laceworksdk.api.v2.alerts
Lacework Alerts API wrapper.
Module Contents
Classes
A class used to represent the Alerts API endpoint |
- class laceworksdk.api.v2.alerts.AlertsAPI(session)[source]
Bases:
laceworksdk.api.search_endpoint.SearchEndpoint
A class used to represent the Alerts API endpoint
Lacework provides real-time alerts that are interactive and manageable. Each alert contains various metadata information, such as severity level, type, status, alert category, and associated tags.
- property session
Get the
HttpSession
instance the object is using.
- get(start_time=None, end_time=None, limit=None, **request_params)[source]
A method to get Alerts.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
limit (int) – An integer representing the number of Alerts to return.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The requested alert(s)
- Return type:
dict
- get_details(id, scope, **request_params)[source]
A method to get Alerts objects by ID.
- Parameters:
id (str) – The alert ID.
scope (str) – The scope of the details to return. Valid values are: “Details”, “Investigation”, “Events”, “RelatedAlerts”, “Integrations”, “Timeline”
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The requested alert details.
- Return type:
dict
- comment(id, comment)[source]
A method to comment on an Alerts object.
- Parameters:
id (str) – The alert ID.
comment (str) – The comment to post.
- Returns:
The posted comment
- Return type:
dict
- close(id, reason, comment=None)[source]
A method to close an Alert.
- Parameters:
id (str) – The alert ID.
comment (str, option) – A comment on the reason. If 0 is chosen for the “reason” field then the “comment” field is required.
reason (int) – An number representing the close reason. Valid values are: 0: Other, 1: False positive, 2: Not enough information, 3: Malicious and have resolution in place, 4: Expected because of routine testing
- Returns:
a Requests response object containing the response code
- Return type:
requests.models.Response
- search(json=None, resource=None)
A method to search objects.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (dict) –
The desired search parameters:
timeFilter (dict, optional): A dict containing the time frame for the search:
startTime (str): The start time for the search
endTime (str): The end time for the search
filters (list of dict, optional): Filters based on field contents:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
returns (list of str, optional): The fields to return
resource (str) – The Lacework API resource to search (Example: “AlertChannels”)
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.