laceworksdk.api
Lacework API wrappers.
Subpackages
laceworksdk.api.v2
laceworksdk.api.v2.activities
laceworksdk.api.v2.agent_access_tokens
laceworksdk.api.v2.agent_info
laceworksdk.api.v2.alert_channels
laceworksdk.api.v2.alert_profiles
laceworksdk.api.v2.alert_rules
laceworksdk.api.v2.alerts
laceworksdk.api.v2.audit_logs
laceworksdk.api.v2.cloud_accounts
laceworksdk.api.v2.cloud_activities
laceworksdk.api.v2.configs
laceworksdk.api.v2.container_registries
laceworksdk.api.v2.contract_info
laceworksdk.api.v2.data_export_rules
laceworksdk.api.v2.datasources
laceworksdk.api.v2.entities
laceworksdk.api.v2.events
laceworksdk.api.v2.inventory
laceworksdk.api.v2.organization_info
laceworksdk.api.v2.policies
laceworksdk.api.v2.policy_exceptions
laceworksdk.api.v2.queries
laceworksdk.api.v2.report_definitions
laceworksdk.api.v2.report_rules
laceworksdk.api.v2.reports
laceworksdk.api.v2.resource_groups
laceworksdk.api.v2.schemas
laceworksdk.api.v2.team_members
laceworksdk.api.v2.team_users
laceworksdk.api.v2.user_groups
laceworksdk.api.v2.user_profile
laceworksdk.api.v2.vulnerabilities
laceworksdk.api.v2.vulnerability_exceptions
laceworksdk.api.v2.vulnerability_policies
Submodules
Package Contents
Classes
A class used to represent the Activities API endpoint |
|
A class used to represent the Agent Access Tokens API endpoint |
|
A class used to represent the Agent Info API endpoint |
|
A class used to represent the Alert Channels API endpoint |
|
A class used to represent the Alert Profiles API endpoint |
|
A class used to represent the Alert Rules API endpoint |
|
A class used to represent the Alerts API endpoint |
|
A class used to represent the Audit Log API endpoint |
|
A class used to represent the Cloud Accounts API endpoint |
|
A class used to represent the Cloud Activities API endpoint |
|
A class used to represent the Configs API endpoint |
|
A class used to represent the Container Registries API endpoint |
|
A class used to represent the Contract Info API endpoint |
|
A class used to represent the Datasources API endpoint |
|
A class used to represent the Data Export Rules API endpoint |
|
A class used to represent the Entities API endpoint |
|
A class used to represent the Events API endpoint |
|
A class used to represent the Inventory API endpoint |
|
A class used to represent the Organization Info API endpoint |
|
A class used to represent the Policies API endpoint |
|
A class used to represent the Policies Exceptions API endpoint |
|
A class used to represent the Queries API endpoint |
|
A class used to represent the Report Definition API endpoint |
|
A class used to represent the Report Rules API endpoint |
|
A class used to represent the Reports API endpoint |
|
A class used to represent the Resource Groups API endpoint |
|
A class used to represent the Schemas API endpoint |
|
A class used to represent the Team Members API endpoint |
|
A class used to represent the Team Users API endpoint . |
|
A class used to represent the User Groups API endpoint . |
|
A class used to represent the User Profile API endpoint . |
|
A class used to represent the Vulnerabilities API endpoint . |
|
A class used to represent the Vulnerabilities Exceptions API endpoint . |
|
A class used to represent the Vulnerabilities Policies API endpoint . |
|
Lacework API wrapper for Python. |
- class laceworksdk.api.ActivitiesAPI(session)[source]
A class used to represent the Activities API endpoint
Get information about network activities detected through the Lacework agent.
The Activities API endpoint is a parent for different types of activities that can be queried.
Attributes:
- changed_files:
A ChangedFilesAPI instance.
- connections:
A ConnectionsAPI instance.
- dns:
A DnsAPI instance.
- user_logins:
A UserLoginsAPI instance.
- class ChangedFilesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Changed Files API endpoint
Search for changed files in your environment
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class ConnectionsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Connections API endpoint
Search for connections in your environment.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class DnsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the DNS Lookup API endpoint
Search for DNS summaries in your environment.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class UserLoginsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the UserLogins API endpoint
Search for user logins in your environment.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.AgentAccessTokensAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Agent Access Tokens API endpoint
To connect to the Lacework instance, Lacework agents require an agent access token.
- property session
Get the
HttpSession
instance the object is using.
- create(alias, enabled, props=None, **request_params)[source]
A method to create a new agent access token.
- Parameters:
alias (str) – A string representing the name you wish to give to the created token.
enabled (bool|int) – A boolean/integer representing whether the token is enabled.
props (dict, optional) – A dict containing optional values for the following fields: - description(str, optional): a description of the token - os(str, optional): the operating system - subscription(str, optional): The subscription level of the token. Valid values are: “standard”, “professional”, “enterprise”
request_params (dict) – Use to pass any additional parameters the API
- Returns:
The new access token
- Return type:
dict
- get_by_id(id)[source]
A method to get an agent access token by its ID.
- Parameters:
id (str) – A string representing the object ID.
- Returns:
a JSON object containing info regarding the requested access token
- Return type:
dict
- update(id, token_enabled=None, props=None, **request_params)[source]
A method to update an agent access token.
- Parameters:
id (str) – A string representing the object ID.
token_enabled (bool|int, optional) – A boolean/integer representing whether the object is enabled.
props (dict, optional) –
A dict containing optional values for the following fields:
description (str, optional): a description of the token
os (str, optional): the operating system
subscription (str, optional): The subscription level of the token. Valid values are:
”standard”, “professional”, “enterprise”
request_params (dict) – Use to pass any additional parameters the API
- Returns:
The updated access token.
- Return type:
dict
- get(id=None, resource=None, **request_params)
A method to get objects.
- Parameters:
id (str) – A string representing the object ID.
resource (str) – The Lacework API resource type to get.
request_params (any) – A dictionary of parameters to add to the request.
- Returns:
JSON containing the retrieved object(s)
- Return type:
dict
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.AgentInfoAPI(session)[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Agent Info API endpoint
View and verify information about all agents.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.AlertChannelsAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Alert Channels API endpoint
Lacework combines alert channels with alert rules or report rules to provide a flexible method for routing alerts and reports.
- property session
Get the
HttpSession
instance the object is using.
- create(name, type, enabled, data, **request_params)[source]
A method to create a new AlertChannels object.
- Parameters:
name (str) – The name of the alert channel you wish to create.
type (str) – The type of alert channel you wish to create. See the API docs for valid values.
enabled (bool|int) – A boolean/integer representing whether the object is enabled. (0 or 1)
data (dict) –
A dict matching the schema for the specified type. See the API docs for valid values.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The new alert channel
- Return type:
dict
- get(guid=None, type=None)[source]
A method to get all Alert Channels, optionally filtered by guid and/or type.
- Parameters:
guid (str, optional) – The alert channel GUID.
type (str, optional) – A string representing the alert channel type.
- Returns:
The channel(s) requested.
- Return type:
dict
- get_by_guid(guid)[source]
A method to get AlertChannels objects by GUID.
- Parameters:
guid (str) – The alert channel GUID.
- Returns:
The channel(s) requested.
- Return type:
dict
- get_by_type(type)[source]
A method to get AlertChannels objects by type.
- Parameters:
type (str) – The alert channel type to return
- Returns:
The channel(s) requested.
