laceworksdk.api.v2.alert_channels

Lacework AlertChannels API wrapper.

Module Contents

Classes

AlertChannelsAPI

A class used to represent the Alert Channels API endpoint
class laceworksdk.api.v2.alert_channels.AlertChannelsAPI(session)[source]

Bases: laceworksdk.api.crud_endpoint.CrudEndpoint

A class used to represent the Alert Channels API endpoint

Lacework combines alert channels with alert rules or report rules to provide a flexible method for routing alerts and reports.

property session

Get the HttpSession instance the object is using.

create(name, type, enabled, data, **request_params)[source]

A method to create a new AlertChannels object.

Parameters:

  • name (str) – The name of the alert channel you wish to create.

  • type (str) – The type of alert channel you wish to create. See the API docs for valid values.

  • enabled (bool|int) – A boolean/integer representing whether the object is enabled. (0 or 1)

  • data (dict) –

    A dict matching the schema for the specified type. See the API docs for valid values.

  • request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

The new alert channel

Return type:

dict

get(guid=None, type=None)[source]

A method to get all Alert Channels, optionally filtered by guid and/or type.

Parameters:

  • guid (str, optional) – The alert channel GUID.

  • type (str, optional) – A string representing the alert channel type.

Returns:

The channel(s) requested.

Return type:

dict

get_by_guid(guid)[source]

A method to get AlertChannels objects by GUID.

Parameters:

guid (str) – The alert channel GUID.

Returns:

The channel(s) requested.

Return type:

dict

get_by_type(type)[source]

A method to get AlertChannels objects by type.

Parameters:

type (str) – The alert channel type to return

Returns:

The channel(s) requested.

Return type:

dict

update(guid, name=None, type=None, enabled=None, data=None, **request_params)[source]

A method to update an AlertChannels object.

Parameters:

  • guid (str) – The guild of the alert channel to update.

  • name (str) – The name of the alert channel you wish to update.

  • type (str) –

    The type of alert channel you wish to update. See the API docs for valid values.

  • enabled (bool|int) – A boolean/integer representing whether the object is enabled. (0 or 1)

  • data (dict) –

    A dict matching the schema for the specified type. See the API docs for valid values.

  • request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

The updated alert channel info.

Return type:

dict

delete(guid)[source]

A method to delete an AlertChannels object.

Parameters:

guid (str) – A string representing the object GUID.

Returns:

a Requests response object containing the response code

Return type:

requests.models.Response

test(guid)[source]

A method to test an AlertChannels object.

Parameters:

guid (str) – A string representing the object GUID.

Returns:

a Requests response object containing the response code

Return type:

requests.models.Response

search(json=None)

A method to search objects.

See the API documentation for this API endpoint for valid fields to search against.

NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.

Parameters:

json (dict) –

The desired search parameters:

  • timeFilter (dict, optional): A dict containing the time frame for the search:

    • startTime (str): The start time for the search

    • endTime (str): The end time for the search

  • filters (list of dict, optional): Filters based on field contents:

    • field (str): The name of the data field to which the condition applies

    • expression (str): The comparison operator for the filter condition. Valid values are:

    ”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”

    • value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.

    • values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.

  • returns (list of str, optional): The fields to return

Returns:

returns a dict containing the search results

Return type:

dict