`laceworksdk.api.v2.alert_profiles`

Lacework AlertProfiles API wrapper.

Module Contents

A class used to represent the Alert Profiles API endpoint

class laceworksdk.api.v2.alert_profiles.AlertProfilesAPI(session)[source]

A class used to represent the Alert Profiles API endpoint

An alert profile is a set of metadata that defines how your LQL queries get consumed into events and alerts.

create(alert_profile_id, alerts, extends, **request_params)[source]

A method to create a new AlertProfiles object.

Parameters:

alert_profile_id (str) – A unique ID to name the new alert profile
extends (str) – The base alert profile object.
alerts (list of dict) –
A list of dictionaries containing alert details to create. Alert fields are:
- name (str): The name of the alert.
- eventName (str): The name to show in Event Triage.
- description (str): The description to show in Event Triage.
- subject (str): The subject to show in the Event Dossier.
request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

A JSON object containing the created Alert Profile

Return type:

dict

get(id=None)[source]

A method to get AlertProfiles objects.

get_by_id(id)[source]

A method to get an AlertProfiles object by ID.

search(**request_params)[source]: Search functionality is not yet implemented for Alert Profiles.

update(id, alerts=None, **request_params)[source]

A method to update an AlertProfiles object.

Parameters:

id (str) – A string representing the object ID.
alerts (list of dicts) –
A list of dictionaries containing alert details to update. Alert fields are:
- name (str): The name of the alert.
- eventName (str): The name to show in Event Triage.
- description (str): The description to show in Event Triage.
- subject (str): The subject to show in the Event Dossier.
request_params (dict, optional) – Use to pass any additional parameters the API

Returns:

The updated Alert Profile

Return type:

dict

A method to delete an AlertProfiles object.