- Return type:
dict
- update(guid, name=None, type=None, enabled=None, data=None, **request_params)[source]
A method to update an AlertChannels object.
- Parameters:
guid (str) – The guild of the alert channel to update.
name (str) – The name of the alert channel you wish to update.
type (str) –
The type of alert channel you wish to update. See the API docs for valid values.
enabled (bool|int) – A boolean/integer representing whether the object is enabled. (0 or 1)
data (dict) –
A dict matching the schema for the specified type. See the API docs for valid values.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated alert channel info.
- Return type:
dict
- delete(guid)[source]
A method to delete an AlertChannels object.
- Parameters:
guid (str) – A string representing the object GUID.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- test(guid)[source]
A method to test an AlertChannels object.
- Parameters:
guid (str) – A string representing the object GUID.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.AlertProfilesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Alert Profiles API endpoint
An alert profile is a set of metadata that defines how your LQL queries get consumed into events and alerts.
- property session
Get the
HttpSession
instance the object is using.
- create(alert_profile_id, alerts, extends, **request_params)[source]
A method to create a new AlertProfiles object.
- Parameters:
alert_profile_id (str) – A unique ID to name the new alert profile
extends (str) – The base alert profile object.
alerts (list of dict) –
A list of dictionaries containing alert details to create. Alert fields are:
name (str): The name of the alert.
eventName (str): The name to show in Event Triage.
description (str): The description to show in Event Triage.
subject (str): The subject to show in the Event Dossier.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
A JSON object containing the created Alert Profile
- Return type:
dict
- get(id=None)[source]
A method to get AlertProfiles objects.
- Parameters:
id (str) – A string representing the alert profile ID.
- Returns:
The returned alert profile(s)
- Return type:
dict
- get_by_id(id)[source]
A method to get an AlertProfiles object by ID.
- Parameters:
id (str) – A string representing the alert profile ID.
- Returns:
The returned alert profile(s)
- Return type:
dict
- update(id, alerts=None, **request_params)[source]
A method to update an AlertProfiles object.
- Parameters:
id (str) – A string representing the object ID.
alerts (list of dicts) –
A list of dictionaries containing alert details to update. Alert fields are:
name (str): The name of the alert.
eventName (str): The name to show in Event Triage.
description (str): The description to show in Event Triage.
subject (str): The subject to show in the Event Dossier.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated Alert Profile
- Return type:
dict
- class laceworksdk.api.AlertRulesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Alert Rules API endpoint
Lacework combines alert channels and alert rules to provide a flexible method for routing alerts. For alert channels, you define information about where to send alerts, such as to Jira, Slack, or email. For alert rules, you define information about which alert types to send, such as critical and high severity compliance alerts.
- property session
Get the
HttpSession
instance the object is using.
- create(type, filters, intg_guid_list, **request_params)[source]
A method to create new Alert Rules.
- Parameters:
type (str) – The type of the alert rule. Valid values are: “Event”
filters (dict) –
The alert rule definition. See the API docs for valid values.
intg_guid_list (list of str) – A list of GUIDs representing the alert channels to use.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The new rule.
- Return type:
dict
- get(guid=None)[source]
A method to get AlertRules objects.
- Parameters:
guid (str) – The alert rule GUID to retrieve.
- Returns:
The alert rule(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get an AlertRules object by GUID.
- Parameters:
guid (str) – The alert rule GUID.
- Returns:
The alert rule
- Return type:
dict
- update(guid, filters=None, intg_guid_list=None, **request_params)[source]
A method to update an AlertRules object.
- Parameters:
guid (str) – The Alert Rule GUID you wish to update.
filters (dict, optional) –
The alert rule definition. See the API docs for valid values.
intg_guid_list (list of str, optional) – A list of GUIDs representing the alert channels to use.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated alert rule
- Return type:
dict
- delete(guid)[source]
A method to delete an AlertRules object.
- Parameters:
guid (str) – The alert rule GUID.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.AlertsAPI(session)[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Alerts API endpoint
Lacework provides real-time alerts that are interactive and manageable. Each alert contains various metadata information, such as severity level, type, status, alert category, and associated tags.
- property session
Get the
HttpSession
instance the object is using.
- get(start_time=None, end_time=None, limit=None, **request_params)[source]
A method to get Alerts.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
limit (int) – An integer representing the number of Alerts to return.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The requested alert(s)
- Return type:
dict
- get_details(id, scope, **request_params)[source]
A method to get Alerts objects by ID.
- Parameters:
id (str) – The alert ID.
scope (str) – The scope of the details to return. Valid values are: “Details”, “Investigation”, “Events”, “RelatedAlerts”, “Integrations”, “Timeline”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The requested alert details.
- Return type:
dict
- comment(id, comment)[source]
A method to comment on an Alerts object.
- Parameters:
id (str) – The alert ID.
comment (str) – The comment to post.
- Returns:
The posted comment
- Return type:
dict
- close(id, reason, comment=None)[source]
A method to close an Alert.
- Parameters:
id (str) – The alert ID.
comment (str, option) – A comment on the reason. If 0 is chosen for the “reason” field then the “comment” field is required.
reason (int) – An number representing the close reason. Valid values are: 0: Other, 1: False positive, 2: Not enough information, 3: Malicious and have resolution in place, 4: Expected because of routine testing
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.AuditLogsAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Audit Log API endpoint
Get audit logs.
- property session
Get the
HttpSession
instance the object is using.
- get(start_time=None, end_time=None, **request_params)[source]
A method to get audit logs.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The audit logs for the requested time period.
- Return type:
dict
- search(json=None)[source]
A method to search audit logs.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (list of dicts) –
A list of dictionaries containing the desired search parameters:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.CloudAccountsAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Cloud Accounts API endpoint
Cloud accounts are integrations between Lacework and cloud providers such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
- property session
Get the
HttpSession
instance the object is using.
- create(name, type, enabled, data, **request_params)[source]
A method to create a new cloud accounts integration.
- Parameters:
name (str) – The name of the integration to create.
type (str) –
The type of the integration. See the API docs for valid values.
enabled (bool|int) – Whether the object is enabled.
data (dict) –
The definition of the new integration to create. Note this changes depending on the value of the “type” field. See the API docs for valid values.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
Details of the newly created cloud account integration.
- Return type:
dict
- get(guid=None, type=None)[source]
A method to get cloud account integrations. Using no args will get all integrations.
- Parameters:
guid (str, optional) – The GUID of the integration to retrieve.
type (str, optional) – The type of the integration(s) to retrieve. Valid types are: “AwsCfg”, “AwsCtSqs”, “AwsEksAudit”, “AwsUsGovCfg”, “AwsUsGovCtSqs”, “AzureAlSeq”, “AzureCfg”, “GcpAtSes”, “GcpCfg”
- Returns:
The details of the requested integration(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get a cloud account integration by its GUID.
- Parameters:
guid (str) – The GUID of the integration to retrieve.
- Returns:
The details of the requested integration.
- Return type:
dict
- get_by_type(type)[source]
A method to get cloud account integration(s) by type.
- Parameters:
type (str, optional) – The type of the integration(s) to retrieve. Valid types are: “AwsCfg”, “AwsCtSqs”, “AwsEksAudit”, “AwsUsGovCfg”, “AwsUsGovCtSqs”, “AzureAlSeq”, “AzureCfg”, “GcpAtSes”, “GcpCfg”
- Returns:
The details of the requested integration(s)
- Return type:
dict
- update(guid, name=None, type=None, enabled=None, data=None, **request_params)[source]
A method to update an CloudAccounts object.
