:py:mod:`laceworksdk.api.v2.policies`
=====================================

.. py:module:: laceworksdk.api.v2.policies

.. autoapi-nested-parse::

   Lacework Policies API wrapper.



Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   laceworksdk.api.v2.policies.PoliciesAPI




.. py:class:: PoliciesAPI(session)


   Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint`

   A class used to represent the `Policies API endpoint <https://docs.lacework.net/api/v2/docs/#tag/Policies>`_

   Policies are a mechanism used to add annotated metadata to queries for improving the context of alerts, reports,
   and information displayed in the Lacework Console. You can fully customize policies.

   .. py:property:: session

      Get the :class:`HttpSession` instance the object is using.

   .. py:method:: create(policy_type, query_id, enabled, title, description, remediation, severity, alert_enabled, alert_profile, limit=1000, eval_frequency=None, tags=[], **request_params)

      A method to create a new Policies object.

      :param policy_type: The policy type. Valid values are: "Violation"
      :type policy_type: str, optional
      :param query_id: The policy query ID.
      :type query_id: str
      :param enabled: Whether the policy is enabled.
      :type enabled: bool
      :param title: The policy title.
      :type title: str
      :param description: The policy description.
      :type description: str
      :param remediation: The remediation strategy for the object.
      :type remediation: str
      :param severity: A string representing the object severity. Valid values are :          "info", "low", "medium", "high", "critical"
      :type severity: str
      :param alert_enabled: A boolean representing whether alerting is enabled.
      :type alert_enabled: bool
      :param alert_profile: A string representing the alert profile.
      :type alert_profile: str, optional
      :param limit: An integer representing the number of results to return. (Default value = 1000)
      :type limit: int, optional
      :param tags: A list of policy tags
      :type tags: list of str
      :param eval_frequency: A string representing the frequency in which to evaluate the           object. Valid values are: "Hourly", "Daily"
      :type eval_frequency: str, optional, deprecated
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The newly created policy.
      :rtype: dict


   .. py:method:: get(policy_id=None)

      A method to get Policies objects. Using no args will get all policies.

      :param policy_id: A string representing the object policy ID.
      :type policy_id: str, optional

      :returns: The requested policies
      :rtype: dict


   .. py:method:: get_by_id(policy_id)

      A method to get a Policies object by policy ID.

      :param policy_id: A string representing the object policy ID.
      :type policy_id: str

      :returns: The requested policy
      :rtype: dict


   .. py:method:: update(policy_id, policy_type=None, query_id=None, enabled=None, title=None, description=None, remediation=None, severity=None, alert_enabled=None, alert_profile=None, limit=None, tags=[], eval_frequency=None, **request_params)

      A method to update a Lacework Query Language (LQL) policy.

      :param policy_id: A string representing the object policy ID.
      :type policy_id: str
      :param policy_type: The policy type. Valid values are: "Violation"
      :type policy_type: str, optional
      :param query_id: The policy query ID.
      :type query_id: str, optional
      :param enabled: Whether the policy is enabled.
      :type enabled: bool, optional
      :param title: The policy title.
      :type title: str, optional
      :param description: The policy description.
      :type description: str, optional
      :param remediation: The remediation strategy for the object.
      :type remediation: str, optional
      :param severity: A string representing the object severity. Valid values are :          "info", "low", "medium", "high", "critical"
      :type severity: str, optional
      :param alert_enabled: A boolean representing whether alerting is enabled.
      :type alert_enabled: bool, optional
      :param alert_profile: A string representing the alert profile.
      :type alert_profile: str, optional
      :param limit: An integer representing the number of results to return. (Default value = 1000)
      :type limit: int, optional
      :param tags: A list of policy tags
      :type tags: list of str, optional
      :param eval_frequency: A string representing the frequency in which to evaluate the           object. Valid values are: "Hourly", "Daily"
      :type eval_frequency: str, optional, deprecated
      :param request_params: Use to pass any additional parameters the API
      :type request_params: dict, optional

      :returns: The newly created policy.
      :rtype: dict


   .. py:method:: bulk_update(json)

      A method to update Policy objects in bulk.

      :param json: A list of dictionaries containing policy configuration.
                   - policyId (str): The ID of the policy.
                   - enabled (bool): The status of the policy.
                   - severity (str): The severity of the policy. Valid values: "info", "low", "medium", "high", "critical"
      :type json: list of dicts

      :returns: The updated policies.
      :rtype: dict


   .. py:method:: delete(policy_id)

      A method to delete a policy.

      :param policy_id: A string representing the policy ID.
      :type policy_id: str

      :returns: a Requests response object containing the response code
      :rtype: requests.models.Response


   .. py:method:: search(json=None)

      A method to search objects.

      See the API documentation for this API endpoint for valid fields to search against.

      NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them,
      depending on the operation you are using.

      :param json: The desired search parameters:

                   - timeFilter (dict, optional): A dict containing the time frame for the search:

                       - startTime (str): The start time for the search
                       - endTime (str): The end time for the search

                   - filters (list of dict, optional): Filters based on field contents:

                       - field (str): The name of the data field to which the condition applies

                       - expression (str): The comparison operator for the filter condition. Valid values are:


                       "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge",                 "lt", "le", "between"


                       - value (str, optional):  The value that the condition checks for in the specified field. Use this attribute                 when using an operator that requires a single value.
                       - values (list of str, optional): The values that the condition checks for in the specified field. Use this                 attribute when using an operator that requires multiple values.
                   - returns (list of str, optional): The fields to return
      :type json: dict

      :returns: returns a dict containing the search results
      :rtype: dict