:py:mod:`laceworksdk.api.v2.report_rules` ========================================= .. py:module:: laceworksdk.api.v2.report_rules .. autoapi-nested-parse:: Lacework ReportRules API wrapper. Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: laceworksdk.api.v2.report_rules.ReportRulesAPI .. py:class:: ReportRulesAPI(session) Bases: :py:obj:`laceworksdk.api.crud_endpoint.CrudEndpoint` A class used to represent the `Report Rules API endpoint `_ Lacework combines alert channels and report rules to provide a flexible method for routing reports. For report rules, you define information about which reports to send. For alert channels, you define where to send reports such as to Jira, Slack, or email. .. py:property:: session Get the :class:`HttpSession` instance the object is using. .. py:method:: create(type, filters, intg_guid_list, report_notification_types, **request_params) A method to create a new report rule. :param type: The type of report rule. Valid values: 'Report' :type type: str :param intg_guid_list: A list of integration GUIDs representing the report channels to use. :type intg_guid_list: list of str :param filters: A dictionary containing the definition of the new rule. Fields are: - name (str): The report rule name - description (str, optional): The report rule description - enabled (bool|int): Whether the report rule is enabled - resourceGroups (list of str): A list of resource groups to apply the rule to - severity (list of ints): A list severities to apply the rule to. Valid values: 1=Critical 2=High 3=Medium 4=Low 5=Info :type filters: dict :param report_notification_types: A dict of booleans for the report types that you want the rule to apply to. Fields are: "agentEvents", "awsCis14", "awsCisS3", "awsCloudtrailEvents", "awsComplianceEvents", "awsCis14IsoIec270022022", "awsCyberEssentials22", "awsCsaCcm405", "azureActivityLogEvents", "azureCis", "azureCis131", "azureComplianceEvents", "azurePci", "azurePciRev2", "azureSoc", "azureSocRev2", "azureIso27001", "azureHipaa", "azureNistCsf", "azureNist80053Rev5", "azureNist800171Rev2", "gcpAuditTrailEvents", "gcpCis", "gcpComplianceEvents", "gcpHipaa", "gcpHipaaRev2", "gcpIso27001", "gcpCis12", "gcpCis13", "gcpK8s", "gcpPci", "gcpPciRev2", "gcpSoc", "gcpSocRev2", "gcpNistCsf", "gcpNist80053Rev4", "gcpNist800171Rev2", "hipaa", "iso2700", "k8sAuditLogEvents", "nist800"-"53Rev4", "nist800"-"171Rev2", "openShiftCompliance", "openShiftComplianceEvents", "pci", "platformEvents", "soc", "awsSocRev2", "trendReport", "awsPciDss321", "awsNist80053Rev5", "awsSoc2", "awsNist800171Rev2", "awsNistCsf", "awsCmmc102", "awsHipaa", "awsIso270012013" :type report_notification_types: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created report rule :rtype: dict .. py:method:: get(guid=None) A method to get ReportRules objects. Using no args will get all report rules. :param guid: The GUID of the report rule to get :type guid: str, optional :returns: The requested report rule(s) :rtype: dict .. py:method:: get_by_guid(guid) A method to get a report rule by GUID. :param guid: The GUID of the report rule to get :type guid: str :returns: The requested report rule(s) :rtype: dict .. py:method:: update(guid, filters=None, intg_guid_list=None, report_notification_types=None, **request_params) A method to update a ReportRules object. :param guid: The GUID of the report rule to update :type guid: str :param intg_guid_list: A list of integration GUIDs representing the report channels to use :type intg_guid_list: list of str, optional :param filters: A dictionary containing the definition of the new rule. Fields are: - name (str): The report rule name - description (str, optional): The report rule description - enabled (bool|int, optional): Whether the report rule is enabled - resourceGroups (list of str, optional): A list of resource groups to apply the rule to - severity (list of ints, optional): A list severities to apply the rule to. Valid values: 1=Critical 2=High 3=Medium 4=Low 5=Info :type filters: dict, optional :param report_notification_types: A dict of booleans for the report types that you want the rule to apply to. Fields are: "agentEvents", "awsCis14", "awsCisS3", "awsCloudtrailEvents", "awsComplianceEvents", "awsCis14IsoIec270022022", "awsCyberEssentials22", "awsCsaCcm405", "azureActivityLogEvents", "azureCis", "azureCis131", "azureComplianceEvents", "azurePci", "azurePciRev2", "azureSoc", "azureSocRev2", "azureIso27001", "azureHipaa", "azureNistCsf", "azureNist80053Rev5", "azureNist800171Rev2", "gcpAuditTrailEvents", "gcpCis", "gcpComplianceEvents", "gcpHipaa", "gcpHipaaRev2", "gcpIso27001", "gcpCis12", "gcpCis13", "gcpK8s", "gcpPci", "gcpPciRev2", "gcpSoc", "gcpSocRev2", "gcpNistCsf", "gcpNist80053Rev4", "gcpNist800171Rev2", "hipaa", "iso2700", "k8sAuditLogEvents", "nist800"-"53Rev4", "nist800"-"171Rev2", "openShiftCompliance", "openShiftComplianceEvents", "pci", "platformEvents", "soc", "awsSocRev2", "trendReport", "awsPciDss321", "awsNist80053Rev5", "awsSoc2", "awsNist800171Rev2", "awsNistCsf", "awsCmmc102", "awsHipaa", "awsIso270012013" :type report_notification_types: dict :param request_params: Use to pass any additional parameters the API :type request_params: dict, optional :returns: The created report rule :rtype: dict .. py:method:: delete(guid) A method to delete a report rule. :param guid: The GUID of the report rule to delete. :type guid: str :returns: a Requests response object containing the response code :rtype: requests.models.Response .. py:method:: search(json=None) A method to search objects. See the API documentation for this API endpoint for valid fields to search against. NOTE: While the "value" and "values" fields are marked as "optional" you must use one of them, depending on the operation you are using. :param json: The desired search parameters: - timeFilter (dict, optional): A dict containing the time frame for the search: - startTime (str): The start time for the search - endTime (str): The end time for the search - filters (list of dict, optional): Filters based on field contents: - field (str): The name of the data field to which the condition applies - expression (str): The comparison operator for the filter condition. Valid values are: "eq", "ne", "in", "not_in", "like", "ilike", "not_like", "not_ilike", "not_rlike", "rlike", "gt", "ge", "lt", "le", "between" - value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value. - values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values. - returns (list of str, optional): The fields to return :type json: dict :returns: returns a dict containing the search results :rtype: dict