- Parameters:
guid (str) – The GUID of the integration to update.
name (str, optional) – The integration name.
type (str) –
The type of the integration. See the API docs for valid values.
enabled (bool|int) – Whether the object is enabled.
data (dict) –
The definition of the new integration to create. Note this changes depending on the value of the “type” field. See the API docs for valid values.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated details for the integration specified.
- Return type:
dict
- delete(guid)[source]
A method to delete a cloud account integration.
- Parameters:
guid (str) – The integration GUID to delete.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.CloudActivitiesAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Cloud Activities API endpoint
Get information about cloud activities for the integrated AWS cloud accounts in your Lacework instance.
- property session
Get the
HttpSession
instance the object is using.
- get(start_time=None, end_time=None, **request_params)[source]
A method to get cloud activities objects.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The requested cloud activity data.
- Return type:
dict
- get_pages(start_time=None, end_time=None, **request_params)[source]
A method to get an iterator of activities
A helper method that yields a generator which allows you to iterate through the resulting pages of activities. Call this instead of the “get” method if you don’t want to write your own code to get the paginated results.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
request_params (dict, optional) – Use to pass any additional parameters the API
- Yields:
dict – a generator which yields a dict of cloud activities.
- get_data_items(start_time=None, end_time=None, **request_params)[source]
A method to get an iterator of activities
A helper method that yields a generator which allows you to iterate through the resulting pages of activities. Call this instead of the “get” method if you don’t want to write your own code to get the paginated results.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
request_params (dict, optional) – Use to pass any additional parameters the API
- Yields:
dict – a generator which yields multipe dicts of cloud activities.
- search(json=None)[source]
A method to search cloud activities.
- Parameters:
json (list of dicts) –
A list of dictionaries containing the desired search parameters:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute
when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this
attribute when using an operator that requires multiple values.
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.ConfigsAPI(session)[source]
A class used to represent the Configs API endpoint
Get information about compliance configurations.
The Configs API endpoint is a parent for different types of configs that can be queried.
- compliance_evaluations
A ComplianceEvaluationsAPI instance.
- Type:
- azure_subscriptions
An AzureSubscriptions instance.
- Type:
- gcp_projects
A GcpProjects instance.
- Type:
- class AzureSubscriptions(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.read_endpoint.ReadEndpoint
A class used to represent the Azure Subscriptions API endpoint.
Get a list of Azure subscription IDs for an entire account or for a specific Azure tenant.
- property session
Get the
HttpSession
instance the object is using.
- get(id=None, resource=None, **request_params)
A method to get objects.
- Parameters:
id (str) – A string representing the object ID.
resource (str) – The Lacework API resource type to get.
request_params (dict) – Use to pass any additional parameters the API
- Returns:
the requested o
- Return type:
dict
- class GcpProjects(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.read_endpoint.ReadEndpoint
A class used to represent the GCP Projects API endpoint.
- property session
Get the
HttpSession
instance the object is using.
- get(id=None, resource=None, **request_params)
A method to get objects.
- Parameters:
id (str) – A string representing the object ID.
resource (str) – The Lacework API resource type to get.
request_params (dict) – Use to pass any additional parameters the API
- Returns:
the requested o
- Return type:
dict
- class ComplianceEvaluationsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Compliance Evaluations API endpoint.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.ContainerRegistriesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Container Registries API endpoint
Lacework provides the ability to assess, identify, and report vulnerabilities found in the operating system software packages in a Docker container image. After integrating a container registry in Lacework, Lacework finds all container images in the registry repositories, assesses those container images for software packages with known vulnerabilities, and reports them.
- property session
Get the
HttpSession
instance the object is using.
- create(name, type, enabled, data, **request_params)[source]
A method to create a new container registry integration.
- Parameters:
name (str) – The name to use to create the container registry integration.
enabled (bool|int) – Whether the integration is enabled.
type (str) –
The type of the integration. See the API docs for valid values.
enabled – Whether the object is enabled.
data (dict) –
The definition of the new integration to create. Note this changes depending on the value of the “type” field. See the API docs for valid values.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
Details for the newly created container registry integration
- Return type:
dict
- get(guid=None, type=None)[source]
A method to get ContainerRegistries objects. Using no args will get all integrations.
- Parameters:
guid (str, optional) – The GUID of the container registry integration to get.
type (str, optional) – The type of the container registry integration(s) to get. Valid types are: “ContVulnCfg”
- Returns:
The details of the requested integration(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get a container registry integration by GUID.
- Parameters:
guid (str) – The GUID of the container registry integration to get
- Returns:
The details of the requested integration
- Return type:
dict
- get_by_type(type)[source]
A method to get container registry integration(s) by type.
- Parameters:
type (str) – The type of the container registry integration(s) to get. Valid types are: “ContVulnCfg”
- Returns:
The details of the requested integration(s)
- Return type:
dict
- update(guid, name=None, type=None, enabled=None, data=None, **request_params)[source]
A method to update an ContainerRegistries object.
- Parameters:
guid – A string representing the object GUID.
name (str) – The name to use to create the container registry integration.
enabled (bool|int) – Whether the integration is enabled.
type (str) –
The type of the integration. See the API docs for valid values.
enabled – Whether the object is enabled.
data (dict) –
The definition of the new integration to create. Note this changes depending on the value of the “type” field. See the API docs for valid values.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
Details for the updated container registry integration
- Return type:
dict
- delete(guid)[source]
A method to delete a container registry integration .
- Parameters:
guid (str) – The GUID of the container registry integration to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.ContractInfoAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Contract Info API endpoint
Get Lacework contract information.
- property session
Get the
HttpSession
instance the object is using.
- class laceworksdk.api.DatasourcesAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Datasources API endpoint
Get schema details for all datasources that you can query using LQL.
- property session
Get the
HttpSession
instance the object is using.
- class laceworksdk.api.DataExportRulesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Data Export Rules API endpoint
S3 data export allows you to export data collected from your Lacework account and send it to an S3 bucket of your choice. You can extend Lacework processed/normalized data to report/visualize alone or combine with other business/security data to get insights and make meaningful business decisions.
- property session
Get the
HttpSession
instance the object is using.
- create(type, filters, intg_guid_list, **request_params)[source]
A method to create a new DataExportRules object.
- Parameters:
type (str) – The type of data export rule to create. Valid values are: “Dataexport”
intg_guid_list (list of str) – The guids of the alert channels for the rule to use
filters (dict) –
A dict containing the fields needed to define the rule. fields are:
name (str): The name of the alert
enabled (bool|int): Whether the export rule is enabled
description (str, optional): The description of the export rule
profileVersions (list of str, optional): A list of profile versions
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The created data export rule
- Return type:
dict
- get(guid=None)[source]
A method to get data export rules. Using no args will get all rules.
- Parameters:
guid (str, optional) – The guid of the rule to get.
- Returns:
The requested data export rule(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get an DataExportRules object by GUID.
- Parameters:
guid (str) – The guid of the rule to get.
- Returns:
The requested data export rule
- Return type:
dict
- update(guid, filters=None, intg_guid_list=None, **request_params)[source]
A method to update an existing DataExportRules object.
