:py:mod:`laceworksdk.api.v2.data_export_rules`
==============================================

.. py:module:: laceworksdk.api.v2.data_export_rules

.. autoapi-nested-parse::

   Lacework DataExportRules API wrapper.



Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   laceworksdk.api.v2.data_export_rules.DataExportRulesAPI




.. py:class:: DataExportRulesAPI(session)


   Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint`

   A class used to represent the `Data Export Rules API endpoint <https://docs.lacework.net/api/v2/docs/#tag/DataExportRules>`_

   S3 data export allows you to export data collected from your Lacework account and send it to an S3 bucket of your
   choice. You can extend Lacework processed/normalized data to report/visualize alone or combine with other
   business/security data to get insights and make meaningful business decisions.

   .. py:property:: session

      Get the :class:`HttpSession` instance the object is using.

   .. py:method:: create(type, filters, intg_guid_list, **request_params)

      A method to create a new DataExportRules object.

      :param type: The type of data export rule to create. Valid values are:  "Dataexport"
      :type type: str
      :param intg_guid_list: The guids of the alert channels for the rule to use
      :type intg_guid_list: list of str
      :param filters: A dict containing the fields needed to define the rule. fields are:

                      - name (str): The name of the alert
                      - enabled (bool|int): Whether the export rule is enabled
                      - description (str, optional): The description of the export rule
                      - profileVersions (list of str, optional): A list of profile versions
      :type filters: dict
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The created data export rule
      :rtype: dict


   .. py:method:: get(guid=None)

      A method to get data export rules. Using no args will get all rules.

      :param guid: The guid of the rule to get.
      :type guid: str, optional

      :returns: The requested data export rule(s)
      :rtype: dict


   .. py:method:: get_by_guid(guid)

      A method to get an DataExportRules object by GUID.

      :param guid: The guid of the rule to get.
      :type guid: str

      :returns: The requested data export rule
      :rtype: dict


   .. py:method:: update(guid, filters=None, intg_guid_list=None, **request_params)

      A method to update an existing DataExportRules object.

      :param guid: The guid of the export rule to update
      :type guid: str
      :param intg_guid_list: The guids of the alert channels for the rule to use
      :type intg_guid_list: list of str
      :param filters: A dict containing the fields needed to define the rule. fields are:

                      - name (str, optional): The name of the alert
                      - enabled (bool|int, optional): Whether the export rule is enabled
                      - description (str, optional): The description of the export rule
                      - profileVersions (list of str, optional): A list of profile versions
      :type filters: dict
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The updated data export rule
      :rtype: dict


   .. py:method:: delete(guid)

      A method to delete a data export rule.

      :param guid: The GUID of the data export rule to delete
      :type guid: str

      :returns: a Requests response object containing the response code
      :rtype: requests.models.Response


   .. py:method:: search(json=None)

      A method to search objects.

      See the API documentation for this API endpoint for valid fields to search against.

      NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them,
      depending on the operation you are using.

      :param json: The desired search parameters:

                   - timeFilter (dict, optional): A dict containing the time frame for the search:

                       - startTime (str): The start time for the search
                       - endTime (str): The end time for the search

                   - filters (list of dict, optional): Filters based on field contents:

                       - field (str): The name of the data field to which the condition applies

                       - expression (str): The comparison operator for the filter condition. Valid values are:


                       "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge",                 "lt", "le", "between"


                       - value (str, optional):  The value that the condition checks for in the specified field. Use this attribute                 when using an operator that requires a single value.
                       - values (list of str, optional): The values that the condition checks for in the specified field. Use this                 attribute when using an operator that requires multiple values.
                   - returns (list of str, optional): The fields to return
      :type json: dict

      :returns: returns a dict containing the search results
      :rtype: dict