laceworksdk.api.v2.audit_logs
Lacework AuditLogs API wrapper.
Module Contents
Classes
A class used to represent the Audit Log API endpoint |
- class laceworksdk.api.v2.audit_logs.AuditLogsAPI(session)[source]
Bases:
laceworksdk.api.base_endpoint.BaseEndpoint
A class used to represent the Audit Log API endpoint
Get audit logs.
- property session
Get the
HttpSession
instance the object is using.
- get(start_time=None, end_time=None, **request_params)[source]
A method to get audit logs.
- Parameters:
start_time (str) – A “%Y-%m-%dT%H:%M:%SZ” structured timestamp to begin from.
end_time (str) – A “%Y-%m-%dT%H:%M:%S%Z” structured timestamp to end at.
request_params (dict, optional) – Use to pass any additional parameters the API
- Returns:
The audit logs for the requested time period.
- Return type:
dict
- search(json=None)[source]
A method to search audit logs.
See the API documentation for this API endpoint for valid fields to search against.
NOTE: While the “value” and “values” fields are marked as “optional” you must use one of them, depending on the operation you are using.
- Parameters:
json (list of dicts) –
A list of dictionaries containing the desired search parameters:
field (str): The name of the data field to which the condition applies
expression (str): The comparison operator for the filter condition. Valid values are:
”eq”, “ne”, “in”, “not_in”, “like”, “ilike”, “not_like”, “not_ilike”, “not_rlike”, “rlike”, “gt”, “ge”, “lt”, “le”, “between”
value (str, optional): The value that the condition checks for in the specified field. Use this attribute when using an operator that requires a single value.
values (list of str, optional): The values that the condition checks for in the specified field. Use this attribute when using an operator that requires multiple values.
- Yields:
dict – returns a generator which yields a page of objects at a time as returned by the Lacework API.