- Parameters:
guid (str) – The guid of the export rule to update
intg_guid_list (list of str) – The guids of the alert channels for the rule to use
filters (dict) –
A dict containing the fields needed to define the rule. fields are:
name (str, optional): The name of the alert
enabled (bool|int, optional): Whether the export rule is enabled
description (str, optional): The description of the export rule
profileVersions (list of str, optional): A list of profile versions
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated data export rule
- Return type:
dict
- delete(guid)[source]
A method to delete a data export rule.
- Parameters:
guid (str) – The GUID of the data export rule to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.EntitiesAPI(session)[source]
A class used to represent the Entities API endpoint
The Entities API endpoint is simply a parent for different types of entities that can be queried.
Attributes:
- applications:
A ApplicationsAPI instance.
- command_lines:
A CommandLinesAPI instance.
- containers:
A ContainersAPI instance.
- files:
A FilesAPI instance.
- images:
A ImagesAPI instance.
- internal_ip_addresses:
A InternalIPAddressesAPI instance.
- k8s_pods:
A K8sPodsAPI instance.
- machines:
A MachinesAPI instance.
- machine_details:
A MachineDetailsAPI instance.
- network_interfaces:
A NetworkInterfacesAPI instance.
- new_file_hashes:
A NewFileHashesAPI instance.
- packages:
A PackagesAPI instance.
- processes:
A ProcessesAPI instance.
- users:
A UsersAPI instance.
- class ApplicationsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Applications API endpoint.
Methods:
- search(json=None)
A method to search Applications objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class CommandLinesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Command Lines API endpoint.
Methods:
- search(json=None)
A method to search CommandLines objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class ContainersAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Containers API endpoint.
Methods:
- search(json=None)
A method to search Containers objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class FilesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Files API endpoint.
Methods:
- search(json=None)
A method to search Files objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class ImagesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Images API endpoint.
Methods:
- search(json=None)
A method to search Images objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class InternalIPAddressesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Internal IP Addresses API endpoint.
Methods:
- search(json=None)
A method to search InternalIPAddresses objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class K8sPodsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the K8s Pods API endpoint.
Methods:
- search(json=None)
A method to search K8sPods objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class MachinesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Machines API endpoint.
Methods:
- search(json=None)
A method to search Machines objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class MachineDetailsAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Machine Details API endpoint.
Methods:
- search(json=None)
A method to search MachineDetails objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class NetworkInterfacesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Network Interfaces API endpoint.
Methods:
- search(json=None)
A method to search NetworkInterfaces objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class NewFileHashesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the New File Hashes API endpoint.
Methods:
- search(json=None)
A method to search NewFileHashes objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class PackagesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Packages API endpoint.
Methods:
- search(json=None)
A method to search Packages objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class ProcessesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Processes API endpoint.
Methods:
- search(json=None)
A method to search Processes objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class UsersAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Users API endpoint.
Methods:
- search(json=None)
A method to search Users objects.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.EventsAPI(session)[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Events API endpoint
View and verify the evidence or observation details of individual events.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.InventoryAPI(session)[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Inventory API endpoint
View and monitor in-use cloud resources’ risk, compliance, and configuration changes.
- property session
Get the
HttpSession
instance the object is using.
- scan(csp)[source]
A method to trigger a resource inventory scan.
- Parameters:
csp (string) – The cloud service provider to run the scan on. Valid values are: “AWS” “Azure” “GCP”
- Returns:
Status of scan
- Return type:
dict
- status(csp)[source]
A method to get the status of a Resource Inventory scan.
- Parameters:
csp (string) – The cloud service provider to run the scan on. Valid values are: “AWS” “Azure” “GCP”
- Returns:
Status of scan
- Return type:
dict
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class laceworksdk.api.OrganizationInfoAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Organization Info API endpoint
Return information about whether the Lacework account is an organization account and, if it is, what the organization account URL is.
- property session
Get the
HttpSession
instance the object is using.
- class laceworksdk.api.PoliciesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Policies API endpoint
Policies are a mechanism used to add annotated metadata to queries for improving the context of alerts, reports, and information displayed in the Lacework Console. You can fully customize policies.
- property session
Get the
HttpSession
instance the object is using.
- create(policy_type, query_id, enabled, title, description, remediation, severity, alert_enabled, alert_profile, limit=1000, eval_frequency=None, tags=[], **request_params)[source]
A method to create a new Policies object.
- Parameters:
policy_type (str, optional) – The policy type. Valid values are: “Violation”
query_id (str) – The policy query ID.
enabled (bool) – Whether the policy is enabled.
title (str) – The policy title.
description (str) – The policy description.
remediation (str) – The remediation strategy for the object.
severity (str) – A string representing the object severity. Valid values are : “info”, “low”, “medium”, “high”, “critical”
alert_enabled (bool) – A boolean representing whether alerting is enabled.
alert_profile (str, optional) – A string representing the alert profile.
limit (int, optional) – An integer representing the number of results to return. (Default value = 1000)
tags (list of str) – A list of policy tags
eval_frequency (str, optional, deprecated) – A string representing the frequency in which to evaluate the object. Valid values are: “Hourly”, “Daily”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created policy.
- Return type:
dict
- get(policy_id=None)[source]
A method to get Policies objects. Using no args will get all policies.
- Parameters:
policy_id (str, optional) – A string representing the object policy ID.
- Returns:
The requested policies
- Return type:
dict
- get_by_id(policy_id)[source]
A method to get a Policies object by policy ID.
- Parameters:
policy_id (str) – A string representing the object policy ID.
- Returns:
The requested policy
- Return type:
dict
- update(policy_id, policy_type=None, query_id=None, enabled=None, title=None, description=None, remediation=None, severity=None, alert_enabled=None, alert_profile=None, limit=None, tags=[], eval_frequency=None, **request_params)[source]
A method to update a Lacework Query Language (LQL) policy.
- Parameters:
policy_id (str) – A string representing the object policy ID.
policy_type (str, optional) – The policy type. Valid values are: “Violation”
query_id (str, optional) – The policy query ID.
enabled (bool, optional) – Whether the policy is enabled.
title (str, optional) – The policy title.
description (str, optional) – The policy description.
remediation (str, optional) – The remediation strategy for the object.
severity (str, optional) – A string representing the object severity. Valid values are : “info”, “low”, “medium”, “high”, “critical”
alert_enabled (bool, optional) – A boolean representing whether alerting is enabled.
alert_profile (str, optional) – A string representing the alert profile.
limit (int, optional) – An integer representing the number of results to return. (Default value = 1000)
tags (list of str, optional) – A list of policy tags
eval_frequency (str, optional, deprecated) – A string representing the frequency in which to evaluate the object. Valid values are: “Hourly”, “Daily”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created policy.
- Return type:
dict
- bulk_update(json)[source]
A method to update Policy objects in bulk.
- Parameters:
json (list of dicts) – A list of dictionaries containing policy configuration. - policyId (str): The ID of the policy. - enabled (bool): The status of the policy. - severity (str): The severity of the policy. Valid values: “info”, “low”, “medium”, “high”, “critical”
- Returns:
The updated policies.
- Return type:
dict
- delete(policy_id)[source]
A method to delete a policy.
- Parameters:
policy_id (str) – A string representing the policy ID.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.PolicyExceptionsAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Policies Exceptions API endpoint
Policy exceptions are a mechanism used to maintain the policies but allow you to circumvent one or more restrictions.
- property session
Get the
HttpSession
instance the object is using.
