role_accounts=None, user_role_accounts=None, **request_params) A method to update a TeamMembers object. :param guid: A string representing the object GUID. :param user_name: The email address of the user. :type user_name: str :param user_enabled: Whether the object is enabled. :type user_enabled: bool|int :param props: The user configuration. Fields are: - firstName (str): The first name of the team member. - lastName (str): The last name of the team member. - company (str): The company of the team member. - accountAdmin (bool, optional): A boolean representing if the team member is an account admin. :type props: dict :param org_admin: Is the user an organization admin. (Organization-level Access Required) :type org_admin: bool, optional :param org_user: Is the user is an organization user. (Organization-level Access Required) :type org_user: bool, optional :param admin_role_accounts: A list accounts where the user is an admin. (Organization-level Access Required) :type admin_role_accounts: list of str :param user_role_accounts: A list of where the team member is a user. (Organization-level Access Required) :type user_role_accounts: list of str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated team member. :rtype: dict .. py:method:: delete(guid) A method to delete a team member. :param guid: The GUID of the team member to delete :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: TeamUsersAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Team Users API endpoint `_ . The Team Users API works with the new Lacework role-based access control (RBAC) model. After you enable RBAC in the Lacework Console, the Team Users API is available and the legacy Team Members API (deprecated) is disabled. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(guid=None) (Experimental API) A method to get team users. Using no args will get all team users. :param guid: The GUID of the team user to get. :type guid: str, optional :returns: The requested team user(s) :rtype: dict .. py:method:: get_by_guid(guid) (Experimental API) A method to get a TeamUsers object by GUID. :param guid: The GUID of the team user to get. :type guid: str :returns: The requested team user(s) :rtype: dict .. py:method:: create(name, email=None, company=None, description=None, user_enabled=True, type='StandardUser', **request_params) A method to create a new team users standard user object. :param name: The friendly name of the user. :type name: str :param email: The email address of the user (valid only for type=StandardUser). :type email: str :param company: The company of the user (valid only for type=StandardUser). :type company: str :param description: A description text for describing service accounts (valid only for ServiceUser) :type description: str :param user_enabled: Whether the new team user is enabled. :type user_enabled: bool|int, optional :param type: The type of the user to create. Valid values: "StandardUser", "ServiceUser" (Default value = "StandardUser") :type type: str, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created team user :rtype: dict .. py:method:: update(guid, name=None, user_enabled=None, description=None, **request_params) (Experimental API) A method to update a TeamUsers object. :param guid: The GUID of the team user to update :type guid: str :param name: The friendly name of the user. :type name: str :param user_enabled: Whether the new team user is enabled. :type user_enabled: bool|int, optional :param description: A description text for describing service accounts (valid only for ServiceUser). :type description: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created team user :rtype: dict .. py:method:: delete(guid) A method to delete a team user. :param guid: The GUID of the team user to delete :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: UserGroupsAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `User Groups API endpoint `_ . A user group associates Lacework service and standard users with specific permissions in Lacework. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: add_users(guid, user_guids) A method to add users to existing UserGroup object. :param guid: The GUID of the UserGroup to modify :type guid: str :param user_guids: An array of user guids to add to the user group :type user_guids: list of str :returns: The modified results :rtype: dict .. py:method:: remove_users(guid, user_guids) A method to remove users from an existing UserGroup object. :param guid: The GUID of the UserGroup object to modify. :type guid: str :param user_guids: An array of user guids to remove from the user group :type user_guids: list of str :returns: The modified results :rtype: dict .. py:class:: UserProfileAPI(session) Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the `User Profile API endpoint `_ . An organization can contain multiple accounts so you can also manage components such as alerts, resource groups, team members, and audit logs at a more granular level inside an organization. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: get(account_name=None) A method to get Lacework sub-accounts that are managed by your organization account. Using no args will get all sub-accounts. :param account_name: Specify which sub-account to list. :type account_name: str, optional :returns: Details of the requested sub-account(s) :rtype: dict .. py:class:: VulnerabilitiesAPI(session) A class used to represent the `Vulnerabilities API endpoint `_ . The Vulnerabilities API endpoint is a parent for different types of vulnerabilities that can be queried. Due to namespace overlap with the v1 API, this class is a subclass of VulnerabilityAPI to expose those methods and provide backwards compatibility. Attributes: ---------- containers: A ContainerVulnerabilitiesAPI instance. hosts: A HostVulnerabilitiesAPI instance. packages: A SoftwarePackagesAPI instance. .. py:class:: ContainerVulnerabilitiesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Container Vulnerabilities API endpoint. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: scan(registry, repository, tag, **request_params) A method to issue Container Vulnerability scans. :param registry: The container registry to use. :type registry: str :param repository: The container repository to use. :type repository: str :param tag: The container tag to use. :type tag: str :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The status of the requested scan :rtype: dict .. py:method:: status(request_id) A method to get the status of a Container Vulnerability scan. :param request_id: The request ID of the container scan :type request_id: str :returns: The status of the requested scan :rtype: dict .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: ImageSummaryVulnerabilitiesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the ImageSummary Vulnerabilities API endpoint. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: HostVulnerabilitiesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.search_endpoint.SearchEndpoint` A class used to represent the Host Vulnerabilities API endpoint. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: search(json=None, resource=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :param resource: The Lacework API resource to search (Example: "AlertChannels") :type resource: str :Yields: *dict* -- returns a generator which yields a page of objects at a time as returned by the Lacework API. .. py:class:: SoftwarePackagesAPI(session, object_type, endpoint_root='/api/v2') Bases: :py:obj:`laceworksdk.api.base_endpoint.BaseEndpoint` A class used to represent the Software Packages API endpoint. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: scan(os_pkg_info_list, **request_params) A method to initiate a software package vulnerability scan. :param os_pkg_info_list: A list of packages to be scanned given the OS, OS version, package, and package version. Fields are: - os (str): The name of the operating system. - osVer (str): The version of the operating system. - pkg (str): The name of the software package. - pkgVer (str): The verion of the software package. :type os_pkg_info_list: list of dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The resulting vulnerability data :rtype: dict .. py:class:: VulnerabilityExceptionsAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Vulnerabilities Exceptions API endpoint `_ . Lacework provides the ability to create exceptions for certain vulnerable resources and criteria. For example, a certain CVE for a certain package or all packages can be excepted until a set expiry time. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(exception_name, exception_reason, exception_type, props, vulnerability_criteria, resource_scope=None, expiry_time=None, state=True, **request_params) A method to create a new vulnerability exception. :param exception_name: The name of the exception. :type exception_name: str :param exception_reason: The exception reason. Valid values: "False Positive", "Accepted Risk", "Compensating Controls", "Fix Pending", "Other" :type exception_reason: str :param exception_type: The exception type. Valid values: "Container", "Host" :type exception_type: str :param props: The properties of the exception. Fields are: - description (str): The exception description - createdBy (str): The creator of the exception - updatedBy (str): The updator of the exception. :type props: dict of str :param vulnerability_criteria: The criteria for excepted vulnerabilities. Fields are: - cve (list of str): The vulnerability (CVE) ID(s) that you want to constrain the exception to - package (list of dict): The package name(s) (for example, an operating system or language package). This can include a version number - severity (list of str): The severity levels of the vulnerability to constrain the exception to. Valid values: "Info", "Low", "Medium", "High", "Critical" - fixable (list of int): The fixability status (0 or 1) :type vulnerability_criteria: dic :param resource_scope: The scope of resources for which to apply the exception. Fields for this dict change depending on the "exception type" field. See the `API docs `_ for field info. :type resource_scope: dict :param expiry_time: The expiration time for the exception. :type expiry_time: str :param state: Whether the exception is enabled. :type state: bool|int :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created vulnerability exception :rtype: dict .. py:method:: get(guid=None) A method to get vulnerability exceptions. Using no args will get all vulnerability exceptions. :param guid: The GUID of the vulnerability exception to get. :type guid: str, optional :returns: The requested vulnerability exception(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get vulnerability exceptions by GUID. :param guid: The GUID of the vulnerability exception to get. :type guid: str :returns: The requested vulnerability exception(s) :rtype: dict .. py:method:: update(guid, exception_name=None, exception_reason=None, props=None, vulnerability_criteria=None, resource_scope=None, expiry_time=None, state=None, **request_params) A method to update a VulnerabilityExceptions object. :param guid: A string representing the object GUID. :param exception_name: The name of the exception. :type exception_name: str, optional :param exception_reason: The exception reason. Valid values: "False Positive", "Accepted Risk", "Compensating Controls", "Fix Pending", "Other" :type exception_reason: str, optional :param props: The properties of the exception. Fields are: - description (str, optional): The exception description - createdBy (str, optional): The creator of the exception - updatedBy (str, optional): The updator of the exception. :type props: dict of str :param vulnerability_criteria: The criteria for excepted vulnerabilities. Fields are: - cve (list of str): The vulnerability (CVE) ID(s) that you want to constrain the exception to - package (list of dict): The package name(s) (for example, an operating system or language package). This can include a version number - severity (list of str): The severity levels of the vulnerability to constrain the exception to. Valid values: "Info", "Low", "Medium", "High", "Critical" - fixable (list of int): The fixability status (0 or 1) :type vulnerability_criteria: dic :param resource_scope: The scope of resources for which to apply the exception. Fields for this dict change depending on the "exception type" field. See the `API docs `_ for field info. :type resource_scope: dict, optional :param expiry_time: The expiration time for the exception. :type expiry_time: str, optional :param state: Whether the exception is enabled. :type state: bool|int, optional :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The updated vulnerability exception :rtype: dict .. py:method:: delete(guid) A method to delete a vulnerability exception. :param guid: The GUID of the vulnerability exception to delete :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: VulnerabilityPoliciesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Vulnerabilities Policies API endpoint `_ . Lacework provides the ability to create container vulnerability policies to assess your container images at build and/or runtime based on your own unique requirements. For example, a policy can be created for any critical vulnerability with a fix available or a policy to target a specific CVE. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(policy_type, policy_name, severity, state, filter, props, policy_eval_type=None, fail_on_violation=False, alert_on_violation=False, **request_params) A method to create a new vulnerability policy. :param policy_type: The type of the policy. See `API documentation `_ for valid values :type policy_type: str :param policy_name: The name of the policy. :type policy_name: str :param severity: The severity of the policy. Valid values: "Info", "Low", "Medium", "High", "Critical" :type severity: str :param state: A boolean representing the state of the policy. :type state: bool|int :param filter: The filter data for the policy type specified in the "policyType" field. See `API documentation `_ for fields. :type filter: dict :param props: The vulnerability policy's properties. Fields are: - description (str): The property description. - createdBy (str): The creator of the property. - updatedBy (str): The updater of the property. :type props: dict :param policy_eval_type: The policy evaluation type. Valid values: "local" :type policy_eval_type: str, optional :param fail_on_violation: Whether the policy should fail on violations. (Default = False) :type fail_on_violation: bool|int, optional :param alert_on_violation: (bool|int, optional): Whether the policy should alert on violations. (Default = False) :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The newly created vulnerability policy :rtype: dict .. py:method:: get(guid=None) A method to get vulnerability policies. Using no args will get all vulnerability policies. :param guid: The GUID of the vulnerability policy to get :type guid: str, optional :returns: The requested vulnerability policie(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get a vulnerability policy by GUID. :param guid: The GUID of the vulnerability policy to get :type guid: str :returns: The requested vulnerability policie(s) :rtype: dict .. py:method:: update(guid, policy_type=None, policy_name=None, severity=None, state=None, filter=None, props=None, policy_eval_type=None, fail_on_violation=None, alert_on_violation=None, **request_params) A method to update a VulnerabilityPolicies object. :param guid: The GUID of the policy to update :type guid: str :param policy_type: The type of the policy. See `API documentation `_ for valid values :type policy_type: str, optional :param policy_name: The name of the policy. :type policy_name: str, optional :param severity: The severity of the policy. Valid values: "Info", "Low", "Medium", "High", "Critical" :type severity: str, optional :param state: A boolean representing the state of the policy. :type state: bool|int, optional :param filter: The filter data for the policy type specified in the "policyType" field. See `API documentation `_ for fields. :type filter: dict, optional :param props: The vulnerability policy's properties. Fields are: - description (str): The property description. - createdBy (str): The creator of the property. - updatedBy (str): The updater of the property. :type props: dict :param policy_eval_type: The policy evaluation type. Valid values: "local" :type policy_eval_type: str, optional :param fail_on_violation: Whether the policy should fail on violations. (Default = False) :type fail_on_violation: bool|int, optional :param alert_on_violation: (bool|int, optional): Whether the policy should alert on violations. (Default = False) :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: updated vulnerability policy :rtype: dict .. py:method:: delete(guid) A method to delete a vulnerability policy. :param guid: The GUID of the vulnerability policy to delete :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict .. py:class:: LaceworkClient(account=None, subaccount=None, api_key=None, api_secret=None, api_token=None, instance=None, base_domain=None, profile=None) Lacework API wrapper for Python. .. py:property:: subaccount Returns the value of the session's subaccount. .. py:method:: set_org_level_access(org_level_access) A method to set whether the client should use organization-level API calls. .. py:method:: set_subaccount(subaccount) A method to update the subaccount the client should use for API calls.