- create(policy_id, description, constraints, **request_params)[source]
A method to create a new Exceptions object.
- Parameters:
policy_id (str) – The object policy ID.
description (str, optional) – The object description.
constraints (list of dicts) – The object constraints. Dict fields are: - field_key (str): A string representing the constraint key. Values are: ‘accountIds’, ‘resourceNames’, ‘regionNames’ and ‘resourceTags’ - field_values (list of str): Constraint values
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The created policy exception
- Return type:
dict
- get(exception_id=None, policy_id=None)[source]
A method to get Exceptions objects.
- Parameters:
exception_id (str, optional) – A string representing the exception ID. (Default value = None)
policy_id – The ID of the policy for which to get the exceptions.
- Returns:
The requested exception(s)
- Return type:
dict
- get_by_id(exception_id, policy_id)[source]
A method to get a Exceptions object by policy ID.
- Parameters:
exception_id (str) – A string representing the exception ID. (Default value = None)
policy_id – The ID of the policy for which to get the exceptions.
- Returns:
The requested exception(s)
- Return type:
dict
- update(exception_id, policy_id, description=None, constraints=None, **request_params)[source]
A method to create a new Exceptions object.
- Parameters:
exception_id (str) – The exception ID to update.
policy_id (str) – The object policy ID.
description (str, optional) – The object description.
constraints (list of dicts, optional) – The object constraints. Dict fields are: - field_key (str): A string representing the constraint key. Values are: ‘accountIds’, ‘resourceNames’, ‘regionNames’ and ‘resourceTags’ - field_values (list of str): Constraint values
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated policy exception
- Return type:
dict
- delete(exception_id, policy_id)[source]
A method to delete a policy xception
- Parameters:
exception_id (str) – The exception ID.
policy_id (str) – The policy ID.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.QueriesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Queries API endpoint
Queries are the mechanism used to interactively request information from a specific curated datasource. Queries have a defined structure for authoring detections.
- property session
Get the
HttpSession
instance the object is using.
- create(query_id, query_text, evaluator_id=None, **request_params)[source]
A method to create a new Queries object.
- Parameters:
query_id (str) – Name of the new query.
query_text (str) – The object query text.
evaluator_id (str, optional) – A string representing the evaluator in which the query is to be run.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created query
- Return type:
dict
- get(query_id=None)[source]
A method to get registered queries. Using no args will get all registered queries.
- Parameters:
query_id (str, optional) – The query ID to get.
- Returns:
The requested querie(s)
- Return type:
dict
- get_by_id(query_id)[source]
A method to get a Queries object by query ID.
- Parameters:
query_id (str) – The query ID to get.
- Returns:
The requested querie(s)
- Return type:
dict
- execute(evaluator_id=None, query_id=None, query_text=None, arguments={})[source]
A method to execute a Queries object.
- Parameters:
evaluator_id (str, optional) – The evaluator in which the query object is to be run.
query_id (str, optional) – The query ID.
query_text (str) – The query text.
str (arguments (dict of) – str): A dictionary of key/value pairs to be used as arguments in the query object.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The query results
- Return type:
dict
- execute_by_id(query_id, arguments={})[source]
A method to execute a Queries object by query ID.
- Parameters:
query_id (str) – The query ID to execute
str (arguments (dict of) – str): A dictionary of key/value pairs to be used as arguments in the query object.
- Returns:
The query results
- Return type:
dict
- validate(query_text, evaluator_id=None, **request_params)[source]
A method to validate a Queries object.
- Parameters:
query_text (str) – The query text to validate
evaluator_id (str, optional) – The evaluator in which the query is to be run.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
Validation Results
- Return type:
dict
- update(query_id, query_text, **request_params)[source]
A method to update a Queries object.
- Parameters:
query_id (str) – Name of the new query.
query_text (str, optional) – The object query text.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated created query
- Return type:
dict
- delete(query_id)[source]
A method to delete a query.
- Parameters:
query_id (str) – The ID of the query to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.ReportDefinitionsAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Report Definition API endpoint
A report definition contains data retrieval and layout information for a report. Lacework provides endpoints to create a report definition, to list all definitions, and to update or delete a definition.
- property session
Get the
HttpSession
instance the object is using.
- create(report_name, report_type, sub_report_type, report_definition, **request_params)[source]
A method to create a new report definition.
- Parameters:
report_name (str) – The name of the report definition.
report_type (str) – Type of the report definition. Valid values: “COMPLIANCE”
sub_report_type (str) – The sub-type of the report definition. Valid values: “AWS”, “GCP”, “Azure”
report_definition (dict) –
A dictionary representing the report definition. Fields are:
sections (list of dicts): A list of dictionaries representing the sections of the report definition. Fields are:
category (str): The section’s category.
title (str): The section’s title.
policies (list of str): A list strings representing the section’s policies.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The created report definition
- Return type:
dict
- get(id=None)[source]
A method to get report definitions. Using no args will get all report definitions.
- Parameters:
id (str, optional) – The report definition ID to get.
- Returns:
The requested report definition(s)
- Return type:
dict
- get_by_id(id)[source]
A method to get a report definition by ID.
- Parameters:
id (str) – The report definition ID to get.
- Returns:
The requested report definition
- Return type:
dict
- search()[source]
A method to ‘pass’ when attempting to search ReportDefinitions objects.
Search functionality is not yet implemented for Alert Profiles.
- update(id, report_name, report_definition, **request_params)[source]
A method to update a report definition.
- Parameters:
id – A string representing the object ID.
report_name (str) – The name of the report definition.
report_definition (dict) –
A dictionary representing the report definition. Fields are:
sections (list of dicts): A list of dictionaries representing the sections of the report definition. Fields are:
category (str): The section’s category.
title (str): The section’s title.
policies (list of str): A list strings representing the section’s policies.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated report definition
- Return type:
dict
- class laceworksdk.api.ReportRulesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Report Rules API endpoint
Lacework combines alert channels and report rules to provide a flexible method for routing reports. For report rules, you define information about which reports to send. For alert channels, you define where to send reports such as to Jira, Slack, or email.
- property session
Get the
HttpSession
instance the object is using.
- create(type, filters, intg_guid_list, report_notification_types, **request_params)[source]
A method to create a new report rule.
- Parameters:
type (str) – The type of report rule. Valid values: ‘Report’
intg_guid_list (list of str) – A list of integration GUIDs representing the report channels to use.
filters (dict) –
A dictionary containing the definition of the new rule. Fields are:
name (str): The report rule name
description (str, optional): The report rule description
enabled (bool|int): Whether the report rule is enabled
resourceGroups (list of str): A list of resource groups to apply the rule to
severity (list of ints): A list severities to apply the rule to. Valid values: 1=Critical 2=High 3=Medium 4=Low 5=Info
report_notification_types (dict) –
A dict of booleans for the report types that you want the rule to apply to. Fields are:
”agentEvents”, “awsCis14”, “awsCisS3”, “awsCloudtrailEvents”, “awsComplianceEvents”, “awsCis14IsoIec270022022”, “awsCyberEssentials22”, “awsCsaCcm405”, “azureActivityLogEvents”, “azureCis”, “azureCis131”, “azureComplianceEvents”, “azurePci”, “azurePciRev2”, “azureSoc”, “azureSocRev2”, “azureIso27001”, “azureHipaa”, “azureNistCsf”, “azureNist80053Rev5”, “azureNist800171Rev2”, “gcpAuditTrailEvents”, “gcpCis”, “gcpComplianceEvents”, “gcpHipaa”, “gcpHipaaRev2”, “gcpIso27001”, “gcpCis12”, “gcpCis13”, “gcpK8s”, “gcpPci”, “gcpPciRev2”, “gcpSoc”, “gcpSocRev2”, “gcpNistCsf”, “gcpNist80053Rev4”, “gcpNist800171Rev2”, “hipaa”, “iso2700”, “k8sAuditLogEvents”, “nist800”-“53Rev4”, “nist800”-“171Rev2”, “openShiftCompliance”, “openShiftComplianceEvents”, “pci”, “platformEvents”, “soc”, “awsSocRev2”, “trendReport”, “awsPciDss321”, “awsNist80053Rev5”, “awsSoc2”, “awsNist800171Rev2”, “awsNistCsf”, “awsCmmc102”, “awsHipaa”, “awsIso270012013”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The created report rule
- Return type:
dict
- get(guid=None)[source]
A method to get ReportRules objects. Using no args will get all report rules.
- Parameters:
guid (str, optional) – The GUID of the report rule to get
- Returns:
The requested report rule(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get a report rule by GUID.
- Parameters:
guid (str) – The GUID of the report rule to get
- Returns:
The requested report rule(s)
- Return type:
dict
- update(guid, filters=None, intg_guid_list=None, report_notification_types=None, **request_params)[source]
A method to update a ReportRules object.
- Parameters:
guid (str) – The GUID of the report rule to update
intg_guid_list (list of str, optional) – A list of integration GUIDs representing the report channels to use
filters (dict, optional) –
A dictionary containing the definition of the new rule. Fields are:
name (str): The report rule name
description (str, optional): The report rule description
enabled (bool|int, optional): Whether the report rule is enabled
resourceGroups (list of str, optional): A list of resource groups to apply the rule to
severity (list of ints, optional): A list severities to apply the rule to. Valid values: 1=Critical 2=High 3=Medium 4=Low 5=Info
report_notification_types (dict) –
A dict of booleans for the report types that you want the rule to apply to. Fields are:
”agentEvents”, “awsCis14”, “awsCisS3”, “awsCloudtrailEvents”, “awsComplianceEvents”, “awsCis14IsoIec270022022”, “awsCyberEssentials22”, “awsCsaCcm405”, “azureActivityLogEvents”, “azureCis”, “azureCis131”, “azureComplianceEvents”, “azurePci”, “azurePciRev2”, “azureSoc”, “azureSocRev2”, “azureIso27001”, “azureHipaa”, “azureNistCsf”, “azureNist80053Rev5”, “azureNist800171Rev2”, “gcpAuditTrailEvents”, “gcpCis”, “gcpComplianceEvents”, “gcpHipaa”, “gcpHipaaRev2”, “gcpIso27001”, “gcpCis12”, “gcpCis13”, “gcpK8s”, “gcpPci”, “gcpPciRev2”, “gcpSoc”, “gcpSocRev2”, “gcpNistCsf”, “gcpNist80053Rev4”, “gcpNist800171Rev2”, “hipaa”, “iso2700”, “k8sAuditLogEvents”, “nist800”-“53Rev4”, “nist800”-“171Rev2”, “openShiftCompliance”, “openShiftComplianceEvents”, “pci”, “platformEvents”, “soc”, “awsSocRev2”, “trendReport”, “awsPciDss321”, “awsNist80053Rev5”, “awsSoc2”, “awsNist800171Rev2”, “awsNistCsf”, “awsCmmc102”, “awsHipaa”, “awsIso270012013”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The created report rule
- Return type:
dict
- delete(guid)[source]
A method to delete a report rule.
- Parameters:
guid (str) – The GUID of the report rule to delete.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.ReportsAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Reports API endpoint
Lacework combines details about non-compliant resources that are in violation into reports. You must configure at least one cloud integration with AWS, Azure, or GCP to receive these reports.
- property session
Get the
HttpSession
instance the object is using.
- get(primary_query_id=None, secondary_query_id=None, format=None, report_type=None, **request_params)[source]
A method to get Reports objects.
- Parameters:
primary_query_id (str) – The primary ID that is used to fetch the report. (AWS Account ID or Azure Tenant ID)
secondary_query_id (str) – The secondary ID that is used to fetch the report. (GCP Project ID or Azure Subscription ID)
format (str, optional) – The format of the report. Valid values: “csv”, “html”, “json”, “pdf”
report_type (str) – The type of the report. See available reports for a list of report types. Valid values are in the “API Format” column.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The details of the report
- Return type:
dict
- class laceworksdk.api.ResourceGroupsAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Resource Groups API endpoint
Resource groups provide a way to categorize Lacework-identifiable assets.
- property session
Get the
HttpSession
instance the object is using.
- create(resource_name, resource_type, enabled, props, **request_params)[source]
A method to create a new ResourceGroups object.
- Parameters:
resource_name (str) – The resource group name.
resource_type (str) –
The resource group type. See the API docs for a list of types.
enabled (bool|int) – Whether the object is enabled.
props (dict) –
The new resource group’s properties. The format varies based on the value of the type arg. See the API docs for valid fields.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created resource group
- Return type:
dict
- get(guid=None)[source]
A method to get resource groups. Using no args will get all resource groups.
- Parameters:
guid (str, optional) – The GUID of the resource group to get.
- Returns:
The requested resource group(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get resource groups by GUID.
- Parameters:
guid (str) – The GUID of the resource group to get.
- Returns:
The requested resource group(s)
- Return type:
dict
- update(guid, resource_name=None, resource_type=None, enabled=None, props=None, **request_params)[source]
A method to update an ResourceGroups object.
- Parameters:
guid (str) – A string representing the object GUID.
resource_name (str, optional) – The resource group name.
resource_type (str, optional) –
The resource group type. See the API docs for a list of types.
enabled (bool|int, optional) – Whether the object is enabled.
props (dict, optional) –
The new resource group’s properties. The format varies based on the value of the type arg. See the API docs for valid fields.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created resource group
- Return type:
dict
- delete(guid)[source]
A method to delete a resource groups.
- Parameters:
guid (str) – The GUID of the resource group to delete.
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.SchemasAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Schemas API endpoint
Get details about the available Lacework schemas.
- property session
Get the
HttpSession
instance the object is using.
- get(type=None, subtype=None)[source]
A method to get schema objects. Using no args will get all schemas.
- Parameters:
type (str, optional) – The schema type to retrieve. Valid values are any API resource listed in the Lacework API documentation .Examples include “AlertChannels”, “CloudAccounts”, “AgentAccessTokens”, etc..
subtype (str, optional) –
The subtype to retrieve. Subtypes are only available for API resources that have “type” like fields. For instance the “AlertChannels” resource has subtypes such as “AwsS3”, “SlackChannel”, etc. See the Lacework API documentation for more info.
- Returns:
The requested schema
- Return type:
dict
- get_by_subtype(type, subtype)[source]
A method to fetch a specific subtype schema.
- Parameters:
type (str) –
The schema type to retrieve. Valid values are any API resource listed in the Lacework API documentation .Examples include “AlertChannels”, “CloudAccounts”, “AgentAccessTokens”, etc..
subtype (str) –
The subtype to retrieve. Subtypes are only available for API resources that have “type” like fields. For instance the “AlertChannels” resource has subtypes such as “AwsS3”, “SlackChannel”, etc. See the Lacework API documentation for more info.
- Returns:
The requested schema
- Return type:
dict
- class laceworksdk.api.TeamMembersAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Team Members API endpoint
DEPRECATED. Please use the TeamUsersAPI class instead.
Team members can be granted access to multiple Lacework accounts and have different roles for each account. Team members can also be granted organization-level roles.
Note: The TeamMembers API is deprecated and is unavailable if you have migrated to the new RBAC model in your Lacework Console.
- property session
Get the
HttpSession
instance the object is using.
- create(user_name, user_enabled, props, org_admin=None, org_user=None, admin_role_accounts=None, user_role_accounts=None, **request_params)[source]
A method to create a new team member.
- Parameters:
user_name (str) – The email address of the user.
user_enabled (bool|int) – Whether the object is enabled.
props (dict) – The user configuration. Fields are: - firstName (str): The first name of the team member. - lastName (str): The last name of the team member. - company (str): The company of the team member. - accountAdmin (bool, optional): A boolean representing if the team member is an account admin.
org_admin (bool, optional) – Is the user an organization admin. (Organization-level Access Required)
org_user (bool, optional) – Is the user is an organization user. (Organization-level Access Required)
admin_role_accounts (list of str) – A list accounts where the user is an admin. (Organization-level Access Required)
user_role_accounts (list of str) – A list of where the team member is a user. (Organization-level Access Required)
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created team member.
- Return type:
dict
- get(guid=None)[source]
A method to get team members. Using no args will get all team members.
- Parameters:
guid (str, optional) – The GUID of the team member to get.
- Returns:
The requested team member
- Return type:
dict
- get_by_guid(guid)[source]
A method to get a team member by GUID.
- Parameters:
guid (str) – The GUID of the team member to get.
- Returns:
The requested team member
- Return type:
dict
- update(guid, user_name=None, user_enabled=None, props=None, org_admin=None, org_user=None, admin_role_accounts=None, user_role_accounts=None, **request_params)[source]
A method to update a TeamMembers object.
- Parameters:
guid – A string representing the object GUID.
user_name (str) – The email address of the user.
user_enabled (bool|int) – Whether the object is enabled.
props (dict) – The user configuration. Fields are: - firstName (str): The first name of the team member. - lastName (str): The last name of the team member. - company (str): The company of the team member. - accountAdmin (bool, optional): A boolean representing if the team member is an account admin.
org_admin (bool, optional) – Is the user an organization admin. (Organization-level Access Required)
org_user (bool, optional) – Is the user is an organization user. (Organization-level Access Required)
admin_role_accounts (list of str) – A list accounts where the user is an admin. (Organization-level Access Required)
user_role_accounts (list of str) – A list of where the team member is a user. (Organization-level Access Required)
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated team member.
- Return type:
dict
- delete(guid)[source]
A method to delete a team member.
- Parameters:
guid (str) – The GUID of the team member to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.TeamUsersAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Team Users API endpoint .
The Team Users API works with the new Lacework role-based access control (RBAC) model. After you enable RBAC in the Lacework Console, the Team Users API is available and the legacy Team Members API (deprecated) is disabled.
- property session
Get the
HttpSession
instance the object is using.
- get(guid=None)[source]
(Experimental API) A method to get team users. Using no args will get all team users.
- Parameters:
guid (str, optional) – The GUID of the team user to get.
- Returns:
The requested team user(s)
- Return type:
dict
- get_by_guid(guid)[source]
(Experimental API) A method to get a TeamUsers object by GUID.
- Parameters:
guid (str) – The GUID of the team user to get.
- Returns:
The requested team user(s)
- Return type:
dict
- create(name, email=None, company=None, description=None, user_enabled=True, type='StandardUser', **request_params)[source]
A method to create a new team users standard user object.
- Parameters:
name (str) – The friendly name of the user.
email (str) – The email address of the user (valid only for type=StandardUser).
company (str) – The company of the user (valid only for type=StandardUser).
description (str) – A description text for describing service accounts (valid only for ServiceUser)
user_enabled (bool|int, optional) – Whether the new team user is enabled.
type (str, optional) – The type of the user to create. Valid values: “StandardUser”, “ServiceUser” (Default value = “StandardUser”)
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created team user
- Return type:
dict
- update(guid, name=None, user_enabled=None, description=None, **request_params)[source]
(Experimental API) A method to update a TeamUsers object.
- Parameters:
guid (str) – The GUID of the team user to update
name (str) – The friendly name of the user.
user_enabled (bool|int, optional) – Whether the new team user is enabled.
description (str) – A description text for describing service accounts (valid only for ServiceUser).
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created team user
- Return type:
dict
- delete(guid)[source]
A method to delete a team user.
- Parameters:
guid (str) – The GUID of the team user to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.UserGroupsAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the User Groups API endpoint .
A user group associates Lacework service and standard users with specific permissions in Lacework.
- property session
Get the
HttpSession
instance the object is using.
- class laceworksdk.api.UserProfileAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the User Profile API endpoint .
An organization can contain multiple accounts so you can also manage components such as alerts, resource groups, team members, and audit logs at a more granular level inside an organization.
- property session
Get the
HttpSession
instance the object is using.
- get(account_name=None)[source]
A method to get Lacework sub-accounts that are managed by your organization account. Using no args will get all sub-accounts.
- Parameters:
account_name (str, optional) – Specify which sub-account to list.
- Returns:
Details of the requested sub-account(s)
- Return type:
dict
- class laceworksdk.api.VulnerabilitiesAPI(session)[source]
A class used to represent the Vulnerabilities API endpoint .
The Vulnerabilities API endpoint is a parent for different types of vulnerabilities that can be queried. Due to namespace overlap with the v1 API, this class is a subclass of VulnerabilityAPI to expose those methods and provide backwards compatibility.
Attributes:
- containers:
A ContainerVulnerabilitiesAPI instance.
- hosts:
A HostVulnerabilitiesAPI instance.
- packages:
A SoftwarePackagesAPI instance.
- class ContainerVulnerabilitiesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Container Vulnerabilities API endpoint.
- property session
Get the
HttpSession
instance the object is using.
- scan(registry, repository, tag, **request_params)[source]
A method to issue Container Vulnerability scans.
- Parameters:
registry (str) – The container registry to use.
repository (str) – The container repository to use.
tag (str) – The container tag to use.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The status of the requested scan
- Return type:
dict
- status(request_id)[source]
A method to get the status of a Container Vulnerability scan.
- Parameters:
request_id (str) – The request ID of the container scan
- Returns:
The status of the requested scan
- Return type:
dict
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class ImageSummaryVulnerabilitiesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the ImageSummary Vulnerabilities API endpoint.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class HostVulnerabilitiesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Host Vulnerabilities API endpoint.
- property session
Get the
HttpSession
instance the object is using.
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.
- class SoftwarePackagesAPI(session, object_type, endpoint_root='/api/v2')[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Software Packages API endpoint.
- property session
Get the
HttpSession
instance the object is using.
- scan(os_pkg_info_list, **request_params)[source]
A method to initiate a software package vulnerability scan.
- Parameters:
os_pkg_info_list (list of dict) –
A list of packages to be scanned given the OS, OS version, package, and package version. Fields are:
os (str): The name of the operating system.
osVer (str): The version of the operating system.
pkg (str): The name of the software package.
pkgVer (str): The verion of the software package.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The resulting vulnerability data
- Return type:
dict
- class laceworksdk.api.VulnerabilityExceptionsAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Vulnerabilities Exceptions API endpoint .
Lacework provides the ability to create exceptions for certain vulnerable resources and criteria. For example, a certain CVE for a certain package or all packages can be excepted until a set expiry time.
- property session
Get the
HttpSession
instance the object is using.
- create(exception_name, exception_reason, exception_type, props, vulnerability_criteria, resource_scope=None, expiry_time=None, state=True, **request_params)[source]
A method to create a new vulnerability exception.
- Parameters:
exception_name (str) – The name of the exception.
exception_reason (str) – The exception reason. Valid values: “False Positive”, “Accepted Risk”, “Compensating Controls”, “Fix Pending”, “Other”
exception_type (str) – The exception type. Valid values: “Container”, “Host”
props (dict of str) – The properties of the exception. Fields are: - description (str): The exception description - createdBy (str): The creator of the exception - updatedBy (str): The updator of the exception.
vulnerability_criteria (dic) –
The criteria for excepted vulnerabilities. Fields are:
cve (list of str): The vulnerability (CVE) ID(s) that you want to constrain the exception to
package (list of dict): The package name(s) (for example, an operating system or language package). This can include a version number
severity (list of str): The severity levels of the vulnerability to constrain the exception to. Valid values: “Info”, “Low”, “Medium”, “High”, “Critical”
fixable (list of int): The fixability status (0 or 1)
resource_scope (dict) –
The scope of resources for which to apply the exception. Fields for this dict change depending on the “exception type” field. See the API docs for field info.
expiry_time (str) – The expiration time for the exception.
state (bool|int) – Whether the exception is enabled.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created vulnerability exception
- Return type:
dict
- get(guid=None)[source]
A method to get vulnerability exceptions. Using no args will get all vulnerability exceptions.
- Parameters:
guid (str, optional) – The GUID of the vulnerability exception to get.
- Returns:
The requested vulnerability exception(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get vulnerability exceptions by GUID.
- Parameters:
guid (str) – The GUID of the vulnerability exception to get.
- Returns:
The requested vulnerability exception(s)
- Return type:
dict
- update(guid, exception_name=None, exception_reason=None, props=None, vulnerability_criteria=None, resource_scope=None, expiry_time=None, state=None, **request_params)[source]
A method to update a VulnerabilityExceptions object.
- Parameters:
guid – A string representing the object GUID.
exception_name (str, optional) – The name of the exception.
exception_reason (str, optional) – The exception reason. Valid values: “False Positive”, “Accepted Risk”, “Compensating Controls”, “Fix Pending”, “Other”
props (dict of str) – The properties of the exception. Fields are: - description (str, optional): The exception description - createdBy (str, optional): The creator of the exception - updatedBy (str, optional): The updator of the exception.
vulnerability_criteria (dic) –
The criteria for excepted vulnerabilities. Fields are:
cve (list of str): The vulnerability (CVE) ID(s) that you want to constrain the exception to
package (list of dict): The package name(s) (for example, an operating system or language package). This can include a version number
severity (list of str): The severity levels of the vulnerability to constrain the exception to. Valid values: “Info”, “Low”, “Medium”, “High”, “Critical”
fixable (list of int): The fixability status (0 or 1)
resource_scope (dict, optional) –
The scope of resources for which to apply the exception. Fields for this dict change depending on the “exception type” field. See the API docs for field info.
expiry_time (str, optional) – The expiration time for the exception.
state (bool|int, optional) – Whether the exception is enabled.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The updated vulnerability exception
- Return type:
dict
- delete(guid)[source]
A method to delete a vulnerability exception.
- Parameters:
guid (str) – The GUID of the vulnerability exception to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.VulnerabilityPoliciesAPI(session)[source]
Bases:
laceworksdk.api.crud_endpoint.CrudEndpoint
A class used to represent the Vulnerabilities Policies API endpoint .
Lacework provides the ability to create container vulnerability policies to assess your container images at build and/or runtime based on your own unique requirements. For example, a policy can be created for any critical vulnerability with a fix available or a policy to target a specific CVE.
- property session
Get the
HttpSession
instance the object is using.
- create(policy_type, policy_name, severity, state, filter, props, policy_eval_type=None, fail_on_violation=False, alert_on_violation=False, **request_params)[source]
A method to create a new vulnerability policy.
- Parameters:
policy_type (str) – The type of the policy. See API documentation for valid values
policy_name (str) – The name of the policy.
severity (str) – The severity of the policy. Valid values: “Info”, “Low”, “Medium”, “High”, “Critical”
state (bool|int) – A boolean representing the state of the policy.
filter (dict) –
The filter data for the policy type specified in the “policyType” field. See API documentation for fields.
props (dict) –
The vulnerability policy’s properties. Fields are:
description (str): The property description.
createdBy (str): The creator of the property.
updatedBy (str): The updater of the property.
policy_eval_type (str, optional) – The policy evaluation type. Valid values: “local”
fail_on_violation (bool|int, optional) – Whether the policy should fail on violations. (Default = False)
alert_on_violation – (bool|int, optional): Whether the policy should alert on violations. (Default = False)
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The newly created vulnerability policy
- Return type:
dict
- get(guid=None)[source]
A method to get vulnerability policies. Using no args will get all vulnerability policies.
- Parameters:
guid (str, optional) – The GUID of the vulnerability policy to get
- Returns:
The requested vulnerability policie(s)
- Return type:
dict
- get_by_guid(guid)[source]
A method to get a vulnerability policy by GUID.
- Parameters:
guid (str) – The GUID of the vulnerability policy to get
- Returns:
The requested vulnerability policie(s)
- Return type:
dict
- update(guid, policy_type=None, policy_name=None, severity=None, state=None, filter=None, props=None, policy_eval_type=None, fail_on_violation=None, alert_on_violation=None, **request_params)[source]
A method to update a VulnerabilityPolicies object.
- Parameters:
guid (str) – The GUID of the policy to update
policy_type (str, optional) –
The type of the policy. See API documentation for valid values
policy_name (str, optional) – The name of the policy.
severity (str, optional) – The severity of the policy. Valid values: “Info”, “Low”, “Medium”, “High”, “Critical”
state (bool|int, optional) – A boolean representing the state of the policy.
filter (dict, optional) –
The filter data for the policy type specified in the “policyType” field. See API documentation for fields.
props (dict) –
The vulnerability policy’s properties. Fields are:
description (str): The property description.
createdBy (str): The creator of the property.
updatedBy (str): The updater of the property.
policy_eval_type (str, optional) – The policy evaluation type. Valid values: “local”
fail_on_violation (bool|int, optional) – Whether the policy should fail on violations. (Default = False)
alert_on_violation – (bool|int, optional): Whether the policy should alert on violations. (Default = False)
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
updated vulnerability policy
- Return type:
dict
- delete(guid)[source]
A method to delete a vulnerability policy.
- Parameters:
guid (str) – The GUID of the vulnerability policy to delete
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
- Returns:
returns a dict containing the search results
- Return type:
dict
- class laceworksdk.api.LaceworkClient(account=None, subaccount=None, api_key=None, api_secret=None, api_token=None, instance=None, base_domain=None, profile=None)[source]
Lacework API wrapper for Python.
- property subaccount
Returns the value of the session’s subaccount.